Page 3 of 50 FirstFirst 1234513 ... LastLast
Results 21 to 30 of 493

Thread: FrankenScript by Slim76 - It Attacks Access Points and .pcap files

  1. #21
    Senior Member
    Join Date
    Jul 2013
    Posts
    764
    Again for clarity this is what we get - !!!Downloaders beware!!!

    We are using XP for the download

    For example:
    We went to: http://rghost.net/51637035

    There is a black rectangular square below the file name with the word Download. When you click on the square the program asks you to download FrankenScript-v2.tar.gz.

    You click it and it shows you the correct file name and asks to run or save. You save the file !!!BUT!!! What you get is:

    FrankenScript-v2.tar.gz-180upload_accelerator.exe(314KB)

    We have already seen this on the original download link and do not wish to do through that again. ie the same csize file just a more embedded name. Here the stick the actual file name at the beginning but give you an exe file instead.

    We picked this page for its simplicity. There are only one or two other download buttons on the far right of the page and they deal with Windows products.

    Musket Team A/B

  2. #22
    Senior Member
    Join Date
    Jul 2013
    Posts
    764
    We figured out what was going on. We have six computers in out lab. After trying two XP downloads we tried it with kali-linux and got the correctfile

    We provide the following warning. If you use XP to download posted files from these sites look very closely at the file that is actually loaded onto your computer. Open up your folder where you downloaded it and read the entire file name.. Look to see if it is an .exe file. Do not run this file.

    Furthermore NEVER Click RUN from any of these sites, load the file and inspect it closely.

    For example you might load a file called ABCDEF.tar.gz. When you get the yellow rectangle asking to run or save, the file name will say ABCDEF.tar.gz. BUT when you get the file saved you will get something like ABCDEF.tar.gz.exe If you run this your antivirus will go nuts AND you will get a ton of useless files asking to check your computer or provide some sort of service. We tested this exe file with a persistent usb version of XP that we were going to trash. We even had icons showing up in notepad.

    However if you download the file with kali-linux you get what you asked for, and are not sent to viral land of spyware and products no one wants or will ever need.

    We have no knowledge about Windows 7 but we suspect the result would mimic XP

    http://mir.cr/
    http://www21.zippyshare.com/
    http://rghost.net/
    http://www.sendmyway.com/
    http://fichier.com/
    http://180upload.com/

  3. #23
    Member
    Join Date
    Oct 2013
    Posts
    56
    We provide the following warning. If you use XP to download posted files from these sites look very closely at the file that is actually loaded onto your computer. Open up your folder where you downloaded it and read the entire file name.. Look to see if it is an .exe file. Do not run this file.

    Furthermore NEVER Click RUN from any of these sites, load the file and inspect it closely.
    With all due respect this is a well KNOWN or should be FACT.
    Most websites now are cluttered with download buttons which are not associated with the actual file (not all downloads are malware but are equally annoying and the unitiated do get caught(Once bitten Twice Shy or should be) I still get caught sometimes and I have been using the net since 95.

    One possibility, as they are hosting the file, is they are paid in some way for each alternative download while some will merely produce a popup with advertising.

    The moral of this is "Buyer/downloader beware(Unsure? Don't Download unless you know how to clean your machine if you make an error)

    Rab.

  4. #24
    Senior Member
    Join Date
    Oct 2013
    Posts
    321
    I've just checked : http://rghost.net/51637035 and don't see a single thing wrong.
    I used the direct link and didn't see a single advert or any dodgey download buttons or the other clickable buttons like you mention.

    Please stop trying to make it sound like my downloads are dodgey, there's nothing wrong with them.
    Stop clicking other links and you wont have any issues, why you would click on any other links beats the hell out of me. LOL

    I'm sure other members and the mods can comfirm that my downloads are NOT dodgey.
    Last edited by slim76; 2014-01-14 at 12:32 PM.

  5. #25
    Member
    Join Date
    Oct 2013
    Posts
    56
    Please stop trying to make it sound like my downloads are dodgey, there's nothing wrong with them, I can't be responsible for people that don't know how the internet works.
    That was not my intention - Only explaining the intricisies of downloading from certain hosting sites.
    Just downloaded your script from within a Kali/Vmware setup and you are correct there are no other clickable buttons, However, in a windows environment with IE there are not as many as I have seen in the past but still present none the less.

    This backs up the theory that it is the hosting site and not YOU who are responsible for the misleading buttons.

    Rab.

    Just downloaded the script from soxroks thread and it is using mediafire - Lo and behold - popup- requesting you download ilivid, most inexperienced users would get caught with this. -Site Dependant?
    Last edited by flyinghaggis; 2014-01-14 at 12:39 PM.

  6. #26
    Senior Member
    Join Date
    Oct 2013
    Posts
    321
    Quote Originally Posted by flyinghaggis View Post
    That was not my intention - Only explaining the intricisies of downloading from certain hosting sites.
    Just downloaded your script from within a Kali/Vmware setup and you are correct there are no other clickable buttons, However, in a windows environment with IE there are not as many as I have seen in the past but still present none the less.

    This backs up the theory that it is the hosting site and not YOU who are responsible for the misleading buttons.

    Rab.

    Just downloaded the script from soxroks thread and it is using mediafire - Lo and behold - popup- requesting you download ilivid, most inexperienced users would get caught with this. -Site Dependant?
    Sorry mare, It wasn't aimed at you mate, it was aimed at musket.
    Sorry if it came across wrong.

    Not sure why he/she would say such things, not sure what the person has against me as I've done nothing to the person. :-(

  7. #27
    Senior Member
    Join Date
    Jul 2013
    Posts
    764
    Musket Teams wish to state there is nothing wrong with the Frankenscript program.

    If you click on the download button with XP you will get a very small exe program. Even the name is hidden during the d
    ownload process and only shows up in the folder you save it to. This leads to viralville.

    If you click the !!exact same button!! with kali-linux you get the correct program. This is all we are saying. So if you want this program download using linux do not use XP.

    Nowhere in these threads have we stated that your program is bad or a virus. In fact we like your program very much. Please note we are hosting a program on one of these sites and it has the same problem. You will find I have posted the same warning there.

  8. #28
    Junior Member
    Join Date
    Dec 2013
    Posts
    11
    windows 8.1 it's all fine downloading, plz stop the butt hurt

  9. #29
    Senior Member
    Join Date
    Oct 2013
    Posts
    321
    Quote Originally Posted by mmusket33 View Post
    Musket Teams wish to state there is nothing wrong with the Frankenscript program.

    If you click on the download button with XP you will get a very small exe program. Even the name is hidden during the d
    ownload process and only shows up in the folder you save it to. This leads to viralville.

    If you click the !!exact same button!! with kali-linux you get the correct program. This is all we are saying. So if you want this program download using linux do not use XP.

    Nowhere in these threads have we stated that your program is bad or a virus. In fact we like your program very much. Please note we are hosting a program on one of these sites and it has the same problem. You will find I have posted the same warning there.
    Yeah but you posted their after you posted here saying that you posted it there too (Check the time stamp). LOL
    I'm kool now musket has made things more clear. :-)
    Hope there's no bad feelings.

    I've already downloaded your script but haven't had chance to try it yet, I'll test it later, cheers for the heads up though.
    Last edited by slim76; 2014-01-14 at 02:40 PM.

  10. #30
    Senior Member
    Join Date
    Sep 2013
    Posts
    239
    Very nice job indeed
    Some part of the code are very, very familiar to me.
    Last edited by kcdtv; 2014-01-14 at 07:32 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •