For the frenzy of folks that are concerned YoOuUUuU LLEeeEAAaKKEEDdA TOOKKkKEKEENNNNN!N!N!N!!nn1n1hhbjgngn: No. If you got clever and looked at individual frames, the one you see returns an Unauthorized. Others have been obscured. Thank you for your concern. :)
If you stitch together the frames where the working token is visible, you can make out about half of a token. Just to be sure, i would advise changing your password as that generates a new authentication token and invalidates the old one. You wouldn't even have had to blur any tokens if you did that before releasing the video.
It's good to remember every video, especially when they're popular, will have a lot of new people that this is literally their first in depth look at malware analysis. So it's always worth explaining for the new guys.
A ban was placed on my Ticktok, PSN account which affected my score but all Thanks To #global_hackweiser1 i got all access to my banned accounts within some minutes which i summon the trust to work with him after i saw most of his good recommandations on You-Tube. You trully a Man of your word.💯
A ban was placed on my Ticktok, PSN account which affected my score but all Thanks To #global_hackweiser1 i got all access to my banned accounts within some minutes which i summon the trust to work with him after i saw most of his good recommandations on You-Tube. You trully a Man of your word.💯
I'm only 5 minutes in, but i feel its relevant to say I appreciate the "easy baby stuff" being reiterated for people like me. I'm learning python for data science. I don't know what all of these imports do. So when you explain every import or at least give basic descriptions of what they do, it really helps me follow along.
Ok well lol, if your actually learning python you KNOW what import does. Lmao think about the word for a moment…… hmmm do a little work looking up maybe? No? Just wait for someone to do it for you?
That ".il" file is actual CIL (Common Intermediate Language, formerly known as MSIL) code that C# and VB source code files are compiled down to before they're turned into executables.
I see them every day. Lots of the exploits people use “generators” for (python scripts you can find on GitHub) are electron related. So many ways to download files to other people’s computers and to crash other people’s computers.
JimTheScientist electron is a shit piece of software and I wish permanent annoyance on its devs and applications that use it. should not crash because of a video codec issue
I've been watching these deconstruction videos while i have free time at school. It's fairly interesting how easy it is to learn how viruses/malware act and what they look for. I barely know how to code, yet you make it so easy to learn how these things behave.
Holy smokes, how can it be so easy to retrieve all your discord data without logging in essentially. I wouldn't have guessed that discord is saving these tokens as plaintext in your appdata folder. Very nice video! You've got another sub :)
This is going to be interesting. I’ve studied RCE attacks and Trojans on discord, as well as some more tame malware. I can say that discord is really bad in the security area, but it’s not much to worry about as there are few people who know how to do the attacks and how they work. Edit: I’ve started watching the video, and I’ve seen almost this exact same script before while moderating a server
I hope more of you guys look into this Discord malware, a lot of this stuff is going undetected and creating a lot of headaches and some of these stealers have keyloggers, gets login sessions from your browsers etc.
Thanks for making it 'approachable'. I am a beginner in all of this and your quick description of the basic commands is extrememely helpful. It allows me to continue to follow what you are doing and also learn about a wide variety of commands. Of course, further real study is necessary but your presentation helps one broaden understanding of the overall field to be studied. Thanks.
Recently stumbled upon some of your malware analysis videos and boy am I hooked! love your approach, you make things super easy to understand even for someone with little to no coding knowledge. I hope soon I can find some videos on your channel about learning to program in some of these languages that you work in with malware :) some more gamer-catered stuff would be awesomeee too! thanks John for some very entertaining videos!
Omg, we need to see more of this hog stealer code and whatever else you can find in the land of Discord malware! Keep up the great work and congrats on 200k!
I would advise you to use solid colored bars instead of pixelation since there is currently a promising tool in development that can reverse pixelation to some extend.
Reversing pixelation requires context and information, now I haven't actually seen the pixelated part in this video but unless the pixelated content is unambiguously readable as any character, an algorithm won't know either, I bet you'd be able to get an approximation of what it could look like but that may just be as unreadable as it already is, but less pixelated
Hey John a little off topic for this video, but your terminator vid, (among all the others!) really helped me pass the eJPT in less than 4 hours last week. Thanks for all great content man!
ive learned allot from this and that says something because time enrolled in college for this and I feel like these breakdowns help immensely for someone like myself.
19:00 It's not stealing your passwords on the browsers, discord is literally just a browser and so is chrome/opera. So it is checking in the browsers for discord tokens;;
it could be the location for discord tokens in those browser since discord uses electron which uses chromium which chrome and a lot of other browsers also use, so it might be that cookies are stored there.
This is the new script kiddy stuff. Back when people just went around ddosing people for fun in online games, now the kiddies try to steal your discord payment info.
51:50 Hammond enters the freaking Matrix... xD You know a content creator is entertaining when you don't understand shit, and still watches until the end, entertained!
If you open the webhook URL you can identify the name of the webhook, the Guild ID and Channel ID. That information is kinda basic but might help when reporting to Discord
Someone attempted to scam me with this script with mild differences. They were targetting a programmer discord server where most people would have python installed and double clicking the script they gave you would actually run it if you installed python to execute with IDLE. He sends the script with the first lines as if he needs help with discord bot programming. The first few lines show up in discord but the rest wont thats how he tricked people into downloading and running it. EDIT: The script would send this information through a Discord Webhook to their discord server. Already reported it
I'm pretty sure the password cache of Chrome etc. uses your Windows user creds to encrypt the passwords, so accessing them would at least require some user action.
Most of the Discord Token Grabber tutorials on RU-vid showcase actual working software but it got stealing stuff included. That's why you gotta code ur own stuff if you can't get it FOSS.
Discord is not focused on security if u want maximium security while using discord u should use an very lite version of discord such as discord-cli its not the best nor does it support voice calls but it is very secure as it does stores the token in memory and rce exploits should be near impossible
Sometimes you make me really nervous, John. No, not the tokens, the clumsiness in the shell:P echo %LOCALAPPDATA% ... or cd %APPDATA% jFYI But never mind, thanks for the video :)
After 15 years I ran into my first virus. Now what virus or what it was i do not know, i do know i downloaded a script from a discord for FiveM. 2-3 hours later things started to go spooky. 1. Programs became slow, some were not responding. 2. When the game (FiveM) refused to close (Alt -F4) did not work or F8 quit < neither responded. 3. Ctrl + Alt + Delete not responding never opened up. 4. CMD - Administrator did not work at all BUT regular CMD did work. 5. I then did normal CMD start, did command "net user" >>>> i then saw i no longer had "Administrator" a new user was active and mine was no longer active < 6. At this point I got shit scared and pulled my internet as a first step. Then I tried to start my “Firewall” as I had it turned off for millions of reasons. I could no longer turn it on . Im guessing because of the lack of “Administrator” privilege i lost 7. I held in Shift - clicked restart < in order to try to start the computer in “safe mode” not even that worked. 8. I ran a full system check with the windows, first It came with 0 warnings or nothing, but then about 10 min later a windows pop up window came up saying 2 timestamps where 2 major threats had been discovered. I then realized what It was, and it was not possible to remove them as I already guessed. 9. I luckily had a Malwarebytes program on my USB drive. Keep in mind any download did not work at this point. The USB worked, I ran a system check, and found some files it could remove. 10. Now I thought well if I can at least maybe delete the program it uses to attack and gain access i may be able to stop and save the files. But then I thought if I lost the Administrator, I guess it would be possible for him/her to port forward through the internet without the current malware he/she used right? Anyways…….i did not take the chances and i ended up with pulling out all of my harddrives, connected my “Wavlink Docking Station” and deleted everything from scratch. I do know some malware may survive….but i then also ended up and decided to make a full reinstall on the windows. I did research and heard it is POSSIBLE for malware to still be in the system...if anyone can give me an idea of how rare that is please give me a comment. 15 years….never experienced anything like this. I am not an expert nor an IT person. Simply computer interest and a gamer over many years. My question is to any of you experts here. Is there ANYTHING more I could have done in this scenario? Did I do anything wrong? Wish i had Johns expertise, best regards Simon
Seems like this is embedded inside Discord's scripts. I guess Discord has its own Python interpreter then. I think that you might get infected by simply running a sketchy VBS script, or even an executable file. This script isn't intended to be examined, it is intended to be hidden deep inside Discord's scripts. That's why it isn't obfuscated. Remember, do not click random links, do not download everything someone sends you, and especially do not RUN everything someone sends you.
Do you prefer Virtual Box over Hyper-V manager or other softwares? And if you have some spare time, I would love to know the reason behind your choice of Virtualization software! Kind regards.
I believe it is grabbing also grabbing Chrome, Opera and Brave tokens. The file structure generated by get_tokens seem to also work for those other directories listed
