Synode's Brute Forcer and Injector

[hesham8]

Quote:

IJJI Bruteforcer:

1) Unzip the package, run the executable/shortcut.

2) File --> Import Dict and select a dictionary file ([Only registered and activated users can see links. ] if you don't have one)

3) Import SOCKS4 and select a file with SOCKS4 proxies ([Only registered and activated users can see links. ] all have good lists, use [Only registered and activated users can see links. ] to verify the working from unworking; and make sure they're SOCKS4!)

4) Enter username, execute. If you get an exception, then one of the proxies isn't working. If during importing of either list you get an error, ensure there are no blank lines (I forgot to strip those before importation - your problem, not mine).

Download Binary: [Only registered and activated users can see links. ]

Download Sources: [Only registered and activated users can see links. ] (Made in Python)

DLL Injector:

1) Download injector.
2) Enjoy.

Download Binary: [Only registered and activated users can see links. ]

NOTE: Not made by me, I'm just tired of seeing the same shitty inject-TOR used over and over. This one was made in 100% assembly and is 3.28kb. Pretty good, no?

The easiest way to use this is:

1) Place the inject.exe file in your root drive (Typically C:/)
2) Click Start
3) Click Run
4) "C:\inject.exe" WINDOWCLASSNAMEOFSF "C:\Hacks\Hacks.dll"
5) Click "run"

NOTE 1: Quotes are required as seen; the third option in step 4 is the full link to the DLL to be injected. Also, only 1 DLL may be injected into a process. No message will be displayed if the injection fails or succeeds, it merely runs silently.

NOTE 2: The WindowClass must be found either with Olly or some sort of advanced process viewer. For example, the name of the Gunz window class name is RealSpace2.

NOTE 3: This utility is often detected as a virus tool, hack tool, or trojan. This is due to the hooking method used in the DLL. It is not a virus, the fact that it can inject DLLs is why it's detected as dangerous.


IJJI Security Answer Exploit:

NOTE: This exploit allows you to entirely bypass the security question needed on the IJJI website to edit ones profile (Password/email/etc).
1) Login with any account.

2) Go to [Only registered and activated users can see links. ]

3) Enter the password then anything in the answer box.

4) ???

5) Profit.

NOTE 2: There's a special form (Hidden) on the page that tells the IJJI script myProfile.nhn (Which, for those wondering, is a Java Server Page, not PHP or ASP) what question you're on. However, if you enter NULL, then there is no question, thus any answer will work. IJJI can fix this via validating the responses of the hidden form (The only valid two should be q1 and q2).Also, there's a number of XSS and SQL injectable scripts on the IJJI website, but those are best remained private. May the current web-developers of IJJI stay hired - account hijacking has never been easier.



On my way out, a joke:

:: Knock, knock.

> Who's there?

:: Go.

> Go who?

:: Go **** yourselves.

The last one was closed because it had no virus scan. Here's one with the scan.

Brute Forcer Scan: http://i212.photobucket.com/albums/c...g?t=1214477296

Injector Scan: http://i212.photobucket.com/albums/c...g?t=1214477323
Keep in mind, everything found in the injector is expected for an injector. Those are all false positives, believe it or not.

I won't help you "figure this program out", so don't PM me about it. However, there is a tutorial on the 4th post.

[codywalk2]

what are you scanning?? noob you would have to scan more then just 1 file. I was the one who reported the last post because it did have a virus when you downloaded the dll injector. Because my virus scanner deleted it right after i downloaded it.

[hesham8]

Quote:

Originally Posted by codywalk2

what are you scanning?? noob you would have to scan more then just 1 file. I was the one who reported the last post because it did have a virus when you downloaded the dll injector. Because my virus scanner deleted it right after i downloaded it.

Learn the definition of false positive and get back to me.

Either way, there isn't anything else to scan. The other files are a .html and a .txt. The scan on either would have turned up nothing, and I'm not going to waste my time doing pointless scans. .html will only lead you to a website - the one you downloaded the injector from - and viruses cannot exist in .txt files. The only way they can is through hiding an extension, and I assure you, there are no hidden extensions on this file. Otherwise, the file would not be 1.48 kb, it would be a few megabytes.

And in regards to the brute forcer: it's a dependant .exe, a few .dll files and several .lib files. The .dll and .lib files would have turned up nothing, as common sense would tell you. Honestly, it's a brute forcer, and the way it's built is pretty standard, as far as bruteforcers go. Now stop questioning what I should scan, unless I'm blatantly wrong.

Quote:

Originally Posted by josh1110

the ijji exloit sys removed

Well, of course it was. It was a website glitch which enabled us to get past security questions. Now, there is another glitch which will enable free Gcoins that may or may not be released in the future - Depending on how coldfx (synode) feels.

[╬╬Hacker╬╬]

Credits to synode for the brute!
OK, so i know for some of you the original post by synode was really hard to understand, but here i am going to tell you how to do it Step-By-Step. This also includes easier proxy list and dictionaries.
This has been okayed through hesham8 so dont flame me.
...::Tutorial::...

1. Open the following package and extract anywhere: [Only registered and activated users can see links. ]
2. Now go into your new uploaded package and find ijji_brute.exe, open this.
3. For the dictionary, you can use the original one that has very little words in it from: [Only registered and activated users can see links. ] BUT, i warn you this is not the best, a download will be posted at the bottom of the page with a better one.
4. I have also provided working proxies at the bottom of the page in the WinRAR file. This makes it much easier for you.
5. Now, that you have all your tools, its time to put them together. On the ijji_brute.exe that you opened earlier. Got to the top of that were it says "File" and click on it, go down to were it says "IMPORT DICT" amd find eathier mil-dic[2] (the bad version) or all.lst from the WinRAR package.
6. Once you have done this make sure it says "Dictionary imorted successfully" on the BAT file.
7. Now for the SOCKS4, on the ijji_brute go again to "File" and then click on "IMPORT SOCKS" and click on that, find the list that i have provided in the package and choose that for your SOCKS4. Again, it should say "SOCKS Imported successfully"
8. The hardest part is now finished xD, the easy part is entering a username. THIS IS NOT A SOLDIER FRONT CODENAME! IT IS THE USERNAME THAT YOU LOG INTO WHILE ON IJJI. Once you find a person you want to hack =0, Type in there username and press "Brute!" and wait for the scan to do the rest.

Please leave any questions/problems here and i will get to doing my best to help you out.

Virus Free.

Thank me if i helped

Hacker

[hesham8]

Okay, I've rearranged the posts in the other threads to make one good thread.

[€ternity™]

Nothing happens when I attempt to open the injector.

[meleeattack5]

what is brute force?

[pinkmoose123]

when i did it, it just shutdown after like 10 seconds

[ReconKill]

Quote:

Originally Posted by hesham8

Well, of course it was. It was a website glitch which enabled us to get past security questions. Now, there is another glitch which will enable free Gcoins that may or may not be released in the future - Depending on how coldfx (synode) feels.

if he bothers releasing it, he will be sued by ijjis staff of lawyers.

synodes hax are really pissing me off... i worked forever on my acc and my clanmate went and took it.

[loveivy4ever]

yo hacker how do u find the SOCKS4 file? plz teach me i cant find it