|
I found an easier way to retrieve malware over Tor on Windows, using free open-source software. Tallow uses Tor and WinDivert to redirect network connections over the Tor network. After starting Tallow, press the Tor button:
Then you can use wget on Windows:
Onion services can be accessed too:
By default, Tallow only allows TCP connections on port 80 and 443 (Force web-only). Disable this toggle if you need to access other ports. Didier Stevens |
DidierStevens 268 Posts ISC Handler |
| Reply Subscribe |
Feb 25th 2018 6 months ago |
Quote:DEBUG output created by Wget 1.11.4 on Windows-MSVC. Only fools use a completely outdated and vulnerable version of wget to retrieve malware. Complete fools let their vulnerable version of wget send its version per "User-Agent:" to servers which may take advantage of its vulnerabilities. |
Anonymous |
| Reply Quote |
Feb 26th 2018 6 months ago |
|
And an ultra fool believes (because it's not thinking) that User Agent is the straw that broke the camel's back. Happy fooling.
|
Tony 2 Posts |
| Reply Quote |
Feb 26th 2018 6 months ago |
|
sorry
|
Netmanzim 17 Posts |
| Reply Quote |
Feb 26th 2018 6 months ago |
|
any explanation for this: https://www.virustotal.com/en/file/e89cd0892cb9375aec69c0099f3adee38183623c78ee134ec245b315397bbd87/analysis/1519661994/
https://reqrypt.org/download/TallowBundle-1.0-install.exe ?????? |
Netmanzim 17 Posts |
| Reply Quote |
Feb 26th 2018 6 months ago |
Quoting Netmanzim:any explanation for this: https://www.virustotal.com/en/file/e89cd0892cb9375aec69c0099f3adee38183623c78ee134ec245b315397bbd87/analysis/1519661994/ Not "any", but "many" explanations: 1. the executable installer is vulnerable, it allows escalation of privilege; 2. the PE checksum stored in the header differs from the actual checksum; 3. no authenticode signature, so no proof of authenticity possible. Stay far away from such crap! |
Anonymous |
| Reply Quote |
Feb 27th 2018 6 months ago |
Quoting Tony:And an ultra fool believes (because it's not thinking) that User Agent is the straw that broke the camel's back. Happy fooling. Except for complete idiots straw does not replace an argument; not even a full-grown strawmen does, although these are routinely used to brake camels backs. |
Anonymous |
| Reply Quote |
Feb 28th 2018 6 months ago |
|
Never seen quite such a pissing match in the diaries before.
I'm pretty sure most people coding malware sites are one of several things: A. Lazy B. Not as smart as you give them credit for. C. 85% cut and paste D. Did I say lazy? Yes they are mainly just that lazy. Hardly doubt that the sheeple they are hoarding in, or planning on give them cause to write a header user agent directive and/or subroutine Besides.... From https://www.gnu.org/software/wget/manual/wget.html ‘-U agent-string’ ‘--user-agent=agent-string’ Identify as agent-string to the HTTP server. The HTTP protocol allows the clients to identify themselves using a User-Agent header field. This enables distinguishing the WWW software, usually for statistical purposes or for tracing of protocol violations. Wget normally identifies as ‘Wget/version’, version being the current version number of Wget. However, some sites have been known to impose the policy of tailoring the output according to the User-Agent-supplied information. While this is not such a bad idea in theory, it has been abused by servers denying information to clients other than (historically) Netscape or, more frequently, Microsoft Internet Explorer. This option allows you to change the User-Agent line issued by Wget. Use of this option is discouraged, unless you really know what you are doing. Specifying empty user agent with ‘--user-agent=""’ instructs Wget not to send the User-Agent header in HTTP requests. |
jACKtheRipper 55 Posts |
| Reply Quote |
Mar 1st 2018 6 months ago |
Sign Up for Free or Log In to start participating in the conversation!
