I started coding with VB.Net almost 18 years ago - by that I'm surely a lot older than the rest in here. I usually don't deal with that stuff, especially the low quality crap floating around for free - or even worse being sold out there.
A thing I've recently found was a RAT, that is NOT controlled by a panel, instead the actor is using a discord bot and monitoring the connection with slash commands. I'm not one of those active discord users, anyways I knew enough about their API to "exploit" the bot and abuse the fact that they use discord.
The Idea:
Reverse engineering the Bot token such as the actor's server id out of the malicious executable and abusing the bot
In the first picture you can already see the bot token and Server-ID. As imagined, the developers didn't put much afford into protecting it so this got no security at all.
And that's already enough information, time to think about a second step. You can of course spam the bot, but it's more funny to make the bot invite us to the server.
My python skills are really bad, but the script works:
import discord
from discord.ext import commands
intents = discord.Intents.default()
@bot.event
async def on_ready():
print(f'{bot.user} connected')
server = bot.get_guild(int(''))
invite_link = await server.text_channels[0].create_invite(max_age=0)
print(f'{invite_link}')
If there are any issues feel free to ask for help, someone will possibly help you
They ended up banning me, but don't forget, since the discord bot is creating a channel for every victim it got administrator permissions which are enough to make a script that unbans you
import discord
from discord.ext import commands
intents = discord.Intents.default()
@bot.event
async def on_ready():
print(f'{bot.user} connected')
server = bot.get_guild(123456789)
member = discord.utils.get(server.members, id=1234)
await member.unban()
print(f'finished')
Actors ended up banning the bot and me or deleting the server at all. I took screenshots to report to discord and warned the victims via email.
Have fun!