Hello mates today I'm going to show you how to decrypt phisher to get out their information and stop them for good. This process is called Reverse Engineering.
Now first you need to download a good disassembler like:
Also need to download Sandboxie from here
After you done downloading the disassembler let's get start it .
First you need to find a phisher of course, here is an example of a video I found in youtube it talks about how this program can change "stats" from the game runescape.:
Now that we have our phisher lets run it sandboxie to see if is a real phisher or maybe a keylogger o_0.
So in this image nothing unusual just a simple phisher an ftp function in the program, or mailsystem.
Now we use String Stealer to break down the program
It should be something like this.
Now to open the file in String Stealer go to:
Menu> Load Assambler> phisher.exe{This should be the phisher}
Now it should look something like this:
Now most likely that you will find the email and password should be in
Form1> Button1_Click:
Bingo we hit the jackpot we found the email and password of the phiser's owner. After you do this I will recommend to delete everything/change password/or even delete the email of the phisher's owner because he deserves it.
==============================================================================================================
==============================================================================================================
Feedbacks opinions are accepted
==============================================================================================================
I wrote this tutorial, but I also give some credits to Qkyrie who taught me how to do this.
Now first you need to download a good disassembler like:
Spoiler (Click to View)
Also need to download Sandboxie from here
After you done downloading the disassembler let's get start it .
First you need to find a phisher of course, here is an example of a video I found in youtube it talks about how this program can change "stats" from the game runescape.:
Now that we have our phisher lets run it sandboxie to see if is a real phisher or maybe a keylogger o_0.
So in this image nothing unusual just a simple phisher an ftp function in the program, or mailsystem.
Now we use String Stealer to break down the program
It should be something like this.
Now to open the file in String Stealer go to:
Menu> Load Assambler> phisher.exe{This should be the phisher}
Now it should look something like this:
Now most likely that you will find the email and password should be in
Form1> Button1_Click:
Bingo we hit the jackpot we found the email and password of the phiser's owner. After you do this I will recommend to delete everything/change password/or even delete the email of the phisher's owner because he deserves it.
==============================================================================================================
Tools you need (an optional)
- Red Gate's Reflector:
This is a good Decompiler it can show you the code of the classes and methods, and how everything relates (optional):
News about the .NET Reflector here
- String Stealer:
Basic dissassembler will be using during this tutorial
- Sandboxie
Really important you will use this to test the phishers
- BinText:
Optional (thanks to Elektrisk)
==============================================================================================================
Feedbacks opinions are accepted
==============================================================================================================
Credits
I wrote this tutorial, but I also give some credits to Qkyrie who taught me how to do this.