Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

silent miner #36

Open
Dokazz opened this issue Jul 19, 2022 · 71 comments
Open

silent miner #36

Dokazz opened this issue Jul 19, 2022 · 71 comments

Comments

@Dokazz
Copy link

Dokazz commented Jul 19, 2022

Hi its me again from earlier, I just found this, and i was wondering if I could turn the silent miner into a .mp3 for example.
If you haven't figured yet, I'm very new to this, so expect me to say some things that don't make any sense.
My goal is to send an .mp3 via email or via something else to random people, and when they download the .mp3 and run it, it is an actual mp3 which works, but the silent miner is triggered in the "background"
would this be possible in any way using the Binder?
Thank you

@UnamSanctam
Copy link
Owner

Only real way (without using media player exploits which you most likely won't find any) is to bind an .mp3 and the miner .exe together with an mp3 icon as the program image and then use something like an extension spoofer. Spoofed extensions don't show in all places but in many places they do show the spoofed extension.

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

If i spoof the merged .mp3 and miner.exe, will that make the fake mp3 openable, or will it do nothing when ran?

@UnamSanctam
Copy link
Owner

An extension spoofer only uses a special Unicode character called the RTLO (right to left override) character to reverse the end of a file name from something like file mp3.exe into file exe.mp3, the file will still be a normal exe but in some places like the explorer it will show up as file exe.mp3. Then when that .exe spoofed as an .mp3 is run then it will drop both the bound files (an .exe and an .mp3) and execute both of them (if enabled in the builder) so for the user it would just look like an mp3 file was opened.

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

Omg that's exactly what I wanted! thank you so much, I will try this out right now!!
I'm keeping this thread opened if I struggle with the process

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

I just tried binding the mp3 and the miner together, but i get this tcc error when building it, any idea why?
tcc: error: could not run 'D:\silent eth miner\Compilers\tinycc\i386-win32-tcc.exe'

@UnamSanctam
Copy link
Owner

If you go to that location can you find that file? Make sure that your antivirus hasn't removed or is blocking it. You can also try removing the spaces in the silent eth miner folder.

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

I checked and i don't have any file named like this, though, I have an windows exclusion for the whole silent eth miner folder

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

I just built it with Csharp instead of C and it worked

@UnamSanctam
Copy link
Owner

Yes that would work, if the file isn't there then it sounds like it was removed by something.

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

Okay I will re-install if I need to, but for now I am going to try with C#
So right now I have my mp3 file, which looks like a real one, and contains my miner.exe as well
Do you know if the music would actually start playing if I executed the mp3? or does it just looks like an mp3 but is an .exe

btw I tried sending it via gmail but it doesnt work

@UnamSanctam
Copy link
Owner

Yes it will drop and execute both files, so it would start the mp3 just like if you double-clicked it normally. I don't think you can send .exe files directly via Gmail, nor do I think you can receive .exe files either with Gmail either (except through Google Drive).

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

Okay, that is perfect!
What if i corrupt the mp3 file in the beginning so that when the people receive it in google drive, it will not be able to play it inside of the gmail thing, and it will just ask them to download it... --> then, they play it, windows media shows up saying its corrupted, so they think it was a legit mp3 file, but in reality the miner started mining
Im sure this could work right?

@UnamSanctam
Copy link
Owner

Gmail (and any other thing) will still see it as an .exe file since that's what it is, extension spoofing will only fool humans. You would probably have to add a download link or something similar inside the email instead of attaching it if you're planning to use Gmail.

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

isn't there any way to bypass this .exe thing about gmail?

@UnamSanctam
Copy link
Owner

Send a download link inside the email or attach it with Google Drive, Gmail seems to deny any .exe files, any zip/rar/7z files containing an .exe file and also any encrypted zip/rar/7z files so that you cannot hide one.

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

okay thank you very much, I am going to try this out

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

Alright, I got everything working now,
I can send it using the google drive thing, I do receive it, but the only problem is that when I try downloading the google drive file, it says it might be infected with a virus, you can still download it, but I don't think people will download any infected mp3's
isnt there a way to obfuscate it so that google drive does not know it is a virus?

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

I made it. Let's gooo
I tested, you can download without google drive saying anything
Now if you run the mp3, you're infected!
mission success

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

just a last question, what does the miner-checker.exe does?
does it check if someone has been infected already?

@UnamSanctam
Copy link
Owner

Yes if you run it on a computer you have run the miner on then it will say if the watchdog is running and list any miners (from that build) that are currently running.

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

Okay thank you!
btw there might be something wrong because i ran the mp3 to see if it started mining,
and in the checker it said it was not mining
is this normal?

@UnamSanctam
Copy link
Owner

It should show a miner if it's installed and mining (and you're running the correct checker), unless you only have a GPU miner added and is running it on a VM (that doesn't have a GPU) since it won't start the GPU miner then.

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

what is a VM? and how do we know if it contains a GPU?
is it in the silent eth miner's settings?

@UnamSanctam
Copy link
Owner

UnamSanctam commented Jul 19, 2022

A VM is a Virtual Machine, many test things on them and since they don't have a GPU (except with GPU passthroughs) then GPU miners won't run on them. Run the miner (bound file in this case) again and then start the correct checker (checker from the same build as the miner you're running) and then post a screenshot of it here.

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

i redid a miner, called it final miner
re-binded it with the original mp3 --> called it final version.mp3
ran final version.mp3 --> waited about 5 seconds (since i put the start delay to 2 in the miner)
ran the checker of the miner so the final miner checker --> screenshot
screen shot

@UnamSanctam
Copy link
Owner

Wait for a minute or two and try the checker again, it has to install and everything like that.

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

still nothing

@UnamSanctam
Copy link
Owner

Start the miner normally without binding it and then use the checker after a while and see. If that doesn't work then send your miner settings here by going to the "Main" tab, then pressing "Save", zipping that file and sending it here (drag into the reply box).

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

its weird, it says the watchdog is on,
but in the miners section, its blank

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

im going to leave my home for a couple of hours, just letting you know

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

btw in the binder, when I tick "run as administrator" does that mean it will run as administrator by itself or I have to run it as administrator myself?

@UnamSanctam
Copy link
Owner

It will ask for it by itself.

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

I ran it through the .mp3
nothing comes up when i launch the checker
i mean the "miners" line is blank

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

maybe its because I bind it in C#?
should I try in native C

@UnamSanctam
Copy link
Owner

No that shouldn't really matter, make sure that "Run as Administrator" isn't enabled in the miner (enabled by default in Lite) if you don't have "Run as Administrator" enabled in the binder.

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

I enabled both : in the miner and the binder
I am kind of stuck right now..

@UnamSanctam
Copy link
Owner

Hmm it definitely works, I just tried it myself and it worked fine, first I loaded the "Lite" settings, then I disabled "Run as Administrator" and built it, then I opened the binder, bound the miner file and another random file, then I built it and ran it. The miner and random file then started just fine.

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

ahh must be me then
do you have any idea on what causes this?

@UnamSanctam
Copy link
Owner

Do the same that I did, use the Lite settings and disable "Run as Administrator", build it and then bind it together with the mp3 and see if that works.

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

just did it, still does not work

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

is it normal that in the checker it says "compatible GPU" but it should be mining with the CPU?

@UnamSanctam
Copy link
Owner

UnamSanctam commented Jul 19, 2022

Yes it just says if you have a compatible GPU to know if it should be GPU mining (in the case that you have a GPU miner).

Here is a test bound file I built with the "Lite" settings: Miner Binder Test.zip. I bound MINERTEST.exe and a cat image together into BoundFile.exe. So download that, extract it, then run BoundFile.exe, wait 1 minute and then run the checker.

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

oh wait
In the Binder, do I still have to build it as an .exe, and then spoof it??
If yes, I am a complete idiot: I was just building it into an .mp3 without spoofing

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

This is surely why it does not work I am so dumb

@UnamSanctam
Copy link
Owner

Haha yes it needs to be an .exe to be able to be run, then the spoofer will trick the text into saying .mp3.

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

Oh my god I am sorry
I told you I was about to make noobie mistakes x)

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

yep it works ! thank you
Now (I know I might be annoying when I say this) could you please tell me how to spoof files?
like what program to use

@UnamSanctam
Copy link
Owner

Any extension spoofer online would work, it's even possible to do it manually, but using something like https://github.com/hXR16F/extspoof would be the easiest (just found a random GitHub project).

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

I checked the youtube link on the github and I didnt understand a single thing of what he did 😂
If that was not manually then I don't even wanna hear what manually is

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

is this github legit? https://github.com/henriksb/ExtensionSpoofer

@UnamSanctam
Copy link
Owner

UnamSanctam commented Jul 19, 2022

Yes, though I don't think it has .mp3 added by default (not in the main page .gif at least).

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

ahh yeah you are right
hmm I dont know what to do then
What spoofer do you normaly use?

@UnamSanctam
Copy link
Owner

I can do it manually so I've never used a program for it, but you can probably use https://github.com/hXR16F/extspoof/releases, open the program, select your bound file and enter the desired file name (for example music.mp3) and press Generate.

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

uuh I used the program but I don't think it is legit: I spoofed the file but it didnt even tell me where to save it, and I can't find the spoofed file anywhere (check with the application named "everything" to find it)

@UnamSanctam
Copy link
Owner

I think it just changes the file you choose.

@Dokazz
Copy link
Author

Dokazz commented Jul 19, 2022

Im stuck on this
I dont know how to spoof something into .mp3
the only spoofers i found either were not working or didnt do .mp3

@Dokazz
Copy link
Author

Dokazz commented Jul 20, 2022

alright i manually spoofed it
now i have the file that looks like ".....exe.mp3"
the problem is that it gets detected in gmail, and in the google drive, the icon is an executable icon, which is obvious (and it also gets detected sometimes after i send it)

@Dokazz
Copy link
Author

Dokazz commented Jul 20, 2022

Do you have any idea on how to bait google drive and make it think it is an actual mp3?

@UnamSanctam
Copy link
Owner

Do you have any idea on how to bait google drive and make it think it is an actual mp3?

You can't, only way to do that would be to change the extension but then the person who downloads it would have to change it from .mp3 to .exe themselves.

alright i manually spoofed it now i have the file that looks like ".....exe.mp3" the problem is that it gets detected in gmail, and in the google drive, the icon is an executable icon, which is obvious (and it also gets detected sometimes after i send it)

Yes, Google has it's own VirusTotal like antivirus detection so you'd probably either need a password protected zip or use another file host without a virus scanner and that doesn't show the filetype and then include the link (or as a button) in the email. Sending malware through email is quite an antiquated way of doing it for those reasons.

@Dokazz
Copy link
Author

Dokazz commented Jul 20, 2022

Okay thank you I will try to find a good uploader online tmr!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants