Page 1 of 1
PB made famous in "Metasploit: A Penetration Tester's Guide"
Posted: Thu May 23, 2013 11:07 pm
by Zebuddi123
Hi to all Came across this the other day, PB referenced in the book "Metasploit: A Penetration Tester's Guide"
http://books.google.co.uk/books?id=T9HK ... ic&f=false
PMSL also referenced here
http://books.google.co.uk/books?id=9Lpa ... wQ6AEwBTgK
Zebuddi.
Re: PB made famous in "Metasploit: A Penetration Tester's Gu
Posted: Fri May 24, 2013 12:26 am
by idle
should have said what page it was on
Chapter 4 page 54
Re: PB made famous in "Metasploit: A Penetration Tester's Gu
Posted: Fri May 24, 2013 6:21 am
by TI-994A
Clearly, PureBasic's pretty versatile, but an endorsement from such a hacker?
Re: PB made famous in "Metasploit: A Penetration Tester's Gu
Posted: Fri May 24, 2013 11:39 am
by MachineCode
TI-994A wrote:Clearly, PureBasic's pretty versatile, but an endorsement from such a hacker?
He's probably the very reason that there's so many virus alerts about PureBasic executables.
Re: PB made famous in "Metasploit: A Penetration Tester's Gu
Posted: Fri May 24, 2013 12:14 pm
by TI-994A
MachineCode wrote:He's probably the very reason that there's so many virus alerts about PureBasic executables.
Valid probability. Here's a little tidbit that Fred might enjoy:
Attacker wrote:...I could upload the code somewhere and let you compile it. That is if you can find some PureBasic compiler on some warez site.
Re: PB made famous in "Metasploit: A Penetration Tester's Gu
Posted: Fri May 24, 2013 1:53 pm
by Zebuddi123
Its not good, PB is all over pastebin to download, like this Russian site (wont post site url as dont want to promote PB piracy) link from pastebin, a torrent called PureBasic...5.11..all....torrent.
So i downloaded said torrent scanned it with avg and superantispyware all clean !? (all files were minus the truncated (z6x77z5) on our personal account files).
Downloaded all versions from my PB account, then did a check against the pirated files. All file sizes were the same for Mac Linux & Winows x86 x64 versions, next did an MD5Filefingerprint() and low and behold Windows are different for x86 and x64 but the Mac & Linux versions are identical.
Have checked against all three OS demo versions also and the files sizes are different, have not tried to install them obviously
And thats just one of the many versions on pastebin. In fact you`ll find maybe a few torrents on Piratebay and other sites which is a lot less than on pastebin.
Oh and the guy posting the link on the Russian forum has a nice big picture of himself & his name next to the link
wonder if its the same DMF in the metaspoilt book
Zebuddi.
Re: PB made famous in "Metasploit: A Penetration Tester's Gu
Posted: Fri May 24, 2013 11:50 pm
by Joakim Christiansen
Haha, this conversation in Notepad is a great memory of mine!
I would never have thought that it would have been written about in a book several years later...
And it's not like I have "warezed" PureBasic, I am a paid user and have never done anything to harm its name (I have not made viruses). And my hacking days are over, since my health doesn't allow me spending much time at the computer anymore.
Thanks for posting this and sorry if someone gets the wrong picture of me by reading this thread. But when mentioning this I can also add that I made an addition to the scanner allowing it to find VNC servers with security holes which allowed access even with a strong password set and an option to let it try passwords like 123456, etc. I have had a lot of fun, but I have never really harmed anyone, I just fool around and make people aware of the security holes without doing childish things like deleting stuff. I once turned a Canon site upside down, but I was kind enough to instead of deleting the original PHP code just comment it away so it could be easily fixed.
Text from the book:
If you think a VNC scan is likely to be a waste of time and that you’ll never find systems with open VNC servers enabled, think again. During a large penetration test, which included thousands of systems, one of the authors noticed that one of those systems had an open VNC server.
While the author was in the system documenting his finding, he noticed activity on the system. This was overnight on a system that was unlikely to have an authorized user on it. While not always considered a best practice, the author pretended to be another unauthorized intruder and engaged the intruder in conversation via Notepad. The intruder was not very bright and told the author that he was scanning large blocks of systems for open VNC servers. Here is a segment of the conversation:
Author: You in the us? or out of country? I know some people in denmark.
Attacker: I’m from Norway actually, hehe, I have relatives in Denmark.
Author: You hang in any boards? like I used to like some but they have been going away
Attacker: I mostly hang in some programming boards, but not much else. Have you been into hacking for a long time or what? What’s your age btw? I’m 22.
Author: I have been on this for like fun for around a year or so. Still in school. 16. Just something to do.
Attacker: Haven’t been there. I too mostly do this for fun, just trying to see what I can do, test my skills. I wrote the “VNC finder” myself btw, I have found a lot of servers, but this is the only one where I could actually have some fun
Author: Wow. What did you write it in? Can I dl it? Do you have a handle?
Attacker: It’s written in a language called PureBasic, but it’s kinda not ready for release yet, it’s only for my own use. But maybe I can share it anyway, I could upload the code somewhere and let you compile it. That is if you can find some PureBasic compiler on some warez site
Author: Thats cool. you can put it in that pastebin site from irc. That lets you anon post I have not done purebasic before. just python and perl
Attacker: Let me see, I'll look for that pastebin site and upload it, just give me some minutes, I’ll be around.
The attacker then gave the author a link to a pastebin page with the full source for the custom VNC scanner he was using.
Funny shit, I even found a more detailed story about the hacker I talked with: (
edit: didn't click your second link at first)
http://www.it-docs.net/ddata/121.pdf
The chapter is named "Top-Secret Case Study 2: Social Engineering a Hacker" and can be found by searching the text. What is shocking is the coincidence of me meeting this guy who actually wrote about it... He brags about getting a picture of me, well I only shared a picture of me in a balaclava!
I just bought both his books now, will be fun to show to friends. Especially my father who I've shown the Notepad chat while I was chatting!
Re: PB made famous in "Metasploit: A Penetration Tester's Gu
Posted: Sat May 25, 2013 12:14 am
by luis
The fact PB is available as warez is "normal".
The fact this guy has been ripping off people on both fronts for years on ebay is really sad
http://www.ebay.it/itm/Pure-Basic-Pro-E ... 0582535025
Around 5 euros. Probably it's the version 3.10 just cloned on a .25 cents CD.
"All our listings are 100% genuine & original"
Sad, and really stupid the people buying from him
On amazon too:
http://www.amazon.co.uk/product-reviews ... ewpoints=1
Even supposing this are still "original" CD floating around (and I'm being generous), nowhere it's mentioned it's an archaic version.
At least the warez version rip off only Fred (assuming you can count them as missing sales, probably only partially true).
Re: PB made famous in "Metasploit: A Penetration Tester's Gu
Posted: Sat May 25, 2013 1:21 am
by skywalk
Whoa, I can understand some shady torrents but download.com(cnet) and amazon and ebay can be petitioned to take down illegal copies.
Is this the demo or a pirated copy? ~18000 downloads
Re: PB made famous in "Metasploit: A Penetration Tester's Gu
Posted: Sat May 25, 2013 10:01 am
by c4s
You could have linked to the
direct download link (below the "Download Now" button) instead of this CNET adware downloader thing to see that it's actually the official demo. I guess 18000 downloads is pretty good then...
Re: PB made famous in "Metasploit: A Penetration Tester's Gu
Posted: Sat May 25, 2013 9:37 pm
by Zach
A little confused by this whole "pretending to be an unauthorized user thing".
Was this guy a company employee doing Internal testing or something? I haven't clicked on any of the links or read more than this thread. But it was an interesting story. I always wanted to try hacking out but never really got into it and these days I just wouldn't dare, being an adult, and with much more traceable Internet these days..