Hellboy OneUpdater

[frank666]

Hello, does anyone have an invitation for this forum?
Thanks

[m0scito]

Avoid HB59+OneUpdater. It has a remote-control backdoor in the binaries and will give the HB board owner full access to your vps/server.

[huuhau]

Avoid HB59+OneUpdater. It has a remote-control backdoor in the binaries and will give the HB board owner full access to your vps/server.

thats is a member who is banned, and he cry now very hard


who need a invitation code need write pm to me.

[m0scito]

No, I´m not a member, but it´s already well known that hb59 is a version with trojan built in and give remote access to these guys from hb59 forum. That version also collects all cache data from your local card and sends it to a huge payserver which is running by these guys. that´s why you need a local card to join that forum.

[turbopower]

Prove it with virusscan, and some network dumps which is stating for connection to this server.
You have two days, to do it, otherwise all of your lies will be deleted and you will get an infraction.

[m0scito]

Irregular UPX compressed binary file, regular hex editor. No special magic required to check the content. hb59.jpg

[turbopower]

There is no special magic but you need to know what the code is doing.
ONEupdater is available only to members of specific forum, so it is normal to have API call to check about your membership there.
And to finish with this pointless discussion here is virus scan of hb59 and oneupdater
https://www.virustotal.com/gui/file/...5c4b?nocache=1
https://www.virustotal.com/gui/file/...bcd9/detection
One of the virus provider detected ASP.Webshellce which incorrect since this vulnerability is for Microsoft software and this is Linux
https://www.trendmicro.com/vinfo/us/....WEBSHELL.SMC/

In other words nothing to be scared here, the rest is politics, because now payservers can't use and exchange HB anymore.
To have access to it you must be located in Europe and have a local card from there, mainly a lot of people a pissed of this thing, for that reason spreading bad words, and false accusations.

[m0scito]

hb59unpacked.zip
+ included unpacked binary

The reverse-connect shell is also included in the unpacked hb59 binary:
https://www.virustotal.com/gui/file/...5fc9?nocache=1

[turbopower]

Sure and how can you use it?
Here is multics source code if you know C you can build your own version https://github.com/multi-cs/multics

[m0scito]

Simply include a remote code (like from metasploit shellcode payload - https://docs.rapid7.com/metasploit/w...with-payloads/) in the http call and you have a remote shell running as root. btw. the hb59 demands to be started as root. It was also reported, the binaries and others files were deleted from users servers who were banned.