The scrack.exe file sends out a packet to 69.123.55.44:28747 upon successful login. This packet contains the following information, username, password, server you are logging into. It is all put together in a single packet with very simple encryption. 3E is the seperator to seperate your username, password, server. This is what the packet would look like ->
(username) 3E (password) 3E (server) 3E 00
I love how jMerlin tries to justify having the bot connect to this external server.
Quote:
Why? Because we tried to proxy packets from the bot login server through a filter so we could log and modify packets, trying to catch which packet causes the disconnect thingy?
I mean if you're insecure with the bot connecting to the actual srobot login server and to a disconnected proxy which we were trying to use to prevent the disconnect message, then by all means that's your right.
But going around telling everyone that there's a keylogger in it because it uses the internet? So there's a keylogger in 90% of the software on my PC is there?
Ok.. I better get to deleting all of it.. this might take a while, be back in a few years.
|
Here, jMerlin, let me fix that first sentence for you.
Quote:
|
Why? Because we want to send packets from the scrack.exe to a server so we could log and steal accounts
|
That looks better. This server at 69.123.55.44:28747 DOES NOT modify packets. It doesn't speak to your computer at all. The only thing this server does is receive your account information.
Why is scrack.exe sending account information to this server? My guess is that the server belongs to jMerlin (or a friend of his) and they're using it to collect account information from anyone who uses his file.
Those who say it is a key logger are wrong. It simply grabs your username, password, server and sends that information out in this packet upon successfully logging in.
**** sry 2 all the people who got hacked :?
