Skip to content
/ hello Public

send huge amount of dynamic payload to http endpoint

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Wireless4024/hello

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
src
src
 
 
Cargo.toml
Cargo.toml
 
 
readme.md
readme.md
 
 

Repository files navigation

Hello

Hello.

Today hacker just want my steam credential so I send a lot of account to hacker. I hope hacker is very happy about this.

About this project

This project designed to send huge amount of dynamic payload to http endpoint.

Features

  • Change body on each request
  • Customizable site parser (if they change backend url frequently)
  • Rate limit per sec
  • Parallel request support (by default it only spawn concurrent tasks)
  • Exit after server fail

Run this project

git clone https://github.com/Wireless4024/hello
cargo run --release

You can adjust value in main.rs to whatever you want

TLDR;

  • I didn't lose anything just sanity.
  • Don't log in to untrusted website.

    If the website ask for login please open another tab and search for official website in google then refresh the page to login (If it still has login ui mean its FAKE!).

  • Fake website that I found is already shutdown.

Story

Hello today I got message from someone from steam.

At the beginning he said he want someone to join dota2 tournament team,
surely I said ok, and he sends a link from challenger-mode to his team and he said did you see join button?
But I didn't see anything so I ask him again and then he sends (currently 404) to me (First time I guess maybe challenger-mode just generate that link for him)

UI part I think he just buy this website template from someone or maybe free from github.

Bad news is I put my credential into that website :( with steam guard and recovery code. After I have known I got hacked because I have family mode turned on and they bruteforce and remove it (its gone from steam ui), my steam session is logged out and I got chat message from fake steam user (their script add this user after bruteforce family mode),
Good news is they can't change password because it needs to be confirmed by mobile app
BUT they have my steam guard recovery code! so I quickly grab my phone and take my steam guard back to my phone, and they just spam password reset confirmation to my steam mobile app, and I can't even change my password :(
about 3 minutes later I'm able to change my password and I guess I'm safe now.

About

send huge amount of dynamic payload to http endpoint

Topics

denial-of-service

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Languages