mat does dev blog

Uncovering the Discord Twitch Bots

Posted 4 months ago
Uncovering the Discord Twitch Bots

So a few days ago my friend Slip got a DM on Discord from this "Twitch" bot asking him to invite it to my servers as well as to join theirs. The message the bot said claimed that Discord and Twitch had partnered up to give its users free Nitro Games and free Twitch Prime. It obviously looked fake, so Slip created a testing server and added me and some friends to help. Upon joining, the fake Twitch bot DMed everyone in the server with the same message as it sent to Slip. It looked like some sort of social engineering worm, but it hadn't done anything bad yet, so we revoked the bot's perms and left it in the server. When I joined the server it linked, it looked like some sort of bad giveaway server with giveaway channels, and even a rules and TOS channel. Unfortunately for us, there were no channels that we could talk in to inform other people. Soon after joining, we got another DM from a different bot but with the same name. Again, it contained a link to join a Discord server. However, this time, instead of saying it was from Twitch, it took a more straightforward attempt, saying to join for "Nitro / Nudes". It was getting late, so we went to sleep. When we woke up, we were greeted by at least 4 other bots with the same message and name, so we just invited all of them to our server! The old bots were now offline and for some people, the bots' names were displayed as things such as "thisisaspambot", "Fake Twitch Bot", and "Fake bot". We later found out that this was in fact a doing of the Discord Trust and Safety team, but they didn't do it very well because some of the bots could still DM people, and it didn't always show up with their new names. Another interesting thing was in a MediaFire link one of the bots DMed to Slip. He shared it with us, and the file claimed to be an executable containing a Nitro generator, but it looked obviously fake, evident by the instructions text file provided. How to use the Discord Generator : 1. Disable anti-virus, and open it. 2. When you opened it, press on ''Generate'' and good luck! 3. It says its a virus because this generator generates accounts, so obviously it will say its a virus, but its not. If its not working, it means u dont have the good version. Good Luck! What even is that grammar... Another notable thing was that when we searched up the owner of the "Free Nitro" Discord server on YouTube, it returned their channel. One of the videos was a free Nitro generator, leading to the same exact MediaFire link, so we knew there was a definite link with that user. Anyway, we booted up Windows Sandbox and ran the virus with a process monitor in the background. There were a bunch of references to Python, so it was likely a Python script compiled into an exe. I wasn't sure what it was compiled with, so I tried running unpy2exe on it, but it returned an error telling me to use pyinstxtractor instead, as it was compiled with pyinstaller. After we ran pyinstxtractor on the exe, it returned a folder with a bunch of pyc and pyd (Python bytecode) files. It looks like it was created on March 2nd. No matter what we tried, we couldn't decompile it into normal readable Python, so we just analyzed the bytecode using the dis Python module. There was a bunch of references to tokens and browser LocalStorage, where the token is stored. The malware also sent an http request to api.ipify.org (to grab the victim's IP address), the user's email and phone number, as well as the user's nitro status. There was also a funky looking base64 string, which revealed to be a Discord webhook that the script sent the user's details to. Once we got hold of the webhook, things got spicy. We tidied up the testing server a bit and hid our discussion channels, then made the invite look as appealing as possible. Using a little webhook spamming script I wrote, we spammed @everyone, as well as an invite to our server, and left it running overnight. In the morning, We woke up to this: They were the admins to that free Nitro server. We also found out that they had deleted their webhook, which meant we couldn't spam them anymore, but they wouldn't get the tokens of any new users. The first two quickly left, but one sent us a message before leaving. We asked kzh to join back again. This led to this hilarious conversation. In summary, these guys are just terrible clowns trying to get tokens from unsuspecting Discord members. And that ends the tale. We still have the server ID and the channel ID that the webhook was created in as well as the discord tags of all the members and we'll continue to spam any future webhooks that the Twitch bots send us. :)

What are Domain Hacks?

Posted 1 year ago
What are Domain Hacks?

A domain hack is a domain in which both the top level domain (TLD) and the second level domain (SLD) are combined to make up a word or phrase. For example, matdoes.dev is a domain hack for mat does dev. Domain hacks are not security-related and they are completely legal. Most domain hacks use country code top level domains (ccTLDs), for example, .it is for italy, .am is for Armenia, etc. Some companies even purchase their own custom TLDs from the Internet Assigned Numbers Authority in order to create a hack for their domains. Most notably is goo.gle, which was created by Google as a domain hack for their website. Why Use a Domain Hack? An advantage to using a domain hack is that your domain is much shorter and therefore easier to remember. Many URL shortening sites such as bit.ly, goo.gl (Google), youtu.be, etc, use domain hacks to make their URLs shorter. Domain hacks are more fun than normal domains, too, which increases the chance of people clicking on them in search results. How to Choose a Domain Hack? Finding a good domain isn't always easy, so I've created a tool hosted on Repl.it that helps you find domain hacks Click here to view the domain hack finder At the moment, it uses every TLD currently in existence, which may not be what you want since some top level domains cannot be used by most people as they require you to live in a certain area or work for a certain organization. You can customize it by adding or removing from the tlds.txt file. My tool also checks whether a domain is already taken by someone by seeing if the website has any DNS records. Also, be aware that some TLDs are stupidly expensive. For example, .ng domains can go for up to $50,000

Who is mat?

Posted 1 year ago
Who is mat?

Welcome to mat does dev. You might have some questions, so I'm here to answer them. Who is mat? I am mat. I am a human that lives somewhere on a planet called Earth, you might've heard of it. What do you do? I do dev. To clarify, I mean dev as in software development. Why do you write your name in lowercase? Because I can and no one can stop me. What type of stuff do you make? I make a variety of different tools, and you can see some of those things in my project list on this website. The list isn't complete though, as a lot of things I make aren't particularly presentable. What programming languages do you use? I mainly use Python, as it's the language I'm most comfortable writing with. I'm also proficient with JavaScript, HTML, and CSS. I also know limited amounts of C++, C, Go, and Java. How did you make this website? The backend for this website was written by me in pure Python with beautiful asynchronous aiohttp.web and Jinja2. The frontend was made with VanillaJS How can I contact you? You can contact me through Discord (mat#6207). I'm not likely to accept friend requests though, so you'll have to contact me through servers I am in.