Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

From a glance, none of these exploit vulnerabilities in Discord/Telegram, they'te just garbage you have to convince someone to run. There's nothing to be learned from their source code, no legitimate action the companies can really take to improve their software and stop this and no way to use the software for anything other than trying to ruin someone's life.

If you want to go ahead and make the free speech argument, feel free, but I don't buy it.

"This repository is for ethical purposes and to use the scripts to learn and improve in python :)"



People who use this or program it for others to use in the wild are human garbage and should be socially isolated, it's as simple as that. It's their moral choice and when they choose malice, they will have to be morally judged. To the least.


Calm down friend, it's just a program that steals a chat room.


It's a mix. The top result is https://github.com/Blank-c/Blank-Grabber, which is full fat malware, which uses discord to exfiltrate the stolen data.

  # Features
  • GUI Builder.
  • UAC Bypass.
  • Custom Icon.
  • Runs On Startup.
  • Disables Windows Defender.
  • Anti-VM.
  • Blocks AV-Related Sites.
  • Melt Stub.
  • Fake Error.
  • EXE Binder.
  • File Pumper.
  • Obfuscated Code.
  • Discord Injection.
  • Steals Discord Tokens.
  • Steals Steam Session.
  • Steals Epic Session.
  • Steals Uplay Session.
  • Steals Passwords From Many Browsers.
  • Steals Cookies From Many Browsers.
  • Steals History From Many Browsers.
  • Steals Autofills From Many Browsers.
  • Steals Minecraft Session Files.
  • Steals Telegram Session Files.
  • Steals Crypto Wallets.
  • Steals Roblox Cookies.
  • Steals Growtopia Session.
  • Steals IP Information.
  • Steals System Info.
  • Steals Saved Wifi Passwords.
  • Steals Common Files.
  • Captures Screenshot.
  • Captures Webcam Image.
  • Sends All Data Through Discord Webhooks/Telegram Bot.
  (...more)
Others like: https://github.com/venaxyt/Token-Grabber-Advanced are intended for stealing discord information.


> Steals Minecraft Session Files.

> Steals Roblox Cookies.

Is there any value in cookies for a children game?


Yes. It allows you to impersonate someone, cause issues for other players under their name, sell them on to others to want to do bad things like that etc.


In Roblox's case there are items that sell for thousands of dollars. In Minecraft's case there's a very large marketplace for the accounts themselves - the game has a lot of cheaters that get banned from servers regularly and cycle through accounts to keep playing.


You can then steal their account balance and any items you have.


Not even close. It takes down a whole computer. My son downloaded a file he thought was a friend he hadn't heard from for awhile to look at the project he was working on. Had to wipe the computer. Fortunately his brother had the skills to save his files and check that they were clean. They also used his card to charge steam account stuff. Had to warn all his friends he had been infected and nuke his discord including his own server. Had to get a new bank card.


a few of these steal credit cards as well. but that's ok because it can be used for good - you can learn where chrome stores its cookies!


> I'm doing bad shit, but please don't get angry at me. I'm not the problem here, you are

"For educational purposes" is the new "It's just a joke, man."

I get the argument that non-disclosure isn't working ("isn't perfect" would be a better phrasing) and that once the source code is out there, you can't contain its spread. But I'm not making a political argument here on how to prevent this from happening, but a moral argument (pretty obvious in my post). Basically if you spread this "for educational purposes" *wink*wink* you are part of the problem and most of your justifications are worthless and disengenuine. And if you're really a free speech advocate you allow me my moral judgement.


You are right. That is not to say that discord has a ton of security issues. For example, thousands of people, myself included have been screaming from the top of our lungs for years that sending files over discord creates public links that anyone can access and yet that issue was never addressed.


Didn’t they just announce changes that will force URL’s to expire after some time?


'Creating public links' isn't a security threat if the URLs have enough entropy to be unguessable.


Security through obscurity is a terrible policy.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: