Home Man Cave

sending a viral email, need how to

culinaryoverlordculinaryoverlord Regular
edited June 2011 in Man Cave
My GF and I are hunting for apartments right now, and we put an ad on Craigslist in the 'rental wanted' category. I have since received a couple of obvious scams as responses. I am keeping a one of them hanging, just for shits and giggles, and was wondering if I could send him something that would fuck him up. I am a noober when it comes to hacking, but I was wondering how hard it would be to attach a virus to a pic (Here is a picture of us so you know who you are dealing with). I don't want his PI, I want to nuke the fucker.

C/O
"fucking Nigerians, the guy even used 'Martins Collins'"
Share on Twitter

Comments

  • thewandererthewanderer Regular
    edited June 2011
    You need to establish contact with him first. Use social engineering to make him lower his guard, and then get him to download something fucked up.
    Share on Twitter
  • culinaryoverlordculinaryoverlord Regular
    edited June 2011
    thewanderer wrote: »
    You need to establish contact with him first. Use social engineering to make him lower his guard, and then get him to download something fucked up.

    I'm on that track, I am playing a dumb blue collar sort who is a little out of his depth making 'arrangements' like this online. He has just given me his first full play, "we will need a deposit of $500 to secure the property, as I am in London this will need to be through Western Union, as soon as I receive it our agent will drop off the keys to you". I responded with "We have the money to make our full first and last months rent payments as well as the damage deposit, we would prefer to deal with someone local, but if that is not possible, we can send the money, but you will need to fax us the rental agreement".

    Hopefully the dude thinks he has scored an easy $2500, and my next mail needs to contain the bomb, disguised as a supposed pic of me and my GF. I suspect they are local,but anyone with half a brain could do it with google maps and some random pics, from anywhere. If I can't fuck them online,I am going to press for a meet with the 'agent'. I am not going hardcore on this as ending up with charges for something petty would suck, but man, I really want to ruin their day.

    C/O
    "Nigerians suck"
    Share on Twitter
  • UnknownUnknown
    edited June 2011
    Put a payload into a PDF file, send it to him saying its your portfolio or something. As soon as he opens the PDF file, it will send a shell back to your computer and you can gain complete control over his machine through the command shell :)

    Tools needed for this job are;

    Backtrack Linux
    Metasploit (Included with BT)
    Meterpreter (Included with Metasploit)
    msfpayload (Also a metasploit thing)
    Share on Twitter
  • thewandererthewanderer Regular
    edited June 2011
    Get him to delete system32 and then laugh when you don't get a reply e-mail back from him.
    Share on Twitter
  • culinaryoverlordculinaryoverlord Regular
    edited June 2011
    trx100 wrote: »
    Put a payload into a PDF file, send it to him saying its your portfolio or something. As soon as he opens the PDF file, it will send a shell back to your computer and you can gain complete control over his machine through the command shell :)

    Tools needed for this job are;

    Backtrack Linux
    Metasploit (Included with BT)
    Meterpreter (Included with Metasploit)
    msfpayload (Also a metasploit thing)

    Thanks, not easy, but nothing worthwhile is. I will figure out something to stall him while I figure out how to do this. The .pdf will be a "rental agreement" I need him to sign and send back to me.

    C/O
    "linux, oh dear"
    Share on Twitter
  • UnknownUnknown
    edited June 2011
    Well, good luck with it. I suggest you familiarize yourself with Metasploit Unleashed - it's basically a Wiki-type thing with all the information you'll need on making a rogue PDF file. Also, you're going to need to leave your computer on with your listener running until he opens up the PDF file - you get ONE chance at exploiting and getting a shell, so don't miss it!

    Instead of getting a shell, maybe you could write some kind of custom code which just formats the fuck out of his computer? I dunno, use your imagination. Just do a lot of reading.
    Share on Twitter
  • ChupaloChupalo Regular
    edited June 2011
    I fucked a dude up on Craiglist once by getting him to send me a pic that was geotagged. He was selling a laptop and I told him to take a pic with his name on a paper to prove he had it. He took it with his iPhone 4 and I had his GPS coordinates. Won't go into details, but dude had a "bad month" after that.
    Share on Twitter
Sign In or Register to comment.