papasmurf

One more thing Cooper: my flatmate insists it was not him ad nauseam and says all activities on his Apple Mac are logged and to check the log for proof. Is this true? Obviously metasploit would have a way of getting around it anyhow?

I reset the modem and password last week and it's been locked down (as much as what it can be). I've specified two devices that can be connected only, and so far so good. I won't bother you with the wireshark logs buddy, you've given me all the help I need. Thanks again, I really appreciate your time. PS

Well my computer should not have been acting as any kind of server. The only tech link my flatmate and I should have had was that he used the same internet connection. I gave him the password so we could share it. He is the only other person living with me. To my knowledge I never consciously ran Microsoft's DNS service on the machine. It came with windows 8 and then I upgraded to 8.1, so you would think the MS07-029 vulnerability would have been fixed when I got the machine...? You are right, none of this would stand up in court. I have no interest in taking him to court anyways. I just want the guy ouy of my house ASAP, which he is dragging his feet on. And yes he is smart enough to lock down the data he got and wipe everything so he doesn't get caught. NB: I have a couple of days of wireshark activity logged, but other than seeing his continual connecting to my machine, I don't know how to interpret the rest of it. They are not screenshots, but actual logged data in wireshark format. Cooper thanks for your help on all this!

So from where I'm sitting, you got pwned, your flatmate found out about it one way or the other and chose to keep quiet until that conversation, either to test if the info he'd gotten elsewhere was right or to show off by slyly divulging his results. Even if you found Metasploit on his Mac, it proves nothing. The browsing history of IE might tell you something about when the hack may have occurred (or at least when the spyware snuck into your machine) but it would have to be recent and for all we know so far it might've been months ago. Hi Cooper, Sorry for my delays in responding. I am only have access to a computer intermittently at the moment as I organise a replacement for the one that was hacked. Yeah I think as you say I got pwned. There is no other way it seems to me that he raises a topic out of the blue that he could only have known about if he was directly observing me one way or the other. Then I find meterpreter on my computer etc. I confronted him about it and he denies it all. I don't believe him as I know his character. I'm evicting him at the moment. One of the IP's connected had a remote address connecting in via local port 54829. The other was his Mac, using a remote port 52066 connecting to local port microsoft-dns There were various 'localhosts' established, but I presume these are no problem i also have wiresshark logs that show his computer was consistently established to my computer. As I understand it this should not be the case? His computer should only have been connected to the modem we use, which also showed up in the DHCP list in the modem log? Anyhow, he offered me the opportunity to scan his computer to prove it wasn't him. But correct me if I am wrong, it wouldn't be difficult to delete the offending programs. One other thing is that he uses a remote server to log into and use the internet and other programs. Beats me why the hell he does this, but he keeps saying he doesn't know much about computers, but knows enough to use a remote server for his applications. Appreciate all your help and if there is anything else you can add, please feel free. Thank you kindly - Papasmurf.

NB: I have 'unauthorised' access to the MAC.

Hi Digininja/Cooper, The person I lived with suddenly raised a topic of conversation that he could only have known about if he had access to my computer or had a way of directly observing me at some point. I ruled out the latter so started looking into the former. Up to this point, my laptop had been running more-or-less alright, with only a few (unrelated) issues with the touchscreen. I ran a host of anti-malware/virus apps and I finally began to get somewhere. After a couple of days of non-stop testing, I finally dug deep enough and found the following files on my system. Some could not be deleted- the system was infected at boot level. -Fraudtocol.hijack - registry -uxtheme.dll - infected -sxssrv.dll - infected -sdwinlogon.dll - infected -excel.exe/300 ; "E&xport to Microsoft Excel" registry key. Similar "S&end to Onenote" key Execute unsigned ActiveX in Internet Zone Execute unsigned ActiveX in Local Intranet Zone Execute unsigned ActiveX in My Computer Zone -- In addition to the ones above, Norton picked up about 10-15 seperate entries for "Metasploit" and "Meterpreter". I can't individually list these files at the moment, as the laptop is with tech support. Here are a couple I wrote down: -template_x86_windows_svc.exe (Backdoor.trojan) -metsvc.exe (Meterpreter) -- I also took a screenshot of the network and saw a couple of IP's "established" to my computer and/or modem that I knew nothing about. -- I don't know what was done to the machine. Whether it was just being observed or used for some reason. No files I know of were missing. My suspician is it was my flatmate snooping, but proving it or disproving it is where I am stuck. Any other thoughts/ideas? Thanks gents.

Hi - thanks in advance to any decent folk for looking at this. If anyone with knowledge can assist I'd be grateful. I'm on windows 8.1 and recently discovered I'd been hacked using metasploit and meterpreter. I won't go into the tedious details of it all, but my whole system is now stuffed. It will need replacement. I am 100% certain the attack originated from a person I live with. He was hooked up to my wifi and was on the network. He occassionally had physical access to my PC. My problem is how do I prove it. Can anyone tell me if there is any fairly failproof way of determining if these hacking tools are or were on his Mac? I did a basic check and couldn't seem to find much, however I am a mac ignoramus so unless it was listed in programs I wouldn't have found it anyhow. I can occassionally access his Mac when he is out. I only want to determine if he was the source of the hack. I have no interest in anything else on his system. If anyone can help me in any way at all, please let me know. Cheers and thanks