Bountyhunter50 Posted October 2, 2012 Posted October 2, 2012 Hey everyone! Ok so (Without writting a novel here...) Here's the story: I had one of my buddies Screen Share Via iChat onto my iMac to check out some of my IPv6 settings and port forwarding (first time with Century Link and their hardware) for some VNC. This is a buddy I trust really well. I had disappeared from my workstation (I know, first mistake) and let him carry on. Well, when I returned I saw he had remotely transfered Conan the Librarian (for those who don't know, it's a background process that has the mic on 24/7 and will have Arnold Schwartz. scream "shut up" at you till you kill the process). With that having been said, I seek (friendly) revenge on his iMac in return. I'm wanting to either do a Metasploit payload or SSH into his machine and do Terminal commands galore, and lock his audio and use the "Say" command (just an example). My issue: get his IP fully without asking. Not a big issue usually except he's running a few levels of OpenDNS and running though Time Warner Co. (if that matters). My question is does anyone have/recommend ways I can get his iMac's external IP address , preferably without him finding out I'm doing such? Quote
01000010 Posted October 2, 2012 Posted October 2, 2012 make a webpage, have him visit and then check the log. Quote
Mr-Protocol Posted October 2, 2012 Posted October 2, 2012 External address wont help you much due to firewalls. My hateful response: He has a Mac, the damage is already done lol. It's one thing to do harmless little prank, it's another to get a backdoor. You could buy a USB Ducky from the shop and plug it into his system to hit the backspace/delete key 10 times in a row very quickly and throw it on a timer of every 10 minutes and change the sleep time. Then when he would be in the middle of typing it would delete words at random :P. Quote
01000010 Posted October 2, 2012 Posted October 2, 2012 (edited) Oh nothing is better than a bash script that is set to play some crazy song at random times. Just make sure to add it in on lauchd, cause its a mac they prolly will not look there. Edited October 2, 2012 by leapole Quote
Bountyhunter50 Posted October 2, 2012 Author Posted October 2, 2012 External address wont help you much due to firewalls. My hateful response: He has a Mac, the damage is already done lol. It's one thing to do harmless little prank, it's another to get a backdoor. You could buy a USB Ducky from the shop and plug it into his system to hit the backspace/delete key 10 times in a row very quickly and throw it on a timer of every 10 minutes and change the sleep time. Then when he would be in the middle of typing it would delete words at random :P. Don't get me wrong, I'd LOVE to use a USB Ducky on him. One other problem I forgot to mention: He lives accross the country. Quote
Bountyhunter50 Posted October 2, 2012 Author Posted October 2, 2012 Oh nothing is better than a bash script that is set to play some crazy song at random times. Just make sure to add it in on lauchd, cause its a mac they prolly will not look there. In a perfect world: I'd like to spawn a VNC server on his iMac, then when I know he's at work snag the SSH credentials. And strike! Quote
Radau Posted October 2, 2012 Posted October 2, 2012 (edited) External address wont help you much due to firewalls. My hateful response: He has a Mac, the damage is already done lol. It's one thing to do harmless little prank, it's another to get a backdoor. You could buy a USB Ducky from the shop and plug it into his system to hit the backspace/delete key 10 times in a row very quickly and throw it on a timer of every 10 minutes and change the sleep time. Then when he would be in the middle of typing it would delete words at random :P. LOL! Don't get me wrong, I'd LOVE to use a USB Ducky on him. One other problem I forgot to mention: He lives accross the country. You could buy one and mail it to him? haha. Edited October 2, 2012 by Radau Quote
Bountyhunter50 Posted October 2, 2012 Author Posted October 2, 2012 LOL! You could buy one and mail it to him? haha. He wouldn't know what it is, He'd think it's a flash drive, LOL!! Quote
barry99705 Posted October 3, 2012 Posted October 3, 2012 He wouldn't know what it is, He'd think it's a flash drive, LOL!! That's the point! Quote
Bountyhunter50 Posted October 3, 2012 Author Posted October 3, 2012 That's the point! But I'd have no physical Access. Quote
01000010 Posted October 3, 2012 Posted October 3, 2012 (edited) that is your physical access... honestly -- he has a mac and prolly just clicks links whilly nilly. Open up the set toolkit send a few emails and your done. Edited October 3, 2012 by leapole Quote
Bountyhunter50 Posted October 3, 2012 Author Posted October 3, 2012 that is your physical access Well he's not going to send it back to me, since he lives across country. Thats' the fun of this planning prank: he's quite cunning. He'd keep it for himself = I'm out $60 some odd bucks and out of a USB Ducky Quote
Infiltrator Posted October 3, 2012 Posted October 3, 2012 I know this is not allowed to be talked in here, but If you want to screw around with him, you could rat him, do all sorts of evil things to him. Quote
Radau Posted October 3, 2012 Posted October 3, 2012 So long as he doesn't have an antivirus a R.A.T. could work, if you're going to test it locally remember to isolate the virtual network in case things somehow spin out of control. You could always try to make it FUD if you know how to. I really hope I didn't just violate the TOS there haha. Quote
Infiltrator Posted October 3, 2012 Posted October 3, 2012 So long as he doesn't have an antivirus a R.A.T. could work, if you're going to test it locally remember to isolate the virtual network in case things somehow spin out of control. You could always try to make it FUD if you know how to. I really hope I didn't just violate the TOS there haha. There is a paid utility that you can use, to FUD it, not mentioning the name here as it is against the forum rules. Quote
Radau Posted October 3, 2012 Posted October 3, 2012 There is a paid utility that you can use, to FUD it, not mentioning the name here as it is against the forum rules. There are a lot of them, you don't HAVE to pay for them, but if you want one that is really FUD you do or you have to have connections to someone that creates their own. He's using a mac though, maybe he bought into the "Macs never get viruses" gimmick? Quote
Infiltrator Posted October 3, 2012 Posted October 3, 2012 There are a lot of them, you don't HAVE to pay for them, but if you want one that is really FUD you do or you have to have connections to someone that creates their own. He's using a mac though, maybe he bought into the "Macs never get viruses" gimmick? You can get good free ones, but the paid ones I put my money on it. Quote
Radau Posted October 3, 2012 Posted October 3, 2012 You can get good free ones, but the paid ones I put my money on it. You usually have to catch the free ones within a few hours of them being uploaded, paid ones have worked out great for me though. Of course it wont matter if he doesn't even have any antivirus running, or it shouldn't. I wouldn't know I avoid that operating system like the plague :P Quote
Infiltrator Posted October 3, 2012 Posted October 3, 2012 You usually have to catch the free ones within a few hours of them being uploaded, paid ones have worked out great for me though. Of course it wont matter if he doesn't even have any antivirus running, or it shouldn't. I wouldn't know I avoid that operating system like the plague :P One of my mates is a huge fan of Apple, he really bores me to death when he talks about Apple. He really is a knowledgable guy, knows a lot about Apple, how it works, it's operations and everything. Anyway, I think the OP will have to run Vmware Fusion, to get the RAT to work, since he is on a MAC. Quote
Pwnd2Pwnr Posted October 3, 2012 Posted October 3, 2012 What is a Mac? Isn't that the address given to modems and such? ;p Quote
Bountyhunter50 Posted October 3, 2012 Author Posted October 3, 2012 Update*** So last night I did one of those .php scripts to try and snag his code, we won't click it. SO that is probably out of the question to get his IP. Just shooting ideas here: Is it possible through SET or something to create a background process that I can include within a .zip attachment (Include it with a legit file for him, but hide the process file) and have the script execute an "on click" or something and route back to me? or is that overthinking things? It's mostly his IP i'm after, then the rest is a playground B) Quote
Radau Posted October 3, 2012 Posted October 3, 2012 (edited) What is a Mac? Isn't that the address given to modems and such? ;p Haha, you just reminded me of a teacher that required us to write out media access control address instead of mac address just because they had a Macintosh... such a pain :D Update*** So last night I did one of those .php scripts to try and snag his code, we won't click it. SO that is probably out of the question to get his IP. Just shooting ideas here: Is it possible through SET or something to create a background process that I can include within a .zip attachment (Include it with a legit file for him, but hide the process file) and have the script execute an "on click" or something and route back to me? or is that overthinking things? It's mostly his IP i'm after, then the rest is a playground B) Could you maybe get him to click on a tinyurl that redirects to it? You could also try to convince him you want to play a game of Quake 3 with him and you have an extra activated copy then send a file that installs quake and something else;p Edited October 3, 2012 by Radau Quote
Bountyhunter50 Posted October 4, 2012 Author Posted October 4, 2012 Haha, you just reminded me of a teacher that required us to write out media access control address instead of mac address just because they had a Macintosh... such a pain :D Could you maybe get him to click on a tinyurl that redirects to it? You could also try to convince him you want to play a game of Quake 3 with him and you have an extra activated copy then send a file that installs quake and something else;p You sir bring up a good point! He does have his iMac set up for Windows 7 because he likes to play Goldeneye on there. Hm.. Quote
Infiltrator Posted October 4, 2012 Posted October 4, 2012 (edited) Haha, you just reminded me of a teacher that required us to write out media access control address instead of mac address just because they had a Macintosh... such a pain :D Could you maybe get him to click on a tinyurl that redirects to it? You could also try to convince him you want to play a game of Quake 3 with him and you have an extra activated copy then send a file that installs quake and something else;p A good idea in deed, but what if he doesn't use the Windows 7 machine, for accessing his online accounts, and instead use his iMac? How is this going to work out? Edited October 4, 2012 by Infiltrator Quote
Bountyhunter50 Posted October 5, 2012 Author Posted October 5, 2012 A good idea in deed, but what if he doesn't use the Windows 7 machine, for accessing his online accounts, and instead use his iMac? How is this going to work out? Can I get back to you once I've figured that part out? :P Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.