Jump to content

Revenge On A Friend

Bountyhunter50

By Bountyhunter50
in Questions

 Share

Recommended Posts

Bountyhunter50 Newbie

Bountyhunter50

Posted
Posted

Hey everyone!

Ok so (Without writting a novel here...) Here's the story:

I had one of my buddies Screen Share Via iChat onto my iMac to check out some of my IPv6 settings and port forwarding (first time with Century Link and their hardware) for some VNC. This is a buddy I trust really well. I had disappeared from my workstation (I know, first mistake) and let him carry on. Well, when I returned I saw he had remotely transfered Conan the Librarian (for those who don't know, it's a background process that has the mic on 24/7 and will have Arnold Schwartz. scream "shut up" at you till you kill the process).

With that having been said, I seek (friendly) revenge on his iMac in return.

I'm wanting to either do a Metasploit payload or SSH into his machine and do Terminal commands galore, and lock his audio and use the "Say" command (just an example). My issue: get his IP fully without asking. Not a big issue usually except he's running a few levels of OpenDNS and running though Time Warner Co. (if that matters). My question is does anyone have/recommend ways I can get his iMac's external IP address , preferably without him finding out I'm doing such?

Link to comment
Share on other sites
Mr-Protocol Grand Master

Mr-Protocol

Posted
Posted

External address wont help you much due to firewalls.

My hateful response: He has a Mac, the damage is already done lol.

It's one thing to do harmless little prank, it's another to get a backdoor.

You could buy a USB Ducky from the shop and plug it into his system to hit the backspace/delete key 10 times in a row very quickly and throw it on a timer of every 10 minutes and change the sleep time. Then when he would be in the middle of typing it would delete words at random :P.

Link to comment
Share on other sites
Bountyhunter50 Newbie

Bountyhunter50

Posted
  • Author
Posted

External address wont help you much due to firewalls.

My hateful response: He has a Mac, the damage is already done lol.

It's one thing to do harmless little prank, it's another to get a backdoor.

You could buy a USB Ducky from the shop and plug it into his system to hit the backspace/delete key 10 times in a row very quickly and throw it on a timer of every 10 minutes and change the sleep time. Then when he would be in the middle of typing it would delete words at random :P.

Don't get me wrong, I'd LOVE to use a USB Ducky on him. One other problem I forgot to mention: He lives accross the country.

Link to comment
Share on other sites
Bountyhunter50 Newbie

Bountyhunter50

Posted
  • Author
Posted

Oh nothing is better than a bash script that is set to play some crazy song at random times. Just make sure to add it in on lauchd, cause its a mac they prolly will not look there.

In a perfect world:

I'd like to spawn a VNC server on his iMac, then when I know he's at work snag the SSH credentials. And strike!

Link to comment
Share on other sites
Radau Newbie

Radau

Posted
Posted (edited)

External address wont help you much due to firewalls.

My hateful response: He has a Mac, the damage is already done lol.

It's one thing to do harmless little prank, it's another to get a backdoor.

You could buy a USB Ducky from the shop and plug it into his system to hit the backspace/delete key 10 times in a row very quickly and throw it on a timer of every 10 minutes and change the sleep time. Then when he would be in the middle of typing it would delete words at random :P.

LOL!

Don't get me wrong, I'd LOVE to use a USB Ducky on him. One other problem I forgot to mention: He lives accross the country.

You could buy one and mail it to him? haha.

Edited by Radau
Link to comment
Share on other sites
Bountyhunter50 Newbie

Bountyhunter50

Posted
  • Author
Posted

that is your physical access

Well he's not going to send it back to me, since he lives across country. Thats' the fun of this planning prank: he's quite cunning. He'd keep it for himself = I'm out $60 some odd bucks and out of a USB Ducky

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted

I know this is not allowed to be talked in here, but If you want to screw around with him, you could rat him, do all sorts of evil things to him.

Link to comment
Share on other sites
Radau Newbie

Radau

Posted
Posted

So long as he doesn't have an antivirus a R.A.T. could work, if you're going to test it locally remember to isolate the virtual network in case things somehow spin out of control. You could always try to make it FUD if you know how to. I really hope I didn't just violate the TOS there haha.

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted

So long as he doesn't have an antivirus a R.A.T. could work, if you're going to test it locally remember to isolate the virtual network in case things somehow spin out of control. You could always try to make it FUD if you know how to. I really hope I didn't just violate the TOS there haha.

There is a paid utility that you can use, to FUD it, not mentioning the name here as it is against the forum rules.

Link to comment
Share on other sites
Radau Newbie

Radau

Posted
Posted

There is a paid utility that you can use, to FUD it, not mentioning the name here as it is against the forum rules.

There are a lot of them, you don't HAVE to pay for them, but if you want one that is really FUD you do or you have to have connections to someone that creates their own. He's using a mac though, maybe he bought into the "Macs never get viruses" gimmick?

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted

There are a lot of them, you don't HAVE to pay for them, but if you want one that is really FUD you do or you have to have connections to someone that creates their own. He's using a mac though, maybe he bought into the "Macs never get viruses" gimmick?

You can get good free ones, but the paid ones I put my money on it.

Link to comment
Share on other sites
Radau Newbie

Radau

Posted
Posted

You can get good free ones, but the paid ones I put my money on it.

You usually have to catch the free ones within a few hours of them being uploaded, paid ones have worked out great for me though. Of course it wont matter if he doesn't even have any antivirus running, or it shouldn't. I wouldn't know I avoid that operating system like the plague :P

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted

You usually have to catch the free ones within a few hours of them being uploaded, paid ones have worked out great for me though. Of course it wont matter if he doesn't even have any antivirus running, or it shouldn't. I wouldn't know I avoid that operating system like the plague :P

One of my mates is a huge fan of Apple, he really bores me to death when he talks about Apple. He really is a knowledgable guy, knows a lot about Apple, how it works, it's operations and everything.

Anyway, I think the OP will have to run Vmware Fusion, to get the RAT to work, since he is on a MAC.

Link to comment
Share on other sites
Bountyhunter50 Newbie

Bountyhunter50

Posted
  • Author
Posted

Update***

So last night I did one of those .php scripts to try and snag his code, we won't click it. SO that is probably out of the question to get his IP.

Just shooting ideas here:

Is it possible through SET or something to create a background process that I can include within a .zip attachment (Include it with a legit file for him, but hide the process file) and have the script execute an "on click" or something and route back to me? or is that overthinking things? It's mostly his IP i'm after, then the rest is a playground B)

Link to comment
Share on other sites
Radau Newbie

Radau

Posted
Posted (edited)

What is a Mac? Isn't that the address given to modems and such? ;p

Haha, you just reminded me of a teacher that required us to write out media access control address instead of mac address just because they had a Macintosh... such a pain :D

Update***

So last night I did one of those .php scripts to try and snag his code, we won't click it. SO that is probably out of the question to get his IP.

Just shooting ideas here:

Is it possible through SET or something to create a background process that I can include within a .zip attachment (Include it with a legit file for him, but hide the process file) and have the script execute an "on click" or something and route back to me? or is that overthinking things? It's mostly his IP i'm after, then the rest is a playground B)

Could you maybe get him to click on a tinyurl that redirects to it? You could also try to convince him you want to play a game of Quake 3 with him and you have an extra activated copy then send a file that installs quake and something else;p

Edited by Radau
Link to comment
Share on other sites
Bountyhunter50 Newbie

Bountyhunter50

Posted
  • Author
Posted

Haha, you just reminded me of a teacher that required us to write out media access control address instead of mac address just because they had a Macintosh... such a pain :D

Could you maybe get him to click on a tinyurl that redirects to it? You could also try to convince him you want to play a game of Quake 3 with him and you have an extra activated copy then send a file that installs quake and something else;p

You sir bring up a good point! He does have his iMac set up for Windows 7 because he likes to play Goldeneye on there. Hm..

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted (edited)

Haha, you just reminded me of a teacher that required us to write out media access control address instead of mac address just because they had a Macintosh... such a pain :D

Could you maybe get him to click on a tinyurl that redirects to it? You could also try to convince him you want to play a game of Quake 3 with him and you have an extra activated copy then send a file that installs quake and something else;p

A good idea in deed, but what if he doesn't use the Windows 7 machine, for accessing his online accounts, and instead use his iMac? How is this going to work out?

Edited by Infiltrator
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...