Broadband Tech > Security > Security > LOL, too funny. Busted by ZA!

LOL, too funny. Busted by ZA!

...and you covered your footprints???? or do you need a bailbondsman.

reply to rogue_
Nope, I left a trail a blind squirrel could follow!

And why do you assume that they are even aware that their machine is compromised by e.g. a trojan.

It is not your business to play superman and you clearly overstepped your jurisdiction here. Being probed does NOT give you the right to invade another computer and collect evidence. Most likely, your ISP will kick you out because your actions are against their TOS/AUP.
[text was edited by author 2002-03-05 13:55:59]

reply to rogue_
These were folders containing various trojans. Their desktop even had shortcuts to the folders! Their machine is NOT compromised, but I'll bet mine would have been if they had gained access. Also, in addition to the servers they had the clients software.

SYNACK.... Re-read my original post carefully!
[text was edited by author 2002-03-05 14:05:16]

reply to rogue_
Listen, I'm not worried about what my ISP will do, nor am I worried about what this noob will do when he finds out that I caught him. You really think he's gonna run to his ISP to attempt to found out who I am? Remember, I recorded everything. Don't worry about it!

reply to rogue_
Well, if they had gained access, it would mean you are already running an exploitable service.
Nobody can "drop a backdoor on a machine", thy are just checking if a backdoor is already present.

Still, it is up to law enforcement to make any judgment. You overstepped your boundaries. For all practical purpose, they can now claim that YOU dropped all this stuff on their machine. See what I mean! .

If being probed would give anyone legitimate rights to rummage through anyone's computer ... you do the math. Imagine a court defense: "...but he probed me first!"

reply to rogue_
LOL, I see what you are saying and Yes, I do agree with you. I'll take my chances though! And yes, someone can "drop a back door" on a machine. Very easily in fact! And yes, I do run 2 exploitable services on my machine. But that's really not the issue. Again though, trojans are not running on his machine, he has the servers and the clients. All he has to do is to do exactly what I did when I dropped the .doc files on his system to drop a back door on someone elses machine. Look into, you'll see what I mean. Hell, all he would really need to do is bind the server.exe with a notepad .txt file, drop that on someones desktop, the second it's opened it looks like a read-me, it can even be a read-me from that persons machine. They would expect nothing more than a MS glitch!

reply to rogue_
Nah, I couldnt destroy someones computer. Besides, that dumba$$ will get caught soon enough. That is of course if his ISP takes any action!

reply to rogue_
Ok, I figured I'd do this to satisfy SYNACK's concerns of this guy saying I dropped the software on his machine. You'll like this!

I copied the all the server.exe's to my hard drive. I did not execute them of course. If the preverbial crap hits the fan I'll execute them proving that I am the victim. Also, I backed up his Trojan folders and hid them on his system. Re-named all the files too!

reply to SYNACK
Just an analysis of the situation:

A trojan infected computer will itself be used as base by outsiders, so it will definitely have all these tools and clients available over time. It does NOT mean the owner is even aware of this.

One indication is the fact that you easily obtained access via netbios. A typical cracker will NOT use his home PC for probing AND will secure his home computer against any intrusion. This is just common sense. They KNOW what's out there!

An open netbios share of the full C drive indicates a totally clueless owner (e.g. infected by QAZ) and certainly NOT a home base of a cracker.

I am just saying that you don't have the qualifications and full information to pass any judgment on this situation.

Their ISP must be notified so the situation can be corrected. It is a very dangerous idea to assume that any probe will give the right to intrude another computer. Such a stance will only contribute to the problem we already have.

reply to rogue_
Be careful TM, public forum and training is better in private.

reply to rogue_
Yes, I did notify the ISP. But you must understand that his desktop contained shortcuts to the Trojan folders, it was in plain view. The user of that machine is definetly aware of what is on their computer. Also, I do not understand why the client would be on the same machine in those folders! If I had to guess as to why I was able to gain access to that machine I would suspect he had it open for a reason. File transfers etc! This is why I also suggested he/she is a noob! Trust me, I 99% sure I have this person pegged correctly. Folders like cracks, warez, and the like were all over the system.

reply to rogue_

said by RogueWaveSR:

---

Well, I downloaded their USER.DAT file which contained email addresses, home address, phone number, their name, you name it. I checked the phone number and the message on the machine checks out with the registered name. You have reached the blah, blah, family etc. So I decided that I would write a nice little .doc file and drop that in their start up folder explaining exactly what they are doing and that they were caught.

---

reply to rogue_
Yes, I did steal that data. I do admit to my wrong doings but I feel personally that it was justified in this case. Also, it should be known that in no way did I attempt to cause havoc on that machine.

reply to rogue_

Living on the Edge.

said by RogueWaveSR:

---

Yes, I did notify the ISP. But you must understand that his desktop contained shortcuts to the Trojan folders, it was in plain view. The user of that machine is definetly aware of what is on their computer. Also, I do not understand why the client would be on the same machine in those folders! If I had to guess as to why I was able to gain access to that machine I would suspect he had it open for a reason. File transfers etc! This is why I also suggested he/she is a noob! Trust me, I 99% sure I have this person pegged correctly. Folders like cracks, warez, and the like were all over the system.

---

reply to rogue_

Re: LOL, too funny. Busted by ZA!

reply to rogue_

said by RogueWaveSR:

---

Nah, I couldnt destroy someones computer. Besides, that dumba$$ will get caught soon enough. That is of course if his ISP takes any action!

---

said by Lurkers inc:

---

if he did not want you to access his files he would not have shared them

---