Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 29

Thread: Catch the thief

  1. #11
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    4

    Default

    Quote Originally Posted by streaker69 View Post
    ...and exactly what do you think you're gonna do when you actually find out who he is? You're on a pointless mission, you may as well just nuke him from orbit, it's the only way to be sure.
    Well i'll tell you what i would do. If he is from my country or better my city i'll kick his ass. If he is from other country, then there is nothing left to do but ban the IP as soon as he find's out.

  2. #12
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    16

    Default

    Quote Originally Posted by streaker69 View Post
    ...and exactly what do you think you're gonna do when you actually find out who he is? You're on a pointless mission, you may as well just nuke him from orbit, it's the only way to be sure.
    I think you may have watched Aliens a few too many times.......

  3. #13
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by BigRed View Post
    I think you may have watched Aliens a few too many times.......
    If 133 times in one year is too many, then may be.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  4. #14
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by xCPPx View Post
    I have a scenario to solve. A slight problem, if you would...

    Suppose you host a linux server with an apache webserver on it. The main website is a small forum where certain people come to discuss things. Now there is this guy that keeps coming back (also registers new accouns after being banned) and spams the forum over and over again. You have the apache the logs, but he is using an anonymizer to hide his real IP address or perhaps he connects to someone else's wireless and does it from there. Let's say you suspect that the person in question is in fact one of your internet "friends" or someone you know.

    Any ideas on how to catch the criminal and proove he was involved?
    About the only real way to "catch" him would be to go to into EVERY router he has accessed wireless-ly and see if his cards MAC address is in the log files. But then again, if he was smart when he did this, then he cloned or faked his MAC address with macchanger or another MAC changing soft. The IPs in the router logs probably won't matter, all they'll show is an local IP somewhere within in the range of the gateway the guy was on.

    In a word, unless he changed his MAC addy,...theres not much you can have to go on to "prove" it was him. And its not illegal to ban evade..lol. I'm sure we have many here on our forums who have ban evaded successfully. Its just a pain in the ass to you to have to deal with this guy. Eventually, he'll bore with this little game and move on...and probably only "occasionally" jack with you.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  5. #15
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by -=Xploitz=- View Post
    About the only real way to "cath" him would be to ............
    .............
    ........
    ....
    ..
    .
    Holy flaming barrels of jesus juice, bat-girl!!!! He's ALIVE!!!!!!



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

  6. #16
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by ShadowKill View Post
    Holy flaming barrels of jesus juice, bat-girl!!!! He's ALIVE!!!!!!
    lol....

    Hi ya ShadowKill. Yes, I'm still alive and kicking. Just been going through some pretty rough times lately. Just wanted to pop in and say my little piece to help this guy out.

    Everyone doing well???
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  7. #17
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by -=Xploitz=- View Post
    lol....

    Hi ya ShadowKill. Yes, I'm still alive and kicking. Just been going through some pretty rough times lately. Just wanted to pop in and say my little piece to help this guy out.

    Everyone doing well???

    I hear ya brother. You, me and a whole lot of other people as well. I'm just glad to see you're still around. We've missed ya.

    If there's anything at all I can do to help, please please please don't hesitate to let me know. I'm working on some pretty big things right now and if you have any spare time, trust me I know it's hard to find any nowadays, shoot me a message and I'll fill you in.



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

  8. #18
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by ShadowKill View Post
    I hear ya brother. You, me and a whole lot of other people as well. I'm just glad to see you're still around. We've missed ya.

    If there's anything at all I can do to help, please please please don't hesitate to let me know. I'm working on some pretty big things right now and if you have any spare time, trust me I know it's hard to find any nowadays, shoot me a message and I'll fill you in.
    I appreciate the sentiment ShadowKill. And I shall remember what you have said. Thanks.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  9. #19
    Senior Member Shatter's Avatar
    Join Date
    Jan 2010
    Posts
    192

    Default

    Quote Originally Posted by streaker69 View Post
    ...and exactly what do you think you're gonna do when you actually find out who he is? You're on a pointless mission, you may as well just nuke him from orbit, it's the only way to be sure.
    Maybe I will.

    To be honest, I'd just like to know who he is and I'm betting 90% it's some script kiddie or a hacker wannabe. There is no assurance that the flash trick is going to work, but it's worth a try IMO. Maybe there's an alternate way to do it with javascript to bypass a client-side anonymizer tho most of these methods can be easily rendered useless by installing a plugin such as NoScript on your Firefox.

    Also, I'm adding the anonymizer IP's to the banlist.

    EDIT: Is there a good and recent IP banist for the popular proxies and anonymizers?
    I have the card in me head, but you have the memory problems?

  10. #20
    Member
    Join Date
    Sep 2008
    Posts
    146

    Default

    Does he simply spam? Or does he actually respond to posts? If he has a grudge against you and you can get him to talk you could most likely social engineer a good bit of information out of him. Remember to use metadata, and mask your intentions ie.

    Get him to brag about his hardware, chances are he is going to want to show you how big his "epeen" is, and reveal what kind of box he is using.

    Get him to post a picture on an image hosting site or something and compare the ip address, he may slip up when not specifically trying to spam you.

    Compare syntax, if you have a feeling that you know this person in a Jekyl/Hyde kinda way you may have all the proof you need. People tend to use similer sets of phrases or punctuate in ways that are discernible from others. Or use slang or colloquialisms specific to certain regions.

    (My personal favorite) Create an account and help him spam your board a few times. Do something really "cool" like defacing the site that will impress him (easy since you are a mod) tell him that the mod pissed you off just like him and basically become his buddy long enough to give himself away. If you can get his icq/aim/email its game over, especially if you get him to do a direct connect file transfer.

    I know its cliche, but sometimes you need to think outside the box, its amazing what you can talk people into revealing about themselves if you can do a little play-acting. I always have worked on the basis that no system is uncrackable and no person untraceable it all just depends on how much effort you are willing to put into it.

    As for what you can do when you find him, once you have an ip its only a skip away from a phone number. Call the bastard up and tell him his own name, address, next of kin, social security number, then hang up. If he is using an anonymiser he will probably be scared ****less. Or if he is 12 and living with his parents (as i suspect) just tell his mommy that the next phone call you make is to the feds, see how quick he gets his puter taken away.
    Morpheus: "You take the blue pill - the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill - you stay in Wonderland and I show you how deep the rabbit-hole goes."

    Neo: "What if I take both?"

    Morpheus: "Don't do that! You end up like Nick Nolte!"

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •