new post: fucking around with scammers
This commit is contained in:
parent
d951c9cac1
commit
e18668bc1e
|
@ -3,24 +3,19 @@ title: "About me"
|
|||
date: 2024-04-28
|
||||
edited: 2024-07-15
|
||||
draft: false
|
||||
menu:
|
||||
main:
|
||||
weight: 2
|
||||
params:
|
||||
icon: user
|
||||
---
|
||||
|
||||
# About me
|
||||
|
||||
Hi there. I see you somehow stumbled across my site.
|
||||
My name is 4o1x5 or Máté I am a "CS" student from Hungary. I mostly specialize in backend development but also do frontend on rare occasions. I am a privacy and libre/open-source advocate. I am an avid linux ~~abuser~~ user with a passion towards [Nixos](https://nixos.org).
|
||||
I know a lot about rust, javascript and some protocols like HTTP and i2p. I have my own hardware that I run my own projects, instances on. (_homelab_)
|
||||
I try to spend my time on anything that benefits me over time and builds character. Meaning I read books, learn by reinforcement learning and build knowledge by real life examples. I speak two languages, Hungarian and English. I was also learning french a year ago but that got left behind.
|
||||
|
||||
## Career, life, etc
|
||||
I'm fond of many music genres, and I might be the best example of that guy that _listens to anything_. Ranging from [uptempo hardcore](https://soundcloud.com/xn88ax/dsordr-btcrushd-iii-l9), [experimental bass](https://soundcloud.com/onetruegod/one-true-god-heaven), [classical/dubstep](https://www.youtube.com/watch?v=5BzgNBn786o), [noise](https://fine-sir-1584660650.bandcamp.com/track/real-music) [electronic](https://www.youtube.com/watch?v=NLi2v-Gq-5A), [breakcore](https://www.youtube.com/watch?v=btefjNXeaYg), [rock](https://youtu.be/DZyYapMZSec?si=qR5b56Y97YSoFtft&t=240), [industrial metal](https://www.youtube.com/watch?v=z0wK6s-6cbo), [electronic rock](https://youtu.be/yVsr9U50f8c?si=XuQscjSd74dOWhqV&t=48) [phonk](https://soundcloud.com/prodberto/mid-day-midnight-remix), brazilian phonk, [r&b](https://www.youtube.com/watch?v=u9n7Cw-4_HQ), [hip hop](https://www.youtube.com/watch?v=tnVAEAo7nvA) [electro house](https://soundcloud.com/geoxor/dead), [french drill](https://www.youtube.com/watch?v=cojoYPRcIJA), [uk drill](https://www.youtube.com/watch?v=-qO2ED-l1xw), [jazz rap](https://www.youtube.com/watch?v=J87pJrxvJ5E), [electronic](https://youtu.be/KTOgfHb8dZk?si=cExGLo-OhMV-d6Le&t=41), [hungarian](https://www.youtube.com/watch?v=WMaW8y3-af8), [pop](https://youtu.be/ceLyMb0MGLE?si=2R3mlg7qIXhflOax&t=269), [hardstyle](https://www.youtube.com/watch?v=ReI1IKl554k), [pop-rap](https://www.youtube.com/watch?v=m4_9TFeMfJE), [synthwave](https://www.youtube.com/watch?v=uVtgQX4Y11s), [darksynth](https://youtu.be/oe1wA1hAdd0?si=CJQ6OuGdboL45pFO&t=71) (absolute banger to this day).
|
||||
|
||||
My life is not that complicated, I just sit in-front of a computer 5-10 hours a day and make it do what I want. I am an avid linux user and I strongly advocate on Nixos. Also speaking of advocating, I am a FOSS and privacy advocate too.
|
||||
I mostly spend my days developing, some fun projects and also major ones. As of right now I am working on MediaRose, an all rust based media server that uses algorithms and jobs/scheduling to automatically generate short-form media from various platforms like Twitch. I plan on starting a company out of it and in the meanwhile share some tutorials about the technologies I'm building it upon.
|
||||
I also know a lot more languages but not as well as rust. My other top language is probably JS/TS and in that scope Vue, but I am also learning React. I also wrote some python, c#, and java.
|
||||
|
||||
I have a lot of experience in anything technology related but I am a _Jack of all trades, master of none_ type of guy. I have a lot of onboard knowledge but I don't really specialize in one field as I hate it.
|
||||
^^ click the links to get redirected to my fav in that genre
|
||||
I most likely have a favorite in every genre. It's one of my superpowers as I have always found a way to connect with people using music.
|
||||
|
||||
## Wanna chat?
|
||||
|
||||
|
|
Binary file not shown.
Before Width: | Height: | Size: 179 KiB |
|
@ -1,6 +1,8 @@
|
|||
---
|
||||
title: Frontends
|
||||
comments: false
|
||||
title: "Privacy respecting frontends"
|
||||
slug: privacy-frontends
|
||||
date: 2024-04-28
|
||||
edited: 2024-07-15
|
||||
draft: false
|
||||
---
|
||||
|
||||
|
|
97
content/post/i-love-fucking-around-with-scammers/index.md
Normal file
97
content/post/i-love-fucking-around-with-scammers/index.md
Normal file
|
@ -0,0 +1,97 @@
|
|||
---
|
||||
title: I love fucking around with scammers
|
||||
description: The skies bless me with a scam message every 6 months or so, and I always tend to mess with the people who's behind them
|
||||
date: 2024-08-08 00:00:00+0000
|
||||
categories:
|
||||
- Blog
|
||||
|
||||
tags:
|
||||
- Fuck around and find out
|
||||
- Scammers
|
||||
draft: false
|
||||
---
|
||||
|
||||
A year ago I got a scam SMS from supposedly the Hungarian Law enforcement saying that I have some payments due and If I don't pay it in time, it will result in legal consequences.
|
||||
Obviously someone with common senses and a bit of knowledge about the internet as a whole will know that this is likely a scam.
|
||||
I could have ignored this and went on by my day but then I remembered that my parents always keep asking if what they have received on facebook is a scam or not... Now thankfully my parents have me, therefore they can verify with me if what the person behind those messages is promising really will really happen. But most people are foolish enough to fall into these kinds of traps. Elderly people, those who don't quite understand the shadiness of these and people in the autism spectrum (like my close relatives). And therefore I have decided to flood their servers with fake data.
|
||||
|
||||
### Building my first spamming script
|
||||
|
||||
First I have conducted a basic research. I went to my PC and opened up the developer console in Firefox and entered some fake data into the input fields. Then I analyzed all the requests the website was sending to the server and from that point I got a clue of how to build a basic script that could send millions of fake records.
|
||||
Talking about fake. I was smart and decided not to spam random data into every field. Instead I choose to fuck with them even more by sending real looking data. This way they have a much harder time deciding what data is real and what is not.
|
||||
Since the target audience of these assholes were Hungarians I went and got a h u g e list of first and last names and used those databases to generate real looking names. I also used some python libraries to generate all kinds of credit cards. Visa, mastercard you name it. And after about an hour I got a fully working script that could send thousands of record a second to their database.
|
||||
|
||||
#### Running the script
|
||||
|
||||
I knew I would get blocked really fast. And I was right, after about 2 000 requests I got IP blocked.
|
||||
Funny because I wasn't having enough fun yet. I decided to call up a few of my friends and got them to download my script and run it in the background. I also decided to set it up on my VPS and after all that I was spamming them from about 12 IP addresses.
|
||||
Long story short, after 2 weeks of basically ddos-ing them they took their website down. I win.
|
||||
|
||||
### A more sophisticated attack
|
||||
|
||||
Today I've seen a mutual on a social media platform post a screenshot of them receiving a scam SMS from the hungarian police. Shiver my timbers I must pay them my whole life savings so they don't come and arrest me! Anyways... I have decided to look into that scam as well and have found my self in a bittersweet position. These attackers were using some payment processor behind their servers that would automatically charge the victim a certain amount of money upon entering their credit card details. Now how do I know that you might ask? I don't, It's my best guess.
|
||||
Now the evidence leading up to that comes like this:
|
||||
I conducted research as in the first example, and seen that the frontend javascript code was sending requests to telegram. Those requests were the second part of their scam. First you entered your card details, and then they would most likely enter that data into a payment processor that would require some two step authentication to approve the payment.
|
||||
Also, What the fuck. These idiots really just put their bot's whole api token into their javascript code and sent `editMessage` commands to their telegram channel. Truly premature system design. But I mean these scammers are the lowest hanging fruits after all, they don't even try. They could have just implemented that code into their backend and I would have had a harder time destroying their legacy.
|
||||
I copied the whole telegram URL that contained their api key and opened up [Insomnia](https://insomnia.rest/) _another awesome open-source project ruined by corpos_ and snooped around. I saw that they only had one channel where the frontend would send the verification code to. They even had fancy buttons added like an ❌ and a ✅ to confirm whether the code was working or not.
|
||||
|
||||
```json
|
||||
[
|
||||
{
|
||||
"text": "✔ Code valide",
|
||||
"callback_data": "yes_tnDmzUe"
|
||||
}
|
||||
],
|
||||
[
|
||||
{
|
||||
"text": "❌ Code invalide",
|
||||
"callback_data": "refait_tnDmzUe"
|
||||
}
|
||||
],
|
||||
[
|
||||
{
|
||||
"text": "Code pin",
|
||||
"callback_data": "codepin_tnDmzUe"
|
||||
}
|
||||
],
|
||||
[
|
||||
{
|
||||
"text": "Log bank OTP",
|
||||
"callback_data": "lb_otp_tnDmzUe"
|
||||
}
|
||||
],
|
||||
[
|
||||
{
|
||||
"text": "Banque non pris en charge",
|
||||
"callback_data": "npc_tnDmzUe"
|
||||
}
|
||||
]
|
||||
```
|
||||
|
||||
After this I started writing my code.
|
||||
|
||||
#### The program
|
||||
|
||||
Now this was more complicated, since I would have two factors to align next to each other to convince those idiots that they were really getting people to give away their information.
|
||||
I wrote a basic rust program that would spawn 1200 threads each with timers at random x seconds that would send random card details to their backend, wait a little bit and then send a dummy text to their telegram channel so they would think they are receiving confirmation of actual codes coming thru.
|
||||
This is how that message looked like:
|
||||
|
||||
```
|
||||
[📦] Code ApplePay [📦]\n\n🔐 Code VBV : 123456 \n🕐 Secondes : 150 <b><u>(Actualiser toute les 10s)</u></b>\n\n🛒 Adresse IP : 192.168.1.1
|
||||
|
||||
```
|
||||
|
||||
![image.png](logs.png)
|
||||
|
||||
Now after all that I would let it run for a few hours and I sometimes tried to snoop into their channels with the bot but telegram is so shit they don't allow bot's to view chat history. You can only do that with an api request that pulls the NEWEST data off the channel and then the client would store it. _another reason why matrix is better_.
|
||||
A few hours passed. I was getting bored so I decided to send them some surprising messages. I won't disclose what I've said but lets say it was more than vulgar. I was having a bit of fun. After 4-5 messages they deleted their channel. And soon after that their website got placed into a placeholder login page.... But it was not over...
|
||||
|
||||
I made some errors while spawning threads and it resulted in not sending any requests. So all I basically did was make them panic and delete their channel. The next day, I got up and seen that my IP address has changed, _thanks ISP_ and went on the site once more to see if they have done anything. And those fuckers actually did something. They removed the part where they would send the verification codes on the frontend and implemented it into their backend. Now I sat down once more and make some touchups on my code and It started working. After about 5 minutes or so I got IP blocked once again, so I called up a few of my friends.
|
||||
Since all my friends use windows I had to compile my code to an `exe` so they could have a chance running it.
|
||||
Eventually I got a few of them to run it but not as much as the first time. In about 1-3 minutes they would get blocked or get an 404 error. These scammers were active and blocked anyone that would start spamming. In times like this I wish I had a botnet. I lost. But I managed to at least send them a few hundred records.
|
||||
|
||||
#### Lessons
|
||||
|
||||
I won't say I'm a genius, anyone with a basic knowledge of HTTP, API's and a bit of programming could do all this magic. What I'm trying to say is that these people really think they could get away with all this. And they really do sometimes. They are probably smart enough to buy their servers with some untraceable cryptocurrency and then deploy their skimming services with fake names. There isn't really a way to stop them. But there is a way to mitigate their impact by sending them a lot of fake data :)
|
||||
|
||||
![](sms.png)
|
BIN
content/post/i-love-fucking-around-with-scammers/logs.png
Normal file
BIN
content/post/i-love-fucking-around-with-scammers/logs.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 183 KiB |
BIN
content/post/i-love-fucking-around-with-scammers/sms.png
Normal file
BIN
content/post/i-love-fucking-around-with-scammers/sms.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 116 KiB |
11
hugo.toml
11
hugo.toml
|
@ -35,5 +35,16 @@ name = "Home"
|
|||
url = "/"
|
||||
weight = 1
|
||||
|
||||
[[menu.main]]
|
||||
name = "About me"
|
||||
url = "/page/about-me"
|
||||
weight = 2
|
||||
|
||||
[[menu.main]]
|
||||
name = "Frontends"
|
||||
url = "/page/privacy-frontends"
|
||||
weight = 3
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -1,10 +0,0 @@
|
|||
{{ define "main" }}
|
||||
<div class="not-found-card">
|
||||
<p>404</p>
|
||||
|
||||
<h1 class="article-title">{{ T "notFound.title" }}</h1>
|
||||
<h2 class="article-subtitle">{{ T "notFound.subtitle" }}</h2>
|
||||
</div>
|
||||
|
||||
{{ partialCached "footer/footer" . }}
|
||||
{{ end }}
|
|
@ -1,20 +0,0 @@
|
|||
{{- $ThemeVersion := "3.25.0" -}}
|
||||
<footer class="site-footer">
|
||||
<section class="copyright">
|
||||
©
|
||||
{{ if and (.Site.Params.footer.since) (ne .Site.Params.footer.since (int (now.Format "2006"))) }}
|
||||
{{ .Site.Params.footer.since }} -
|
||||
{{ end }}
|
||||
{{ now.Format "2006" }} {{ default .Site.Title .Site.Copyright }}
|
||||
</section>
|
||||
|
||||
<section class="powerby">
|
||||
{{- $Generator := `<a href="https://gohugo.io/" target="_blank" rel="noopener">Hugo</a>` -}}
|
||||
{{- $Theme := printf `<b><a href="https://github.com/CaiJimmy/hugo-theme-stack" target="_blank" rel="noopener" data-version="%s">Stack</a></b>` $ThemeVersion -}}
|
||||
{{- $DesignedBy := `<a href="https://jimmycai.com" target="_blank" rel="noopener">Jimmy</a>` -}}
|
||||
|
||||
{{ T "footer.builtWith" (dict "Generator" $Generator) | safeHTML }} <br />
|
||||
{{ T "footer.designedBy" (dict "Theme" $Theme "DesignedBy" $DesignedBy) | safeHTML }}
|
||||
</section>
|
||||
</footer>
|
||||
|
|
@ -1 +0,0 @@
|
|||
Subproject commit efc24bc5e95f0ccb88051e1a7d95e8a1404e953e
|
|
@ -1 +0,0 @@
|
|||
Subproject commit 22524617427ae7aecda3eb226a254642f54ae13c
|
|
@ -1 +0,0 @@
|
|||
Subproject commit fddab053628070668cd9c9eb0b96d9a6246fcc71
|
|
@ -1 +0,0 @@
|
|||
Subproject commit 9890a0499034f31c7f84a85ed38d05ae14b42b7f
|
Loading…
Reference in a new issue