]
12-02-2010, 09:28 PM
Whaling
Hello Hack Community, time for another helpful tutorial. To define Whaling in laymans terms, say someone has set up an uncrypted stealer and you stumble across him spreading on Youtube. You can get the Email or the FTP that the accounts infos are being sent to. IN MASS. Basically, you are stealing someone elses thefts. It is hard to get them all the time, infact you will go through a decent amount of times before finally succeeding, but when you succeed, it is great.
So... how do we recover the info to log into there FTP or Email? This will only work if the bot is not crypted. If crypted, the source is a hot mess, it can still be done, but you don't have a clue at what encryption it is and will be taking throws in the dark at it, which is way to much effort for potentially no reward whatsoever. Now that this out of the way, how do we actually get them Proph3t? Well we can use a couple of different programs, BinText and Hex Workshop. Now for my old school XR and BioZombie users out there, you probably have Hex Editor installed, but if you are interested in doing things a different way, go to my Hack-Pack thread
[To see links please register here]
and download the entire pack. Inside is BinText. If you don't trust me, a quick Google search will reveal what you need.Here is the site for Hex Workshop:
[To see links please register here]
Now we are gonna take care of you Hex Editors out there... You are going to open the infected file that you believe is connected to a stealer inside of it. Now hit Ctrl+F to use the find feature of the program. Hit all instances and search text string, going down if you are at the top. For the text string, you can search multiple terms for e-mail. I.E. smtp, gmail, yahoo, aim, aol, google, hotmail, live, and many other popular email sites. Or search for FTP as well.
Using BinText, just scroll down to the bottom and go up a few lines of code. 95% of the time the info will be on the bottom since sending the information is the last thing that the program does.
I made a good point that I never thought about, you can practice on your own things and get the hang of it before going after others.
Tips: If going on Youtube and looking for obviously infected files, i.e. MS Point Generators, go for the ones with only a few hundred views if even. Those with like 25000 views will have probably been targeted by another hacker with the same goals in mind. But on that respect, the original owner may have changed the Download. So it is up too you. You will not always find a email or FTP, and if the virus is still being detected, GET RID OF IT! It is probably a bot or something nasty. If searching on Google, try and create some good dorks to really narrow down the search time. Instead of searching for Microsoft Point Generator, search for MS Point Generator -Youtube.com or something. Be smart, Google is a tool for hackers, a VERY underestimated tool. Also note, if you do find one and try to sign in multiple times and fail, note that it may have already been stolen before. So be smart. The ultimate rule of survival is not to expend more energy than you recieve, so to say don't give more than you recieve. Sure you will recieve good things, but you will only find that ocassional nugget. Good luck!