Welcome to Dizzie Forums, a new and growing community of tech enthusiast, ethical hackers, programmers, developers, scambaiters, and anyone looking to learn or chat. You can talk about anything you want here regardless if it is every day questions, creating scripts, taking down the thousands of scammers, hacking anything, or even helping to expose some of the worst scum on the planet.

How would i best go around ratting a scammer?  


ToxikDnB
Posts: 1
(@toxikdnb)
Recruit
Joined: 1 month ago

Hey guys

Im in the middle of several email scambaits, and want to rat one of the scammers to get their info and Docs. However, i dont know how it would be best to go about it. I know theres a page on Dizzie to show how to rat, and i think im going to use my Nanocore or Comet to rat them, but what would be a good way to get them to run the program. Theyre obviously stupid because ive got them, and apparently several of their friends over whatsapp, to run a phishing link from grabify, but i want to go further and actually access their computer, hopefully destroying them once ive retrieved as many doccuments as i can.

Also, what would be better? Comet, quaser or Nanocore?

Thanks. 

Topic Tags
1 Reply
Chase
Posts: 31
Admin
(@chase)
Tool
Joined: 9 months ago

There are plenty methods. I would recommend gaining access with your ratting tool of choice. I'm old school and still use Comet or nj but you can use Nanocore too. Getting them to run the program is always the hardest part. I highly recommend Comet because it can generate a fake executable that you can mask with whatever icon you choose. You can also edit the program details so it appears to be legit.

When they ask for payment, tell them your bank here is incredibly secure and picky and you have to use an app to pay for things like this. Tell them you need them to download the app to so you can transfer. It's actually a common practice by some banking institutions to do this.

Use a payment icon like Paypal or something. Local companies are better since no one in India or wherever has probably heard of them.

 

So,

Step 1: Set up Virtual machine for them to access

Step 2: Download a RAT for the machine

Step 3: Use Comet or some other method to create a fake executable out of the real RAT. 

Step 4: Give the scammers access to your machine. Or you can always try sending it to them through some fake email, etc if you can't set up VM.

Step 5: Take control of the their machine/network and do as much damage as possible.

Bonus: If you can, don't let them know you've just put a RAT on their machine immediately. If you can, also download a remote keylogger and once gaining access to their machine, place the keylogger on it and use it to track all of their keystrokes. Try to get them to login to some bank account they have for verification they are legit. Tell them you totally want to pay them, just want to make sure they're not scammers *wink *wink. Often times they will believe you because they are idiots.

If you are lucky enough, you will then get the password and user to their bank accounts. Login, change the password and emails. Report the account, give the money back to the victims; or transfer all the funds to your own wallet and have a nice vacation.

Think of it like going fishing..

Reply
Share:

Elevated access only