Sunday, July 15, 2012

Whaling - Lets catch a bigger phish today - A way to hack the hackers.

Being long away from this blog for about 4 years, I stumbled across my own creation recently. I was thrilled the kind of response the posts written a leap ago was receiving. So, I'll try to continue where I stopped, though I understand the world moved ahead and way ahead. Still, we'll catch up soon though. So, one of the post that got most hits and is listing at top for Google search speaks about the ways of hacking. I've explained various hacking techniques in that post but not a detailed and elaborated mechanism that makes it a possibility.

One of the way that's new and very exciting is Whaling, as the title suggest. Whaling refers to catching a bigger fish (Phish, in our case). The hacker community is little torn on the exact definition. Some like to refer to it as a way to snoop and hack a celebrity account, they referred as a bigger fish in the scenario.

I belong to the second category, who for some reason is very self involved and highly self complacent in the way that we go after the people who are hoarders in hacking community. They are generally newbies, excited and trying to spread there hacks all over the web and are very easy targets. They write some program and let it lose over the web for more people to fall for the trap. They are able to gain a lot of account information, they are like a noob with a machine gun looking for maximum casualty and do not worry about the impact.

So, here whaling is the trap for this people with lot of accounts under them. As I said they are easy to locate, just go to filestube and search "gmail hacker" a very common search that gets a lot of results. I will take the first hit and will go ahead and download the file.



It turns out to be a mediafire link and is downloaded easily.

Next step is to download a hex editor to decipher this file. Any hex editor is fine for the purpose the one I prefer is Bintext, its a free and a very tiny software and does just what is intended.

Lets, fire up Bintext and start the process. You will find something like the image below.



Now, lets check the file we downloaded. Beware before opening that file and use Sandbox for that, if you are uncomfortable.


So, as it turns out this guy is tricking me to give away my Email Id and Password and tattoo "Dumbass" on my forehead. Well, if you're falling for this then that's the next logical step for you, so quit reading further and go ahead get the tattoo done, you earned it.

Since, you are still reading, lets hope you didn't get caught in the net and now lets try and see how many actually got trapped.

Lets drop this file in the Bintext we already fired up before.


You find find some weird string patterns, don't worry about that. Look for the box at the bottom-right and type ".com" in the box and hit find.


So, after the search you will find the string as below


@!1234567890!@whitehatvrer@gmail.com@!1234567890!@mhheaven

This is the gmail account where all the guys who have a "Dumbass" tattoo backup their password. So, go use the password at the last and that's it. 

Now, the password may be on the next line from user id, but it will be very close to the id. So, now its up to you. Wanna have fun with the guy change the password and keep it all for yourself or go ahead and just be a bystander and see how many people are getting netted, since the moment you will change the password, the mailbox will stop receiving mails from the application. 

Anyway, go tryout, have fun and do check out the other posts. 

Featured Followers