+++>===] Written by Nemesystm, leader of the DHC [===<+++

++++>==]   Visit us at zap.to/dhc. You want 2.   [==<++++



Subject: ICQ Social Engineering

Description: Getting the trojan to the victim.

When it's usable: if you and your target have ICQ.

What the nice possibility is: Make your friends CD-Rom open.

What the evil possibility is: Get all the passwords, nuke the harddrive and run.



NOTE: this has been written in an very detailed manner, so if you don't get it, then you might not be as smart as you think you are.



If you're nice, and don't like it when you fool people, don't try this. You'll get guilt feelings. Really it does. You mess with people's minds and all. If you can take it, go ahead. But if you can sleep afterwards...



The random chat method.

First we want to make a new ICQ number. We want this because if we get into trouble, we can still use our own ICQ number. With trouble I mean. Bombed by a not so victim like victim. etc. (Read my text about ICQ Protection for more, available at zap.to/dhc in the home brew section.)



We want our info to be that we like music, and pets and all that kind of mushy stuff. Then we search for a random chatter. Look for a girl, age 13/15 or a guy 40+. We want these age categories because they're usually not to bright with computers, but because they're not, it means someone else around them does, and he/she might have interesting stuff. We don't want anybody that doesn't give any info in the info box, and we don't want anybody with a nick that is either in screwy letters and numbers like: 00M6r1g3R. We don't want anybody that has a nick that means violence or acts of sex. One because if they know something about computers, you're in trouble, two because they'll be talking about subjects that are really hard to change to something that lets you give them a file.



We need to get some trojaned files ready. We will want some loose trojans. Preferably your own programmed ones! Don't be a lamer, learn how to program. Also bind some trojans together with funny programs. Sheep that walk over the screen etc. Look around. To bind multiple files, download Teflon Oil Patch v4. You can find it in the software section at zap.to/dhc.



Now start clicking for a random chatter. This will take LONG it's really hard to find a good victim, but if you did it right this is going to help you very much in the end.

Say you've found a good victim. Uhmm. Her nick: Heavenly. Likes: Backstreet Boys, computer games, talking. Age: 13.



This is a decent victim, a good conversation would be: (notes behind the /)

=====

Hi, how are you today?	/Always be nice!

I'm fine thank you. U?  /Respond to this in a happy way, and don't jump to the file thing 			/now.

I feel great.           /Like this

Why's that?		/By being in a above normal mood, you made him/her curious why

Well, I'm a fan of the Backstreet Boys, and I found this really cool file that shows them dancing.		/Always talk about one of the subjects you saw in the info, because 			/they don't write it down if they don't like it.

Really? Sounds cool. What happens?	/Take your time

Ok, the Backstreet Boys dance on "I want it that way", they dance some new dance. It's really cool. If you want me to, I could send it to you.   /It has to be positive, you don't 	                /want a stupid file would you? 

Sure.                   /Yippie! If she/he says no because his/her parents don't let her, 			/get out of there right away, she'll never take your file. Say you 	                /have to eat, or that a friend came over.

			/Get the file from a nice directory like: C:\BSB\dance.exe, not:

			/C:\temp\trojan\fool.exe

Here it is. Hope you like it.

Hey! it doesn't work!   /Ok. you've got a couple of choices. If it doesn't do anything, tell 			/her it doesn't work then. If it gives an error tell her that some 			/computers do that, if it doesn't give them BSB dancing, but some 			/other fluffy thing, tell her that you made a mistake and that you 			/must've deleted the Backstreet Boys.

			/Keep talking about some subject to her. In the meantime log on. In 			/case you don't know how to get someone's IP, here is how below.





How to get someone's IP.



First is the "Elite Haxor" way. Then the "Elite Lamer" way.



The "Elite Haxor" way of getting an IP.

fire up an MS-DOS Prompt. type in: Netstat -a

You'll get something like:



proto local adress      external adress          status



TCP myhost:1028 	somesite.com:80              ESTABLISHED

TCP myhost:1029         somesite2.com:80             ESTABLISHED

TCP myhost:1031                                      LISTENING

TCP myhost:1032	        e62.zeelandnet.nl:37012      ESTABLISHED

TCP myhost:1045         ppp184.bellglobal.com:25012  LISTENING

TCP myhost:24522        t13.worldaccess.cn:1034      ESTABLISHED

TCP myhost:139                                       LISTENING



Ok. That's a whole load of stuff. first line number one.

TCP myhost:1028 	somesite.com:80              ESTABLISHED



TCP means the protocol that is being used. This is unimportant for us.

myhost is usually a name. If you use a dial-up, it could be your login name. That's also why it's good to learn IP spoofing.

1028 means the port that is open on your side. In case you don't know, ports are like portals on a computer. Every portal gets a number. Some portals are set, like port 80 means internetsite, some aren't like 1028. It's a random port that gets opened when needed. Some sites on the internet have interesting portals, like SMTP (E-mail sending), POP3 (E-mail retrieval).



somesite.com means the site you are connected with. That somesite.com could just as wel be cnn.com it could be there because your browser is on that site, or was there.

80 means that the connection with you is open on their site on port 80. Since we know 80 means internetsite, we know that isn't our target.



Line number 2 is basically the same as line 1, but the port on our side is different. (because every different source of info goes through a different port.)



Line number 3 is somewhat different. 

TCP myhost:1031                                      LISTENING

We have a port open, it's listening for a connection (LISTENING), and nobody has contacted it. Humpff. Now usually this is the moment that alarm bells would go running like mad, but because it's between 1024 and 2048, we'll let is slip by seeing as this my friend is your connection to your Internet Provider. This will not show on every computer. (why is beyond me) Anyways, since we know our Internet Provider isn't the URL sender, we'll skip that.



Line number 4 is different too.

TCP myhost:1032	        e62.zeelandnet.nl:37012      ESTABLISHED

We see that we're connected to some strange adress. Now we have to be a bit careful. Looking at the number (e62) and then the zeelandnet.nl thing we know this is a dialup user with zeelandnet.nl. Have you been talking over ICQ to anyone? It could very well be them. So ask yourself. That friend, do you know his ISP? No, well then, ask him. else, do you know what country he lives in? If it's some weird country (Holland for example. :-), then you know that this is your friend.



Line number 5 is strange.

TCP myhost:1045         ppp184.bellglobal.com:25012  LISTENING

Now, we go through the same question as line 4. Do you know anyone with that ISP, are you talking/were you talking to someone that could be on there? Yes? Ok, again no problem.



Line number 6 is from a strange country.

TCP myhost:24522        t13.worldaccess.cn:1034      ESTABLISHED

we see that we're connected to someone in China! (.cn) We don't know anyone from China. We were just talking to someone from there. Looking at the port (1034) we see that we're not connected over the internet with it. And it's a dialup user looking at the t13 bit. So this is our target!



We need this suckers IP. Now the less patient people will have stopped reading by now, but here is the trick. Remember which line your target was on, and in the DOS prompt, type: netstat -an

Then go to that remembered line, and bingo an I.P! That line will look something like:

TCP 127.0.0.1:24522	195.24.98.37:1034            ESTABLISHED

In case you are unsure if you did it right, or if you just want to get more info, get Neotrace from the software section at zap.to/dhc and fill in the ip. (195.24.98.37) and you should get t13.worldaccess.cn. 



The "Elite Lamer" way of getting an IP.

You need canned programs doing it for you, because you are lame, and need an IP.

First we download the following programs from zap.to/dhc at the software section:

Neotrace, X-Netstat, ICQ IP Patch.

After downloading and installing all of this, we start X-Netstat and look at all the IP's (Ok, read the "Elite Haxor" guide too about what the ports mean and all.)

Ok, so that X-netstat thing shows it in Windows, now we do the same thing: Neotrace it to be sure. Or read the IP from the info section in ICQ.



Connect your trojan to your victim's IP. All should work well. Get the stuff and get out. If you got all the passwords, and won't be returning, (which is wise), delete the server executable on her computer and also unregister the ICQ number you made for this.



Ok, you used all her passwords and all. Nice, hope you had fun. Now we're going for that 40+ year old. Get a ICQ number again, etc follow all the directions as with the 13 year old. But now we look for a 40+ year old. This talk should go something like:

Hi, how are you today?	/Always be nice.

Fine thank you. How are you doing?	/See, nice question, nice answer.

To tell you the truth, I'm not in that great a mood.	/Because you have a problem.

Why?			/If he doesn't ask why, but just says oh, start telling him your 			/problem anyways.

Well, a friend of mine sent me an update to ICQ, and when I start it, it won't do anything. 			/This could also be an update to Windows 98, but you don't know what 			/he is running, so no use in telling him that.

Oh. Strange. So it doesn't start anything? /He's making sure, he's interested in helping 			/you, that's good. If he's like: too bad, say that you're sad 			/because your friend always tells him that you suck at computers and 			/that he's stupid, and for once you'd like to prove him different.

Nothing. Maybe it's my computer. It's getting kinda old. It's really too bad. It's pretty important.              /Wave the bait in front of him!

What was it supposed to do then?

It's supposed to fix a couple of bugs in ICQ that makes it that info on your computer can be read by malicious crackers and it should also fix a connecting problem.	   /always use 			/difficult words about evil people when talking about fixing 			/something.   

That sounds pretty important.

It sure is. Maybe you want to try it?	/Please let him say yes. Please let him say yes...

Sure.                   /Bingo, send it and log on.

Here it is.             /Stay friendly and be sure to give him something that makes it look 			/like it doesn't work.

It doesn't do anything for me either.	/aww. Really?

See. It's just to bad. Oh well, I guess I'll just have to find some other way. /Yes, without 			/him.

Yeah, it's too bad.     /Yes we know by now. (they write this because they don't really know 			/what to write.

Anyways, I have to go offline now, my uncle came over and I'm going fishing. /Or something 			/else with someone, somehow that makes it that YOU have to go.

Bye.

Bye.			/ALWAYS stay nice, don't forget to get the stuff you wanted before 			/going offline.



A short checklist:

Sound helpless.

Sound like the most friendly person in the world.

You know NOTHING about computers.

You are always in a good mood, unless something doesn't work.

Keep talking.

Talk generalities when you don't know what to say, and you've talked about all of her info. (weather, time in that time-zone, movies, school.)

While talking, do nothing that could tip her off that someone's on his computer.

If he/she doesn't know how to do something, explain in a kind a friendly manner. Yelling does not work.



Some notes:

If it turns out he/she knows a lot about computers, get out of there! I'm not joking. When he/she starts talking about trojans say you don't know what they are. If they say they don't trust you, tell them you can understand that. This will make it easier next time. Help your fellow lamer. If they say not now, ask them if they're busy, and try to add them. Better luck next time. Try to keep two random chats going at once, but do it only once you're used to the stress. Practice with one first. Don't do this for the first time when friends are around, they'll give you "tips" and this will make your story chaotic. It's your talk, so keep a story planned in your head.



The first try is always a failure. It just is. You're new, and don't know how to talk about stuff you don't care about, you don't know how to make it that they take the file, etc.



Good luck.



				>>>The End<<<

dhcorp1@hotmail.com for questions.