Anti-scammer toolkit

I am currently onionsharing a few anti-scammer toolsets for those who want them.

fake syskey
fake cmd
fake notepad
fake run box
fake viruses
fake driver scanner
fake virus scanner
etc.

you can download the toolset here using tor browser:
http://pkim47cup342dvqmmsdc3hwg63fwgf4o6hl7c2wdcghqdxxfpyilf2ad.onion/whinny-footwork

It will run till 12am, if you need it later pm me.

2 Likes

Thanks a lot. These will be very useful additions to my arsenal. Once the tor address is gone, what link should I put in my YouTube video to link to the download?

I saw that Malcom had created one of the tool kits and he wanted the link shared but I don’t know what the link was. I’d say just shout him out on your videos and if he cares that much he’ll dm you the link to post. For the other files you could just make an anon share upload, I can’t be bothered to make a perma-link

edit: he says it’s in the readme file

1 Like

anyway to still get these? Looking into starting scambaiting and would love to have these! Thanks buds

1 Like

Can you put a new link, old one doesnt seem to work for me?

Since I’ve gotten a lot of requests I’ll update the original post for tonight and add a few extras

I’ve made a fake netstat and tree command that will make scammers wait for a total of 3,5 minutes… plus, make sure to make your vm nice and slow. I have also gotten Remote Administration Tools on it. currently writing more software for this thing, next up is replacing explorer.exe entirely.

Uh anyhow… let me know if anyone wants this to be opensource… and i’ll put it on github and let you guys know.

1 Like

I see scammers are increasingly using powershell instead of cmd.exe.
The last one i called used
manage-bde -status
To point out my percentage encryption was 0%, key protectors where not found and the protection status was off. Oh dear.

Ive seen them use other commands, but dont recall those.

1 Like

very interresting… i suppose all those commands are also just little files on the disk… lets see how to mess with it.

this displays your bitlocker encryption status. If you want to mess them up, turn it on.

manage-bde –on <Drive> {[-recoveryPassword <NumericalPassword>]|[-recoverykey <PathToExternalDirectory>]|[-startupkey <PathToExternalKeyDirectory>]|[-certificate]|
[-tpmandpin]|[-tpmandpinandstartupkey <PathToExternalKeyDirectory>]|[-tpmandstartupkey <PathToExternalKeyDirectory>]|[-password]|[-ADAccountOrGroup <Domain\Account>]}
[-UsedSpaceOnly][-encryptionmethod {aes128_diffuser|aes256_diffuser|aes128|aes256}] [-skiphardwaretest] [-discoveryvolumetype <FileSystemType>] [-ForceEncryptionType <type>] [-RemoveVolumeShadowCopies][-computername <Name>] 
[{-?|/?}] [{-help|-h}]

Obviously you don’t need all these parameters but there here if you want to use them.

This is a drive encryption code. Do not run this on your main unless you know what you are doing

Also here’s where you can learn more about that command for further research https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/manage-bde-status

1 Like

Bitlocker is not so easy to turn on, it wont encrypt the boot drive.

Have you tried Control Panel > System and Security > BitLocker Drive Encryption ?

^^^ try that

Also you could try adding extra parameters. Setting it to encrypt only used space should help. You can also set it to force encryption type. Experiment, coding isn’t really plug and play all the time.

I havent tried anything yet, I just googled first to see how a VM would work with it and found this:
https://kb.vmware.com/s/article/2036142

Microsoft does not support the use of BitLocker on the bootable partition of a virtual hard disk. But BitLocker is supported on non-bootable partitions of a virtual hard disk, if you are running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 or Windows Server 2012 R2. For more information, see BitLocker Frequently Asked Questions (FAQ).

Which makes sense, too easy to brick a virtual server. Now just use a fake power shell and you’ll have it covered.

Not sure that will be easy to fake. Powershell isnt typically launched from the run box, you right click the start button. Not saying it cant be done, but I havent seen it yet, and its probably non trivial.

Oh well, Ill give the scammers something to point to :slight_smile:

@Vertigo I’ll have a look in the morning, I have a day off anyway (like half the world I am assuming…) I hope powershell is just a powershell.exe or something alike, then I might post a github url here if I can make anything decent looking.

EDIT:
https://www.powershelladmin.com/wiki/PowerShell_Executables_File_System_Locations

Can You please upload Your toolset to anonfile.com? Thank You mate

1 Like

Unfortunately anonfile still can link to host through various means. However I will update this post soon.

could you create another download?