Anti-scammer toolkit

Unknown_User · May 6, 2019, 5:51pm

I am currently onionsharing a few anti-scammer toolsets for those who want them.

fake syskey
fake cmd
fake notepad
fake run box
fake viruses
fake driver scanner
fake virus scanner
etc.

you can download the toolset here using tor browser:
http://pkim47cup342dvqmmsdc3hwg63fwgf4o6hl7c2wdcghqdxxfpyilf2ad.onion/whinny-footwork

It will run till 12am, if you need it later pm me.

GuidoFawks · May 6, 2019, 6:02pm

Thanks a lot. These will be very useful additions to my arsenal. Once the tor address is gone, what link should I put in my YouTube video to link to the download?

Unknown_User · May 6, 2019, 7:26pm

I saw that Malcom had created one of the tool kits and he wanted the link shared but I don’t know what the link was. I’d say just shout him out on your videos and if he cares that much he’ll dm you the link to post. For the other files you could just make an anon share upload, I can’t be bothered to make a perma-link

edit: he says it’s in the readme file

Nonmasterbaiter · May 9, 2019, 4:12pm

anyway to still get these? Looking into starting scambaiting and would love to have these! Thanks buds

Sam_Rolfe · May 9, 2019, 4:24pm

Can you put a new link, old one doesnt seem to work for me?

Unknown_User · May 9, 2019, 4:40pm

Since I’ve gotten a lot of requests I’ll update the original post for tonight and add a few extras

dimucchu · May 28, 2019, 4:15pm

I’ve made a fake netstat and tree command that will make scammers wait for a total of 3,5 minutes… plus, make sure to make your vm nice and slow. I have also gotten Remote Administration Tools on it. currently writing more software for this thing, next up is replacing explorer.exe entirely.

Uh anyhow… let me know if anyone wants this to be opensource… and i’ll put it on github and let you guys know.

Vertigo · May 29, 2019, 5:47am

I see scammers are increasingly using powershell instead of cmd.exe.
The last one i called used
manage-bde -status
To point out my percentage encryption was 0%, key protectors where not found and the protection status was off. Oh dear.

Ive seen them use other commands, but dont recall those.

dimucchu · May 29, 2019, 4:14pm

very interresting… i suppose all those commands are also just little files on the disk… lets see how to mess with it.

Unknown_User · May 29, 2019, 5:20pm

this displays your bitlocker encryption status. If you want to mess them up, turn it on.

manage-bde –on <Drive> {[-recoveryPassword <NumericalPassword>]|[-recoverykey <PathToExternalDirectory>]|[-startupkey <PathToExternalKeyDirectory>]|[-certificate]|
[-tpmandpin]|[-tpmandpinandstartupkey <PathToExternalKeyDirectory>]|[-tpmandstartupkey <PathToExternalKeyDirectory>]|[-password]|[-ADAccountOrGroup <Domain\Account>]}
[-UsedSpaceOnly][-encryptionmethod {aes128_diffuser|aes256_diffuser|aes128|aes256}] [-skiphardwaretest] [-discoveryvolumetype <FileSystemType>] [-ForceEncryptionType <type>] [-RemoveVolumeShadowCopies][-computername <Name>] 
[{-?|/?}] [{-help|-h}]

Obviously you don’t need all these parameters but there here if you want to use them.

This is a drive encryption code. Do not run this on your main unless you know what you are doing

Also here’s where you can learn more about that command for further research manage-bde status | Microsoft Learn

Vertigo · May 29, 2019, 7:17pm

Bitlocker is not so easy to turn on, it wont encrypt the boot drive.

dimucchu · May 29, 2019, 7:20pm

Have you tried Control Panel > System and Security > BitLocker Drive Encryption ?

Unknown_User · May 29, 2019, 7:22pm

^^^ try that

Also you could try adding extra parameters. Setting it to encrypt only used space should help. You can also set it to force encryption type. Experiment, coding isn’t really plug and play all the time.

Vertigo · May 29, 2019, 7:24pm

I havent tried anything yet, I just googled first to see how a VM would work with it and found this:
https://kb.vmware.com/s/article/2036142

Microsoft does not support the use of BitLocker on the bootable partition of a virtual hard disk. But BitLocker is supported on non-bootable partitions of a virtual hard disk, if you are running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 or Windows Server 2012 R2. For more information, see BitLocker Frequently Asked Questions (FAQ).

Unknown_User · May 29, 2019, 7:26pm

Which makes sense, too easy to brick a virtual server. Now just use a fake power shell and you’ll have it covered.

Vertigo · May 29, 2019, 7:30pm

Not sure that will be easy to fake. Powershell isnt typically launched from the run box, you right click the start button. Not saying it cant be done, but I havent seen it yet, and its probably non trivial.

Oh well, Ill give the scammers something to point to

dimucchu · May 29, 2019, 7:35pm

@Vertigo I’ll have a look in the morning, I have a day off anyway (like half the world I am assuming…) I hope powershell is just a powershell.exe or something alike, then I might post a github url here if I can make anything decent looking.

EDIT:
https://www.powershelladmin.com/wiki/PowerShell_Executables_File_System_Locations

haer · July 14, 2019, 11:02am

Can You please upload Your toolset to anonfile.com? Thank You mate

Unknown_User · July 16, 2019, 7:01pm

Unfortunately anonfile still can link to host through various means. However I will update this post soon.

Ensigh1 · July 24, 2019, 8:18pm

could you create another download?