Recently I got about 3 text messages saying that my Bank Account has been hacked, so I clicked on their website and changed the letter in the brackets to different first letters of Canadian banks. Ha, it showed me all the scams.
From 37866013930:
BMO Alert!
Your banking account is suspended for safety.
Please secure your account below.
http://bmo.com.sslsecmsd.com/b
Change the last letter 😂
I found their JavaScript code, but I don’t code JS. I can’t read any of this… sort of.
If anyone can figure out how to exploit this to spam them with requests, this is the code:
http://bmo.com.sslsecmsd.com/b/code.js
Edit: Also, it does have a link to a gate.php, but I can't figure out what "admin" is.
http://bmo.com.sslsecmsd.com/b/gate.php works and I am currently figuring out how to use it.
JS below
tform.id = "tables.content.form";
tform.target = "tables.content.iframe";
tform.action = link.gate;
tform.method = “POST”;
guys i think i’ll be able to make a site to spam them manually
Becareful guys they logs IP. Currently working on a tool to constantly wipe the IP logger table.
gate.php does not accept requests but the site has unsecured stuff lol
you can mess with their ip address database here, it’s unprotected
http://bmo.com.sslsecmsd.com/b/counter/index.php#
@parabirb#67830 How did you find that? I spent like half an hour looking for directories like this
@parabirb#67830 How did you find that? I was looking for directories like this for awhile
@Jackestrel#67840 Looked at the source code.
This tool should allow you to slow down traffic a bit, but I’m not sure. It definitely slows Chrome a lot though. https://cdn.discordapp.com/attachments/525854871409262638/525898513431789590/home_1.html
Edit: You can ignore the sign in button, it starts spamming as soon as you open it
New and improved tool will essentially kill off the scammers
Link: http://www.alvinneo.com/www2/home.html
Proof it works: Screenshot - 66624c8c8f2ef3ab6a0f8c10a8e17d4c - Gyazo
I’m still working on getting updates
Update:
apparently it floods the site enough to break the api we were using, nice. tool is down for maintenance