Recently I got about 3 text messages saying that my Bank Account has been hacked, so I clicked on their website and changed the letter in the brackets to different first letters of Canadian banks. Ha, it showed me all the scams.
From 37866013930:
BMO Alert!
Your banking account is suspended for safety.
Please secure your account below.
http://bmo.com.sslsecmsd.com/b
Change the last letter š
I found their JavaScript code, but I donāt code JS. I canāt read any of thisā¦ sort of.
If anyone can figure out how to exploit this to spam them with requests, this is the code:
http://bmo.com.sslsecmsd.com/b/code.js
Edit: Also, it does have a link to a gate.php, but I can't figure out what "admin" is.
http://bmo.com.sslsecmsd.com/b/gate.php works and I am currently figuring out how to use it.
JS below
tform.id = "tables.content.form";
tform.target = "tables.content.iframe";
tform.action = link.gate;
tform.method = āPOSTā;
guys i think iāll be able to make a site to spam them manually
Becareful guys they logs IP. Currently working on a tool to constantly wipe the IP logger table.
gate.php does not accept requests but the site has unsecured stuff lol
you can mess with their ip address database here, itās unprotected
http://bmo.com.sslsecmsd.com/b/counter/index.php#
@parabirb#67830 How did you find that? I spent like half an hour looking for directories like this
@parabirb#67830 How did you find that? I was looking for directories like this for awhile
@Jackestrel#67840 Looked at the source code.
This tool should allow you to slow down traffic a bit, but Iām not sure. It definitely slows Chrome a lot though. https://cdn.discordapp.com/attachments/525854871409262638/525898513431789590/home_1.html
Edit: You can ignore the sign in button, it starts spamming as soon as you open it
New and improved tool will essentially kill off the scammers
Link: http://www.alvinneo.com/www2/home.html
Proof it works: Screenshot - 66624c8c8f2ef3ab6a0f8c10a8e17d4c - Gyazo
Iām still working on getting updates
Update:
apparently it floods the site enough to break the api we were using, nice. tool is down for maintenance