Hello, I’m searching for scammers who double-connect to their computer, or ask me to enter their teamviewer ID and password which would lead me to temporary control their device.
Have you some methodology advices ? I talked to my first scammer ten minutes ago and it didn't got well ( everything was good, I got a GoToAssist connection but then I said I have trouble speaking English because I'm French, so he basically just closed the phone connection and started to type "wanna watch porn with me ?" on my vm's Firefox's url bar ).
I'm a begginer, so don't be mean :)
Pretend that GoToAssist and other off-brand remote desktop programs are not working, and ask if you can try something else until they suggest Teamviewer.
Wireshark their IP address upon connection, go to actions, disable remote input, then do whatever you want.
For example, open file transfer, quickly browse to their desktop folder, hit CTRL+A to mark all the files and press receieve. Laugh as you download all of their .XLS spreadsheets and scammer files to turn into the cops and refund the victims, while telling them "hold on, I'm looking for it!" as they are screaming at you to SIR PLEASE GO TO COMMUNICATION AND GIVE REMOTE DESKTOP CONTROL!
I probably have half a dozen video recordings of that for youtube by now. It's always funny. :D
@jackburton#32341 thank for this suggestion !
I'll definitively try to imitate the fact I can't connect using off brand tools.
Apart from this, I learned how to pentest and pivot through a windows network, so I think I'll just drag'n'drop my payload and have fun with the network :)
If I make it, it would be awesome to make a video tutorial ( like, setting up a real-looking VM, finding numbers, calling, using manipulation techniques and then dropping a trojan ) ( or at least make a video proof )
I'm wondering if talking of this ( in this scope ) is allowed on here ¯\_ (ツ) _/¯