0

I am puzzled by how people on Youtube bait scammers into connecting to their machines and end up "reversing" the connection on them. Essentially controlling the scammer's PC.

Is this done via reverse shells ? Or do you get them to open up a malicious application, ie do you have to use a dropper ?

I want to know how is this possible.

ng.newbie
  • 265
  • 2
  • 6
  • The videos usually show you what they do ... – schroeder Mar 09 '20 at 14:34
  • @schroeder Wow, glad this question did not get closed just outright. Umm, I have not found any such videos, but I would like to know what technology or techniques are used. Thats it, I don't want a tutorial. – ng.newbie Mar 09 '20 at 14:36
  • So, you heard that something happened and you want to know how it works. The first step would be to look up one of the many videos to see. There are a variety of methods used. – schroeder Mar 09 '20 at 14:41
  • @schroeder You know the video links that are present in the question that you have linked are not view-able. Try it, if you dont believe me. [Vid1](https://www.youtube.com/watch?v=FYhvmvX9p18) [Vid2](https://www.youtube.com/watch?v=P2EaZRXnOVM&t=602s). This is one of the reasons I posted here. Since I could not find any info on this. – ng.newbie Mar 09 '20 at 14:51
  • Youtube has a search function: https://www.youtube.com/results?search_query=scam+baiters – schroeder Mar 09 '20 at 14:55
  • @schroeder Ok it seems you are not understanding my question. And I apologize for that since I was unclear. So, I saw the myriad of videos on Youtube from your link, and the answer seems to be **social engineering**. **That is not what I am asking.**. Lets talk theory, if Alice is connected to Bob via some form of RDP(TeamViewer, GoToAssist, etc), **is it possible for Bob for reverse the connection and take control of Alice's box ?** What are the tools/techniques available to do that ? **Is it even possible ?** – ng.newbie Mar 09 '20 at 16:11
  • You are asking about vulnerabilities in these tools that could be exploited to trigger control. That's not what's in the videos. The *videos* show social engineering where the scammer is tricked into running a reverse shell, an exploit in a file sent to them or just running a remote tool. – schroeder Mar 09 '20 at 16:15
  • If you are asking "are there vulnerabilities in RDP/TeamViewer/GoToAssist that could be exploited for remote control?" That's a completely different question. And those vulnerabilities are available for lookup, too. – schroeder Mar 09 '20 at 16:16
  • The remote access tool either has that ***function***, which means we're back to social engineering, or the baiter exploits a ***vulnerability***, which will depend on the tool and the specific version. Generally, for commercial products, you can safely assume that there is no inherent weakness that allows that level of control that has gone unpatched for a while. So you'd be looking for specific vulnerabilities. – schroeder Mar 09 '20 at 16:18
  • @schroeder So what you are saying is that these videos all depend on social engineering. There is no ready-made specific tool that allows you to just "reverse" a RDP connection. – ng.newbie Mar 09 '20 at 18:21
  • That's right. If there was, they would be shut down – schroeder Mar 09 '20 at 18:22

0 Answers0