The Fauxhunter Files
Home
About these Blogs
The Diamond Mine
E-Bay Phishing
Paypal Phishing
This Blog
date order
latest first
Hunt for Carfilhiot
date order
latest first

May 12th, 2006
Carfilhiot has told you all about my trouble. I was craping myself when they arrested me and took all my stuff and computer which I still havent got back and I dont expect Ill ever get it. Then they were making out Im some kind of Muslim extremist and Im not even religius. Then they were on about software copywrite and piracy and hacking into a computer and all sorts of stuff like youd expect.

But mostly they wanted to know exacly what I wanted which is who are these people who is Ginger and whats it all abot?

Mums friend Kevin just told me to keep my mouth shut when they drag me off it was 3 in the morning. But after a while it was impossible because I kept having to say that what their saying is horseshit and Im just trying to track down who scribbled on Carfs web site. I think they beleived me any way but they just wanted to know more.

So Carfilhiot arrnged for me to be let out because I was just helping with enqirys but Ive had no PC all this time until I got a mates old Dell (1GHz so pretty slow) of him when he got a new one and my ISP has close fauxhunter.co.uk down. But the domain name belongs to me so I have got it back. The site was still OK – I got off of my thumbdrive where I back everything up. That was in my pocket all along but the cops thought it was a magic marker so I let them. OK Ive lost a lot but I can replace it because if it wasn’t backed up it was a free download.

I redid the blog. First I tarted it up with WordPress too, and Gil whose Carfs freind from palimsest has given me the web space and as you see Im up and running. But I better be a bit careful now hehehe.


January 31st, 2006

Carfiliot seems a bit iffy about looking at stuff from Dork, so Im not sending him any more of it. But Ive had the idea to saerch the whole of the files for ‘ginger’ and see if its mentioned. It took a total age and nothing then i thouht what about Wastbasket and it was worth the while there was a file with a list of jpg urls includeing carfilhiot.co.uk in off course the ginger subdirectry so I went thru all the urls and mostly all of them were 404′s but two sets had the same pictures as the ones in Carfs web site.


January 23rd, 2006

Heres another picture from the set that had the ginger pic in it. This one and the prevous one are both photoshoped from photographs. I think the APACHE chopper is photoshoped in too. Because one of the piccys in the temprary internet files is a color photo thats a lot like the burning car in the piccy. and that comes off one of the palestine supporters sites.
Ive spent the last two days looking at evrything in Dorks filestore. It does’nt amount to much. Off course theres the usual Wndows garbage. Its a Dell running Win98ME which is well past its sellby and a slow 500Mhz cpu. The temprary internet files is vast but mostly not intresting.
One thing I was worried that they might have been looking at Carfilhiot, but I checked before I sent Saturdays stuff to Carf, and no they havent.
My Documents had a lot of crap in it but all in English and mostly Word docs about bank and credit cards which I have sent to Carfilhiot too. Thats up his street!!!


January 21st, 2006


I just copyed all the file store from the machine – I call it Dork – to my own, via Carfilhiots ftupload directry. Now I got to go thru it all and see wots wot.
I took like a risk last night and instaled another vnc service under a diffrent name so I can get into the machine anytime I like. At the same time Im doing the filestore Im watching Dorks screen out the corner of my eye and I wake up evry time someone uses it. One of the usrs likes porn and Ive seen some stuff I didnt know was possible.
But most of them use sites with foreign (I spellchecked that one) languages (and that) on then wich I suppose its arabic but sometimes not. Lots of piccys of guys with balaklavas and teacloths on their heads running about with guns and rockets.
Emailed Carfilhiot with the story so far and the vnc psw so he can see whats going on.


January 20th, 2006

When youre in vnc you can actually use the target machine like its local. But you have got to be careful because if they see you move the mouse or type in they smell a rat. Because its likely in the US, I waited till the screen was still and all the US should be in bed and checked local time zone which is GMT -5 – Eastern Standard I think – New York etc – and you wonder.
The next thing is when youre in VNC you can see the filestore and the email and everything – you really own that machine. I found the picture thats on Carf’s web site and three others in the same directory – same kind of thing with the code.
I dont know if the machine Ive captured is a private one or a public, but its in use a lot mostly for all sorts different sites on the internet so I think its public or at least shared.
Anoter thing is the keyboard hits and the mouse moves are difefrent from one use to another so I am almost sertain that its all diffrent users. And its been switched on 24 hours so far. Lets hope its 24/7.


January 19th, 2006

Result! Someone used the old VNC with the hole in it on just one of the macines that was accessing the photo that we think is put there by Ginger – one that did a lot of acces, so now I have the screen of that machine in a window of mine. Its an IP that ought to be in the US. Often site maintenance people will put a vnc service on all the machines their servising so they can do fixes over the internet without traveling to the place were the machine is. I think thats it. They have probly forgot they did it by now.


January 18th, 2006

I do’nt beleive its still runing. But it is and I have no idea how far its got.

[later] Spoke too soon. It completed at 15:07 today. No vulnerabilities.

Ive been thinking about vnc and wether any of the IP machines have it on. Because there’s a hole in VNC. So I set up a script that tries each IP with a modified vnc connect. Its not like you can just connect without having a password. Its a bit more complicated or evryone would be doing it already. hehe


January 16th, 2006

Its still going! Nothing yet.


January 13th, 2006

Modifyed a little program in java that checks thru a list of IP’s and tries a few tests to see if their zombies. Thres a few well-known things you can try-

  • EMBO-27
  • Consolidater
  • zombo3
  • Mother

with a set of port / user / psw people have used before.
It comes on a file and I got it all from a mate at Computer Club. It takes ages to run the prog because some of the IP’s close down so often and you have to re-conn. Thats why it is best to make it auto.


January 11th, 2006

No progress with this code. I dont supose its possible for us to decode it. I sent it to the realy clever kids at
Unforum
which are well expert at this stuff but no result.
So, anyway I’m going to start working through all the IP addreses that have accesed the piccy, and see what I can find out.

Next Page »


©Alfredo García 2004-2006 All Rights Reserved Powered by WordPress