Stealing Accounts using a packet sniffer

[Sealteams]

I've been trying this guys method.
[Only registered and activated users can see links. ]

All credit goes to this guy and anyone who helps me. Blizzard doesn't hash passwords because I can see my own and apparently this guy has done it before.


I use the Wireshark packet sniffer and I have found the ip of my server.

Andorhal(US): 206.17.111.24

To get the ip of the person you want to take, you have to find the ip of the chat server by typing something in a channel(which I have yet to do, I see things people type in trade in the hex in the packets but its coming from the same ip as the world server). Then sniff while pming them and they pm back. This is also where I have trouble, you are supposed to get the persons ip from this somehow.


I also know the ip of the person I am going to test this hack on but, I didn't use the packet sniffer to get it (He's a noob who lives down the street).

When, I try to set his ip as the source ip and the Andorhal server as the destination and start sniffing after I call him to tell him to get on WoW, I get nothin. Normally, when I am sniffing while logging on with my ip as the source, I can see my Username, password, and the ip of every single WoW server listed in no particular order.

If anyone has experience with the Wireshark packet sniffer, I would love to know what expression to put in the filter box.

Currently (I think this is totally wrong, I'm using the stupid wiki page to try it.) my filter looks like this when trying to set the source and destination ip:

Code:

(ip.src == xx.xxx.xxx.xx) and (ip.dst == 206.17.111.24)

ip.src=^Scammed guy^
I'm trying to figure out what should go in this filter to get the same results as using my ip as the source. These are the other expressions for ips.

ip.src- Source
ip.src_host- Source host
ip.addr- Source or Destination address
ip.host- Source or destination host
ip.dst- Destination
ip.dst_host- Destination Host

Links:
[Only registered and activated users can see links. ] Wiki for wireshark

[Only registered and activated users can see links. ] Wireshark homepage

This could be one of the best scams ever if we can figure it out. Stealing the GM's account of the best guild on the server simply by him whispering you, now thats awesome.

[Verye]

So far, I've never seen an example in which someone actually got someone else's password.

Even you say you haven't.

It would help if you actually tried it and were able to see someone's username and password. =/

[Sealteams]

Thats the trouble I'm having with packet sniffers. I don't know how to remotely view the info they are sending to the wow servers. The guy says you just change the source ip to theirs but, I don't get anything at all.(even when leaving the desination ip blank just in case they aren't playing wow, I would still pick up anything they are doing online)

Right now, all I can do is steal my own account but, this is absolutely possible if I could get the packet sniffer to work with other ips.
Thats why I need someone experienced with Wireshark.

[Xterminio]

nice I will try this. Thanks

[Silentgnomez]

Could I ask you guys something?

I am also trying this, but on a EU server. The wierd part is, that I can't find my password, only my username.I don't have any problem with tracking IP's..

Maybe we should help eachother out?

[Therrm]

I dont think this could ever work !!! Thos packets you are sniffing are sent by a computer that is not on your netwrok and it goes to the wow server... How could you receive them at your home ???

This is the same as a postcard that is sent to your grandfather... Your the postman will not come by your uncle to give it to your grandfather.....

Or i'm missing something...

[Sealteams]

Quote:

Originally Posted by Therrm

I dont think this could ever work !!! Thos packets you are sniffing are sent by a computer that is not on your netwrok and it goes to the wow server... How could you receive them at your home ???

This is the same as a postcard that is sent to your grandfather... Your the postman will not come by your uncle to give it to your grandfather.....

Or i'm missing something...

No, because they are connected to the internet also, you can monitor them. Most packet sniffers have a feature to change the source ip.

[Sealteams]

Quote:

Originally Posted by Silentgnomez

Could I ask you guys something?

I am also trying this, but on a EU server. The wierd part is, that I can't find my password, only my username.I don't have any problem with tracking IP's..

Maybe we should help eachother out?

What packet sniffer are you using to track the other people's ips? And also have you found the ip of the chat server on the wow server? I can't find that I just found their ip through a different method.(not monitoring whos sending info to the chat server)

[Therrm]

Quote:

Originally Posted by Sealteams

No, because they are connected to the internet also, you can monitor them. Most packet sniffers have a feature to change the source ip.

Yeah but you mean that you receive every packets of every computer connected to the net ??? That makes no sense !!! And you cant connect to a computer to see what it is sending... This would be too awsome !!! Well I guess this is not possible if you are not on the same network...

I hope I'm wrong BTW

[Silentgnomez]

Well, I am using the same on as you atm ( stole it from your post :P ).

However, the problem with this one, is we can't change the source IP. Or atleast, I don't know how.

Concerning the chatserver, I think that is the server IP. I ran through most of the IP's on the EU realmlist, but no "chatserver". I think it is the general server he ment.

Anyways, you could also do this abit different. Contact people on MSN. Sellers. Talk to them, polite, check their I.P, put the sniffer on it, and ask him to show the char ingame.

Afterwards you ask his full name (because you like that when doing business). You offer him a WAY to small amount of money for the account, he reject.

Then, in the middle of the night, you create a new acc, his last name, log in, and transfer.

Afterwards, get the account banned, and he will NEVER know what happened.

[Shalehena]

Quote:

Originally Posted by Silentgnomez

Could I ask you guys something?

I am also trying this, but on a EU server. The wierd part is, that I can't find my password, only my username.I don't have any problem with tracking IP's..

Maybe we should help eachother out?

Do you mean that, if I actually give you my ip, you could see all the packets i'm sending/receiving while i surf the net or i play wow, are you completely sure?

BTW, it's really easy to find the password.
Get the hex code from the packet (just this one) with the account name and paste it there (it is a hex--->ascii converter) and you should get your pass too, it is just a couple of lines above the pass.

N.B. I tested this with 4 accounts and it worked everytime, the info i gavered was from Wireshard, and yes, i know that wireshard translate by itself hex to ascii, but i don't know why it doesn't it good, because i can see my pass on that see, while i can't on wireshark

[Silentgnomez]

Yes that should be possible, if I find a sniffer that let me change the source IP.

I am also talking with Fatalmind about this. If we find a sniffer with changeable source IP...

Har har har (evil laugh)


But at which site are you translating? I can't see my pass, only my username.

[Shalehena]

I was able, read my post aboe, i posted the site...

Anyway, it's true that you can change source ip in ANY or almost ANY packet sniffer, but that means source ip in your network, they do not scan packets heading from an external network to ANOTHER external network, prtically, they just sniff things that are in your lan...

And yes, it should be possible to sniff things around the net, but programs needed are dificult to find 'cause are what hackers use... i'll search in a couple of "evil hacker" forums btw..

[trancehax]

Simple packet kiddie stuff.

[spikmun999]

nice, ill try this