WoW ScamsWorld of Warcraft Whitehat Scamming Methods ONLY.
[NO QUESTIONS HERE] We do not condone scamming, this section is meant for people to read about scamming so they can prevent being scammed themselves.
Hello MMOwned, I am here again. I visited my cousin the other day who considers himself a hacker (sort of), and showed me a nifty little trick. I can confirm that this works and I thought that I would share this goldmine with you guys. It takes a bit of brains to do it, but it's not hard.
Steps
1. Find a packetsniffer and install it. (I used Winsock Packet Editor or WPE)
WPE can be found here: [Only registered and activated users can see links. ]
2. Shut down every program you are running. (Process MGR can help with this!)
3. Run and bind the sniffer to your computer.
4. Start up World of Warcraft and log on.
We are going to get some practice now so you know what to do later when searching through data.
First, pause sniffing and search the packets for your username/password.
One you find this, the packets target IP is the logon IP.
Say something random in any channel, (not /say!)
Now, stop sniffing, and search the packets for your message. The packets target will be the chat IP this time. Save this chat IP because we will need this later on.
NOW, for the fun part.
Go into WoW, and find your victim. It can be anyone.
We now bind the sniffer to the chat IP.
You now send your victim a whisper.
Make the whisper an uncommon word so you will be able to find it easily. It will stand out of the thousands of packets that you will need to search through later. Believe me, its a ****ing pain.
Once you have sent your message, stop the sniffing.
Now search the packets for your message.
Find the message, and copy the victim's IP.
Now, we are almost done. All we have to do is bind the sniffer to the victim's IP and let it sit. You will need them to log into WoW again.
Lastly, you stop the bind once you see them log in again.
Search the packets of data for the Logon IP. Inside this packet is the information you need such as the handshake, the lock/key, and the victim's username and password. Lots of data to sift through, but it is worth it.
CONGRATULATIONS! You have completed the scam. There is no way to track you or any proof that you were the one who did it. This method takes some time and a brain, but it is definetly doable. I hope the community of MMOwned will enjoy this method and my contribution. Enjoy
Last edited by trinos; 08-01-2008 at 03:16 PM.
Donate to remove ads, get your "DONATOR title, and get access to the MMOwned community's elite Shoutbawx.
[Only registered and activated users can see links. ] -- But his guide is confusing atm...
BTW DL Link not working.. i mean it dl the file but it doesnt extract it... i even disabled the antivirus (dont think it was that smart), but it says that file header is damaged.... could u upload urself on some other uploading site?
This is impossible, you can't read packages the server sends to your victim. Think about it, that would be a huge security lack, only by whispering someone you could get his password?... You only can do this if you're owner from a proxy, and someone logs on to his WoW-account (But who the hell uses proxy to login on WoW). Or if you are in a Internet Café and use this on the local network while someone is logging in.
Your cousin probably fooled you
__________________
Last edited by Rockerfooi; 08-01-2008 at 03:28 PM.
I am writing this from work. I will get a picture guide up and running when I get home later today. I will just update the post a bit. Binding the sniffer to your computer just means to run it on your computer. I will talk to my cousin later and make sure I am doing everything correct. I watched him do it and he grabbed an account easily with it.
The Untracable Account Scam. Goldmine! 
