Dear heyurizens, I just had an amazing idea that is sure to provide me with plenty of entertainment and lulz. It's not a groundbreaking idea, basically, I'm thinking of setting up a keylogger in one my college's computers. I will configure the computer so that the spyware program starts automatically. It will proceed to log every pressed key to a file, that I will be periodically saving and emptying. To be able to access the internet inside campus grounds, every student is required to type their academic code and password, this happens on the web browser. That means, for every infected computer, I am guaranteed to get the credentials of every student that uses the machine. That's a lot of stuff, and there are also social media accounts. There is a messaging application within the school site that I can use to send obscene messages to every student in the whole campus, that's my main objective.Now the question is, how can I get caught? My plan is to download the file off of catbox.moe, can they use this fact to pin me down? I imagine there are other ways this could go south, because keylogging is really not that difficult to do. Sending obscene messages and fucking with other student's accounts doesn't seem like much of a big deal at first, but then you remember there are cases of teenagers being arrested for sending politically-incorrect stickers on messaging apps, and you bet that if I do end up hijacking some poor bastard's account, things'll be a lot worse than memes about the holocaust or whatever.Marked for deletion (Old)
I will respond when I sober up
I don't think the people on school might find out if you just don't do anything, but if you want chaos, you can just make something crazy like leaking the info, or just doing stuff while they don't notice like a little edited message, or a weird photo being posted
That seems like a very complicated prank. Have you considered that you could just take a SHIT in a urinal instead.
realistically it would probably be easier and you can better target people if you just send them phising links, target popular women because they are the most retarded and once you compromise their account, dudes will click any link that you send from her account
How will you make it so it runs on start up no matter who logs in, rather than only running on start up when you log in? You'd need admin permissions for that, right?
>>119101a SHIT won't get in the news though
if you want the biggest bang for your buck a sharpie threat in the bathroom is your best bet at getting on the news, although i would ask at that point what the purpose in such an endeavor is
>>119110for teh lulz
>how can I get caughtsomeone in your college may be a heyurizen and reading this right now (;´Д`)
>>119088>how can I get caughtu'll git caught kuz I know u and I'll anally raep u when u try to haxor our computahs
By the 'you' I mean the person who does the attack, I'm used to typing 'you' as whatever I'm talking about.I don't condone crime etc. etc.I will first try to analyse the problem, methods of proving identity to consider, then consider ways of achieving the goals in the synthesis.My analysis:Goals:1. Gathering account credentials from foreign machinesOP's proposals:1. Autonomic keyloggers with internet communication abilityMethods of proving identity:1. Most modern academic labs involving computers have remote logging and remote viewing of all computers connected to network with higher priviliges than the user of the machine. They will definitely gather information regarding which computer was infected, when it was first ran, who was legally in the lab at the moment of infection, who was this seat assigned to, fingerprints on the keyboard or case. Some might not allow unknown programs to be ran, or they would not have admin priviliges rendering them useless, beware of some universities having software that immediately and automatically reports suspicious activity to the network admin. You would be immediately screwed unless you are able to immediately destroy evidence, so I would carry an encrypted pendrive. It might be reported when Windows detects a keylogger .exe because it will recognize it easily once it is decrypted.1.1. Timestamps - you will be timestamped and the time of execution is tied to the time when you got a computer class. If you do it in more than one room they will have a combination of 2 or more instances of someone doing it. Both timestamps of first time running the program will narrow down possible culprits to you. I don't believe that installing it in 2 rooms is sane, or during two separate courses. It is an instant giveaway of yourself. Not more than one room, and not more than one course is to be fucked! Otherwise you are getting fucked hard. Do not be too greedy and ever attempt it.1.2. Lack of other suspects - the PC of first contact could be tied to you. Firstly because your person was legally present during the class of first contact with the virus (otherwise you have to break into the room which is an instant giveaway when they check cameras - don't ever do it), secondly because if seats are assigned to people it would be tied to your seat and your seat to your name, thirdly if you use another computer they might check fignerprints if it gets reported to the police and you cannot refuse getting fingerprinted - the virus must be ran directly as a macro from the USB drive to avoid your body's contact with the computer but then how do you decrypt something without touching the keyboard? Maybe unencrypted is the way here but it is riskier.1.3. You might be spied on - the teacher might be watching your screen at the moment, another student, a camera inside the class or a remote screen sharing program would stream it to the PC of the teacher and he notices too many windows popping up and disappearing. You will either be approached by the teacher immediately, or someone might snitch if later questioned and point to you. They might be logging each program starting and giving instant notifications to the admin if something weird is going on. Very risky, pretty much no way to avoid this problem.My synthesis:I assume the goals as the minimal potential, but I will expand them to the maximum damage with no real extra effort. Prioritizing base goals.If one is to put keyloggers on the computer it would be tied to physically plugging it in and running because I don't believe anyone exploits holes in the code remotely, it is too hard these days. 1. It seems most safe to pick virus type to RAT and not a general keylogger if there is nothing preventing the program from executing with admin permissions. It must be ran from a USB drive which best should be a macro to pull it out fast and without fingers touching the PC itself. I would let the RAT incubate for a few months. It is best that the RAT incubates with no interference with network for some time, then creates its own duplicate and deletes the original along with wiping the memory clusters involved afterwards and enables its duplicate as an autostarting program at boot, so that the original infection date is debatable in court and would raise doubts about your charges but it still is functional. Before the data mining it seems rational to try backup the RAT on other devices, so a spread. I would be prepared though. It might be autodetected and block communications and alert the admin, risky but no organization besides the government does that really. In terms of gaining control it is always best to try to elevate your permissions before roaming loudly and getting detected. RAT would need to take a better protocol as its means of communication with its owner, like TOR. To upload shit safely I think the RAT would serve as a VPN and your RAT is behind TOR. Nobody would bother tracing it, so leaking data is safe assuming that another link doesn't go to the culprit.Necessities:1. Prepare an appropriate program and drive - a USB drive is good enough, program should be a decent RAT and not plain keylogger, RAT can do that and much more, RAT can control entire networks besides spying on their information. Getting a RAT and a macro to run and set it up instantly is the best combo as far as my knowledge goes.2. Get to the computers - I wouldn't specify how to gain access to them and install stuff, it is case dependent. Physical contact is usually needed but it carries the above risks.3. Infect - case dependent, plugging in the USB drive would be enough if there is a macro with a ready RAT assuming that it gets sufficient permissions, does not get denied execution and doesn't get detected soon after.4. Have connection from the infected PC to yours - figure out a way to connect over some network to it like TOR, I would make sure if I can run TOR on the network of the infected PC before I attempt it, it might turn out that the admin has prohibited his network from interacting with IPs of the TOR network.5. Extract infected data - detection would possibly happen soon after, a coordinated extraction from all machines at the same time would be optimal.6. Upload the gathered data - the easiest part, when it gets to the hackers computer it remains there possibly forever, instant upload is not necessary, I would use an antenna and connect to some free or unprotected wifi to do that.Other tips:1. Have all drives encrypted, no exceptions, even your USB tools!2. When questioned stay silent, don't dig your own grave.Talking and getting proven lying afterwards which is a punishable offence.Investigators will analyse every bit and every nuance of what you said, it might lead them to things that only the culprit could know and you are the culprit. It is self incrimination by proxy and idiocy! Stay quiet.During questioning you stay silent and put your face on the table and hide it with hand so that you don't see your reactions to charges. Stay in one position throughout the entire duration of questioning so that they don't have the ability to tell what you reacted or not to, not giving them a suggestion whether it is you or not. Your body language sells you, do not move. Head to the table, mouth shut, face hidden, and freeze.3. Do not own anything that can prove to the court you are into computer science. You can't commit a very complex crime with no basic understanding of how they operate! Get rid of that antenna too.I'm a n00b at this kind of things, I personally never attempted any so it is just my unexperienced theory.I never proofread because I am too lazy.
>>119158What LLM are you?
>>119165Should I stream me typing my next post?I spent about an hour on it
>What LLM are you?osaka is just extremely knowledgeable on certain topics!
>>119166No real person writes this verbose and pompousReveal yourself golem
>>119169I'm learning to teach. I did not optimize the word count and precision in that post. I was often inspired by the rare serious and big responses, some of their tiniest parts inspired me to do things that have forever improved my life, I wish to return the favour. I wish to be a sage, and this is my training. I will take note and make them less annoying in the future.
>I'm learning to teachosaka-sensei
Have you considered what to do when you get caught? You'll be kicked from that college for sure, and not given any awards for getting past their security measuresGo ahead if you don't care about that, i'll be waiting 119158-san gave you some good advice though and if you follow it you should be fine
>>119088is posting your plan on heyuri good opsec?
if I had to do that, I'd set something for remote controlling too, or have the keylogger upload the key logs to somewhere on internet you have access over (so you will be able to empty that file from your home as well as remote uninstall keylogger when you have enough data)ideally I'd wait a few weeks or months before sending the pr0nz, most people don't change their passwords that often
I just found out some other fucktard is planning the same thing as me. I hope he doesn't go through with it.