[Full-disclosure] XBOX ID's being Jacked

Kevin Finisterre (lists) kf_lists at digitalmunition.com
Fri Mar 23 14:21:45 GMT 2007 

There are lots of folks that mention obtaining the IP in order to  
hack your account. They usually say they have done this with Cain and  
Able or Commview or any other sniffer out there. You IP can be easily  
obtained by the usual standby groups or bridgers....  The only reason  
they want your IP is because that can buy them ONE piece of  
information. In some cases if you have paid for the proper program  
you can get an address and GPS coordinates for an IP. In most cases  
the address will be that of your neighborhood router or something  
like that.

I just wanted to clear this up as there appears to be some confusion  
over what the IP address has to do with prextexing Microsoft XBL  
employees.

You can try something like this...

http://www.melissadata.com/lookups/iplocation.asp? 
ipaddress=209.11.233.26

and get something back like this

IP Address 209.11.233.26

City FINDLAY

State or Region OHIO

Country UNITED STATES

ISP CENTRACOMM COMMUNICATIONS.

This may be JUST enough info to trick a dumb employee



-KF


On Mar 22, 2007, at 7:21 PM, richfa1 at aol.com wrote:

> Kevin,
>
> My son's Xbox Live ID was jacked by "Brad" of the o Infamous o  
> Clan. It happened in such a short amount of time that I don't feel  
> that it was a case of Social Engineering. I did some research and  
> came up with a way to do it using your Xbox, with Action Replay and  
> a memory card, and the DVD of the game Splinter Cell, your PC  
> Kernal IP Logger and an FTP program. It seems that the DVD has a  
> copy of Linux on it that you use to help get the person's gamertag  
> by using that person's IP address.
>
> I found the steps to do it on a message board. However, by the time  
> I got to it, the message board admin had edited it and then also  
> closed the thread. I think that the social engingineering angle is  
> only a small percentage of the ID thefts. I have a feeling that the  
> technical way is more likely how the majority of IDs are stolen.
>
> Rich
> AOL now offers free email to everyone. Find out more about what's  
> free from AOL at AOL.com.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070323/b5e8d691/attachment.html

Full-Disclosure is hosted and sponsored by Secunia.