All posts by Ouahib El Hanci

About Ouahib El Hanci

I'm an international man of mystery, some might call me a con-man, but I consider myself smart as a fox.

imagesss

Scam guide: How to crack an xbox360 console

As per Dark Lord‘s request, here is a guide about cracking (modding) an xbox360 console. I hope you’ll find this helpful.

Modding an Xbox 360

Understand that softmodding an Xbox 360 is a significantly more complex process. Due to the extreme number of variances between models, it is highly recommended that you research how the process will work for your specific model. These steps will give you a basic rundown of the process.

Flash your 360’s DVD drive. To mod a 360, you will have to load custom firmware onto the DVD drive that is installed in your console. Changing the firmware on the DVD drive is referred to as “flashing.” This will allow the drive to read burnt discs.

  • To flash the DVD drive, you have to identify which drive you are using. There are 4 different vendors for the 360 DVD drive: Samsung, Hitachi, Benq, and Lite-on. Samsung disc drives have long notches cut out of the center opening of the tray. Hitachi trays have several small holes and two distinct small notches in the center opening. Benq and Lite-on have the same tray with a smooth center opening.
  • To differentiate between a benq and Lite-on drive, you have to pop out the bezel located in the front and center of your console, right underneath the disc drive. If you see white wires then it’s a Benq; if you see yellow wires then it’s a Lite-On. If the Xbox is from before April 2008, then it is a Benq as Lite-on was not introduced until then.
  • From the 4 vendors there are 12 different models of disc drive, each requiring slight variations in the process. Samsungs are the most simple to flash, Lite-ons in general are the most complex.

Disassemble the Xbox 360. In order to flash the drive, it will need to be connected to a PC. To get access to the drive so that you can do this, you will need to take apart the 360.

  • Remove the front panel first by turning the 360 upside vertically and pulling the panel out from the bottom.
  • Remove the vent plates on both ends of the console. These are attached with tabs that have to be popped out one at a time. Gently pull on the plates while releasing the tabs.
  • With the plates removed, lay the 360 upside down. Remove the bottom place by pressing in the tabs around the console.
  • Once the plate is removed, undo the screws from the steel chassis. Turn the 360 back over and remove the top plate. You can now access the DVD drive.

Attach the DVD drive to your computer using a SATA cable. Most computer SATA ports are located inside the case, physically attached to the motherboard. You will need to open your computer to run a cable from the 360 DVD drive to your SATA port.

  • The DVD drive will need to be powered in order to flash. While you can run the power from the 360, this is not recommended, as the 360 logs each time that the system powers on with no DVD drive connected. This will most likely lead to your console being banned.
  • Since the power connector is not a standard one, you will need an adapter that will let you connect your PC power supply to the 360 DVD drive.

Flash the drive through Windows. There are multiple ways to flash a drive, including command line prompts. The easiest way is to download and run JungleFlasher which combines all the different flashing methods into one program that runs through Windows.

  • Be sure to follow the guide available on the JungleFlasher website so that you perform the correct flash according to your DVD drive model.

 

TaiG-ios-8.1.21

Scam guide: iPhone jailbreak

How To Jailbreak iOS 8.1.2 Using TaiG

TaiG iOS 8.1.2 jailbreak has been released. Here is a complete step by step guide on how you can jailbreak any iPhone, iPad or iPod touch running iOS 8.1.2 using TaiG.

TaiG jailbreak for iOS 8.1.2 supports:

iPhone 6 Plus
iPhone 6
iPhone 5s, 5c
iPhone 5
iPhone 4s
iPad Air 2, iPad Air 1, iPad mini 3, 2, 1, iPad 4, 3, 2
iPod touch 5
iOS 812 jailbreak

Before we begin:

Backup your device using iTunes or iCloud.
Restore to iOS 8.1.2 using iTunes even if you are already updated to iOS 8.1.2 via OTA. You can download iOS 8.1.2 from here.
Turn off Lock Screen passcode and Touch ID. Settings > General > Touch ID & Passcode > Turn Passcode Off.
Turn off Find My iPhone as well. Settings > iCloud > Find My iPhone.
Here’s how to jailbreak iOS 8.1.2 on Windows:

Step 1: First up, download TaiG v1.2.0 or over for Windows.

Step 2: Connect your iPhone, iPad or iPod touch to your computer via USB.

Step 3: Start TaiG. Uncheck the 3K Assitant option and hit the green Start button.

TaiG ios 8.1.2

Step 4: TaiG will now begin to jailbreak your device. During the jailbreak process, do not disconnect your iPhone, iPad or iPod touch. Once it is complete, your device will restart and you will have latest version of Cydia installed on the main home screen.

TaiG Cydia iOS 8.1.2

Cydia version 1.1.16 running on iOS 8.1.2

It’s that easy!

 

Thai Lady Boy From My Recent Trip

Dating ladyboys? Don’t be fooled!

If you are like me, you are attracted to transgender women, and want to seriously date ladyboys. It’s already a big step to take this attraction to the serious stage, as most guys don’t do it. My blog is actually dedicated to these guys, the ones who assume their special attraction and want to make it real, the guys who are strong enough to stand the stares of the ignorants and not mind about the dogmas of the society.

But we need to go an extra mile. If you’re new to the game of dating with ladyboys, then you are a potential and easy target for the malicious and predatory ones. Most of the guys that I know who are trans-oriented are nice guys, they’re sweet to their girlfriend and generous. Sometimes it makes me upset to see how some ladyboys make advantage of them, because they’re fucking serious and good guys! Ladyboys usually strive to find a good guy, a guy who will treat them well and not consider them as sex objects only. Unfortunately, the good guys and the genuine ladyboys don’t always meet. The good guys usually have their first experience with a bitch who will crush their heart and rip them off. They usually have enough and definitely quit dating ladyboys and get back to real girls. And the genuine ladyboys usually collect the bad experiences with perverts and liars.

Anyways, I would like to write some thoughts about how a trans-oriented man should take care of not getting himself into a sad story and a bad experience.
Why You Are An Easy Target

You are an easy target when you meet one of these conditions:

– you never dated an Asian woman (and by Asian I especially mean Thai or Filipino)
– you never dated a ladyboy (sex with an escort is NOT a date)
– you are a good guy, naturally nice and generous (which is good, don’t change!)
– you are looking for something serious, this is not just a fantasy to you

citibank-phishing-scams

Scam Guide: Phishing

I’m often times asked how I perform email phishing attacks.  Email phishing attacks are very compelling, and unique to each situation. The process of creating a successful email phishing campaign is very methodical, and most of the time and effort goes up front into the planning phase.

Understanding that good security is a multilayer approach and we will have many layers of security that could potentially destroy our email phishing campaign. Some of these layers may include Email Gateway Spam Filters, Outlook ‘Junk Email’ Filters, Host based Antivirus, Intrusion Prevention Systems, Web Proxy Servers, Egress filtering, and the list goes on and on.

Now that we know some of the most common security layers  we will encounter, lets walk through some of them to see how they can be bypassed. Some of these methodologies were adopted fromBrav0Hax and purehate‘s phishing talks. Huge shutout to those guys and the work they’ve done for the infosec community.  If you haven’t seen their email phishing presentation it will answer a lot of questions you may have, check it out here.

Enumerating Email Addresses

One of the first things we need to do in any phishing campaign is enumerate email addresses. How are we going to send emails if we don’t know where we are sending to? This is where Jigsaw comes in handy to quickly and easily enumerate email addresses for us. It now has database support and can output to a nice CSV file as well. Thanks R3dy! The jigsaw developers and R3dy have been playing cat and mouse with this neat little script. The jigsaw developers are attempting to block the script from executing properly, so make sure you download the latest version for the best results.

Jigsaw works the best when you sign up for a free account on jigsaw.com and pass your credentials as arguments on the cli.

Antivirus Evasion

We are not going to spend a ton of time on antivirus evasion because the topic has been heavily covered by many blogs, irc channels, youtube videos, and virtually every other communication channel. If you want to learn more about antivirus evasion techniques checkout metasploit’sevading antivirus wiki which also highlights our very own metasm technique.

Having knowledge of the antivirus software your up against can greatly assist in the process of creating a successful phishing campaign. There is a great article here that discussed some ways to use DNS cache snooping to determine which antivirus product the target may be running.

Take the time up front to install an antivirus in a Virtual Machine (VM) before sending your phishing emails. Ideally you would install the exact version your target is running, but this is not always feasible. at a minimum you should install a couple free antivirus products like Microsoft Security Essentials, AVG, Comodo, and others. If you can’t bypass an antivirus in your VM, why would it be any different when you launch your phishing attack? Spend the time up front to test, and do not send your payloads to VirusTotal!

Packers are typically flagged by Antivirus products, but file protectors often times will slip right past most scan engines. If your looking for that little extra, feel free to purchase a valid certificate and sign your binary using signtool.exe inside SDK. That way your victims always know your binary is legit.

Peace&Love

Ouahib El Hanchi True LadyBoy Stories

Loving A Ladyboy Is Truly A Life Changing Experience..

I’m currently in a loving relationship with a ladyboy, and can honestly say it’s a life changing experience! Until just over two years ago I had only ever heard about them in conversation or read about them online, and now after spending most of my life having emotionally unfulfilling relationships with “straight” women, I find myself both physically and spiritually happier than I’ve ever been! And if that means I’m bisexual, I’m frankly way past caring what other people think, anyway. Being a long distance relationship it’s sometimes very difficult and expensive, but when we’re together (as often as time & finances permit) it’s as close as blissful can get. She’s about half my age, but it doesn’t seem to make any difference over there, as their society, despite it’s many problems, is not nearly as ageist as we are in the West, and she’s also an honest and hard-working person. I just want to say to all the hard-bitten cynics and doubters, that real love is truly possible, but you just have to get off your butt and go there and meet them for yourself. Chatting online is no substitute for the real thing…and can also leave you open to the minority scammers out there who not only spoil it for everyone else, but give their own country a bad name. Peace & Love.

Scam Guide: Simple Lottery Scam

Hey guys, Ouahib here with a guide on my simple lottery scam. Simply pretend to represent a lottery and will tell the victim they have won a huge sum of money. As with advance fee frauds, there will be endless fees to register, to claim the prize, to pay a lawyer, to cover shipping costs of a courier company and so on, until the victim has given up or run out of money.

You will typically pretend that it is a random lottery, often based on picking an email address, to evade the fact that you cannot win a lottery you have never entered. Copy names and/or logos of legitimate lottery sites to appear more believable.

Example:

Ouahib El Hanchi Lottery Scam Guide
I will continue to post more guides when I have a chance. Ouahib El Hanchi