Hello one and all, I have returned (not that I was missed, but I plan to be around more consistently hopefully can help someone else out)
I checked the forum rules and don't think is not allowed. Hopefully I can post this clearly enough to prevent this from turning into a troll thread.
I was recently scammed by someone via WesternUnion. We were doing a joint venture project, after he got my money he "disappeared" for a week. When he came back, he claimed that he got scammed and doesn't have his half of the money, but he already put mine down as a down payment. I was able to trace his IP and the "guy who had the down payments" IP, and found out they're one in the same (I was already certain it was a scam, but after this proof wanted to lock down my plan to take my money back). I have cause to believe the guy has plenty of bitcoins on his machine, and I plan to recover enough to pay myself back.
In my course of social engineering the guy, I found out the following:
His IP address (It's in India, which makes sense. He also has no ports open, but a bunch filtered)
-He runs windows 7 x64
-He uses Firefox 24 or Internet Explorer 10 (I would assume pretty patched)
-He uses Avira anti-virus
-He uses Adobe Reader 11 (not sure if it's 11.0.4 yet or not).
So I don't think I'm gonna find an exploit (unless someone wants to point me where to search for zero days)
I'm planning on using metasploit, already built a payload and tested it on my VM machine. I figure if I can get it into his machine, I can set it up to persistent and with enough time keylogger him and get his bitcoin wallet.
Problem I'm having is with getting the .exe to NOT set off Avira. I've looked into packers and other methods, but they all seem out of date.
Any suggestions or points in the right direction would be helpful.
