Get Any Microsoft Products for FREE!!

Discussion in 'Ethical hacking Tips' started by indiansword, Feb 25, 2009.

  1. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    491
    Likes Received:
    37
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    http://www.Secworm.net

    Introduction



    This article will basically introduce you to the funniest yet useful bug in Microsoft systems. Do at your own risk as neither Go4Expert nor the author of the article are responsible for anything legal related to it

    Background



    I work as a manager in HP for north american customers, so i have been hanging around in this field since a long time. So just by a little research i managed to find the bug!

    Lets start



    PART 1

    1. Go to ebay.com
    2. Search for "Microsoft Products". (Suppose you chose a "gaming keyboard")
    3. Select any product below $150, and tell the seller that "I am ready to buy, but just to make sure that I am getting the right thing, i want to know the PID number of the product".
    4. Seller will mail you PID number.

    Part 2

    1. Call up microsoft customer service OR have a chat with their representative
    2. I dont have the number byhearted so goto support.microsoft.com and find that out
    3. Tell them that " I own this (the same) Gaming Keyboard, its broken, some of the keys are not working, I have done all the troubleshooting."
    4. VOILA!, they will say that "Its ok, sir, we will send your another!"
    5. YOUR DONE!!


    How it works?

    When they send you another keyboard, they would NOT ask you to return the existing broken keyboard, because the SHIPPING will cost them more than the price of the keyboard. So thats what is the loophole

    Why till $150?

    As i mentioned above, if the replacement product costs more than $150, then they will ask you to return the existing broken product at the time of delivery, which apperantly we dont have :D.

    Can I get caught?

    NO!. Its done through complete legal way, I have already ordered 5 of them and have received 3 at my friend's place in US. I am expecting them to drop 1 of them at my place (india), within couple of days. :pleased:

    ENJOYIN EXPLOITIN THE LOOPHOLES!
     
    shabbir and xray2403 like this.
  2. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,375
    Likes Received:
    388
    Trophy Points:
    83
    I really doubt on this.
     
  3. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    491
    Likes Received:
    37
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    http://www.Secworm.net

    i dont coz i have got the CONFIRMATION MAIL, m in the office right now so dont have access to personal emails, will paste the confirmation text later, i said that will take 2 more days, coz they have confirmed that they are shipping it to india, so logically it should be around 7-8 working days :)
     
  4. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,375
    Likes Received:
    388
    Trophy Points:
    83
    But you are stealing the PID from a person and so it would be anyway a law breaker and so you are bound to be caught
     
  5. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    491
    Likes Received:
    37
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    http://www.Secworm.net
    1. the original owner doesnt have ANY idea about it. in microsoft call center, it works in such a way that even if u call for the same product, on every call it will create a NEW PROFILE. i dont think every one would understand the tools on which call centers work.

    2. original owner is not in picture... the personal who delivers it to your address has no concernes with it...

    3. its microsoft's policy, so no one can deny that

    4. still to answer your question, you can say that
    "I had the broken product, i threw i out"
    "I purchased it when i was in US"
    (i m damn sure, we wudnt be in position to answer any one)
     
  6. xpi0t0s

    xpi0t0s Mentor

    Joined:
    Aug 6, 2004
    Messages:
    3,009
    Likes Received:
    203
    Trophy Points:
    63
    Occupation:
    Senior Support Engineer
    Location:
    England
    Yay, way to get sacked when people find out. Operation Planner for 3 Australia, eh? And "I work as a manager in HP for north american customers". That's going to narrow down who you are fairly accurately.

    This is theft, plain and simple. Actually depriving people of actual physical products that cost actual money to make. And since you didn't buy these products this makes you a liar as well.

    This has absolutely nothing to do with ETHICAL hacking (FFS, some people really need to look up the word ETHICAL in a dictionary before being allowed to post bere) and IMHO this article and thread should be deleted as it gives go4Expert a bad name.

    And yes, you can get caught. What happens when someone whose PID you've nicked faces this problem for real and asks for a replacement? They contact Microsoft, who say I see you've already done this once sir, followed by no I haven't and I want my replacement oh and by the way here's my proof of purchase, followed by OK let's see who was daft enough to give us their address for sending your replacement keyboard to, followed by a quick cross reference, followed by oh look, five keyboards and counting, this person is either very unlucky or a crook. And I bet HP are a Microsoft partner and you'll be in it up to your neck, so if they don't call the cops out (who probably couldn't be arsed) they'll have a word with the HP CEO and you'll be out on your ear.

    Or maybe what if they just cross reference one address against the number of failures and compare that with the average failures/address, without being prompted by a duplicate request for a broken product?

    So I hope your five $100 keyboards are of some comfort when you find yourself out of a job and unable to get another one in IT. Or in the slammer.
     
  7. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    491
    Likes Received:
    37
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    http://www.Secworm.net
    if actual owner's PID is facing problem they call up and microsoft send them another. Thats y i said that you wudnt understand the tool that they work on

    U can once, you profile is created, data saved for that particular call.
    Another call, another profile, new replacement! THATS THE BUG!

    i cud have added a disclaimer that
    - educational purpose-
    but its not :crazy:


    and ya
    Code:
    Yay, way to get sacked when people find out. Operation Planner for 3 Australia, eh? And "I work as a manager in HP for north american customers". That's going to narrow down who you are fairly accurately.
    
    what u mean by that?
    i was with 3 earlier, now with hp since coupel of months.
     
  8. hanleyhansen

    hanleyhansen New Member

    Joined:
    Jan 24, 2008
    Messages:
    336
    Likes Received:
    8
    Trophy Points:
    0
    Occupation:
    Drupal Developer/LAMP Developer
    Location:
    Clifton
    Home Page:
    http://www.hanseninfotech.com
    I agree with xpi0t0s this has to be illegal because your making your self pass as the legitimate owner of the product which is lying and deceit and impersonation. Also by saying you owned one and lost it or broke it your claiming false ownership for personal benefit and to gain a profit for something you don't have or own which is illegal.
     
  9. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    491
    Likes Received:
    37
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    http://www.Secworm.net
    Code:
    **********************************
    Please keep this e-mail for your records.
    **********************************
    
    Microsoft has received your order, and it is being processed.
    
    Order Date: 02/23/2009
    
    Ship-To:
    XXXXX XXXXXXX
    XXXX XXX XXXXXX Rd.
    XXXXXXX, VA XXXXX
    United States
    
    Following is a list of the items in your order:
    
    Part Number: 9VV-00001
    Product Name: Habu Gaming Mouse Win USB Port English NA Hdwr CD
    Qty: 1
    Unit Price: 0.00
    Item Total: 0.00
    
    Subtotal: 0.00
    Shipping: 0.00
    Tax: 0.00
    Total: 0.00 USD
    (USD = US Dollar)
    
    **********************************
    Do not reply to this e-mail. This message was sent to you using an automated system. This e-mail alias is not monitored for replies. If you need help, please contact us through one of the methods available at [url]http://support.microsoft.com/default.asp...ntactfind[/url].
    **********************************
    
    Thank you,
    Microsoft
    
    i have got the same one for india as well ;)
     
    Last edited: Feb 26, 2009
  10. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    491
    Likes Received:
    37
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    http://www.Secworm.net
    i was expecting some reply after posting that confirmation mail. :)
     
  11. hanleyhansen

    hanleyhansen New Member

    Joined:
    Jan 24, 2008
    Messages:
    336
    Likes Received:
    8
    Trophy Points:
    0
    Occupation:
    Drupal Developer/LAMP Developer
    Location:
    Clifton
    Home Page:
    http://www.hanseninfotech.com
    For all we know, you could of made that email your self but hey if you got it to work and you fooled Microsoft, congratulations!
     
  12. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    491
    Likes Received:
    37
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    http://www.Secworm.net
    thanks buddy... and look at the positive side, that email aint made up :P
     
  13. Bhullarz

    Bhullarz New Member

    Joined:
    Nov 15, 2006
    Messages:
    253
    Likes Received:
    13
    Trophy Points:
    0
    Occupation:
    System Manager
    Home Page:
    http://www.tutors161.com
    What is going on here? Why are you all discussing Legal or Illegal thing here ? The GUY had a trick, he just shared it with all of members, as others share their ideas to code trojan, disabling Anti-Viruses.

    It all upon you. If you like the trick, use it. Otherwise Don't use it.

    We have other issues to discuss here like Call Center Software, Working of eBay, Microsoft Policies. Talk about these. I think these are more informative topics than the thing going on here.
     
    Last edited: Mar 3, 2009
  14. xpi0t0s

    xpi0t0s Mentor

    Joined:
    Aug 6, 2004
    Messages:
    3,009
    Likes Received:
    203
    Trophy Points:
    63
    Occupation:
    Senior Support Engineer
    Location:
    England
    The site is Go4Expert, not Go4Crook. So when something illegal (like theft, which is what this is) is being discussed, it should be pointed out that it's illegal. Feel free to nick whatever you like off whomever you like, if you're comfortable with (a) theft and (b) jail.

    The problem Go4Expert has is that in this litigious society and culture of "it wasn't my fault he made me do it", anyone who successfully argues to a lawyer that they got the idea off this site opens shabbir up to legal action and who knows where that might lead. Personally I don't give a hoot about IS's lack of morals, but I don't think shabbir should be shot because of that.
     
  15. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    491
    Likes Received:
    37
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    http://www.Secworm.net
    lack of morals :( :S
     
  16. Bhullarz

    Bhullarz New Member

    Joined:
    Nov 15, 2006
    Messages:
    253
    Likes Received:
    13
    Trophy Points:
    0
    Occupation:
    System Manager
    Home Page:
    http://www.tutors161.com
    I fully agree with you that this site is for programmers/learners. But this site is also providing CODES which can harm other's computers. That thing can not be legal too, if you are teaching someone that how to harm others. but that is also available here. then this thing should be fine here too. Treat such posts as same.

    Moreover, this section is for learning.
    Learn the thing that If you got a chance to work on some BPO software, don't make such mistakes as done in this case.
    Learn the thing that how people can find the way to crack into your system, like this guy found out the way.
    Explore the thing that how to avoid such frauds.

    Personally, I don't like this way as it is fraud. and we should discourage such posts in future. But this article teaches a lot of things. Gives us a new point of view of non-technical person. so it is nice.

    I just want you all people to talk about other things of the post instead of just concentrating on one aspect of the article.
     
  17. xpi0t0s

    xpi0t0s Mentor

    Joined:
    Aug 6, 2004
    Messages:
    3,009
    Likes Received:
    203
    Trophy Points:
    63
    Occupation:
    Senior Support Engineer
    Location:
    England
    Doesn't that contradict the rest of your post?
     
  18. Bhullarz

    Bhullarz New Member

    Joined:
    Nov 15, 2006
    Messages:
    253
    Likes Received:
    13
    Trophy Points:
    0
    Occupation:
    System Manager
    Home Page:
    http://www.tutors161.com
    Nopes. I am not in favor of posting such articles, which teaches that how to harm others. But here all this is done as for Education Purposes. so what can be done? So, we should utilize whatever we have whether BAD or GOOD.
    Like this article is also approved by ADMIN. If it was legal, it shouldn't be approved at all. But it was approved. ADMIN must be having some plans for such kind of articles.
     
  19. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,375
    Likes Received:
    388
    Trophy Points:
    83
    Read the last line on every page and that should keep me safe. Now if this is Ethical or not is the question. I guess having such things helps people on ebay to not give such ids to other people and so I have not removed it till now.
     
  20. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,375
    Likes Received:
    388
    Trophy Points:
    83
    Added the following as well to the article.

    Do at your own risk as neither Go4Expert nor the author of the article are responsible for anything legal related to it
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice