Monday, July 30, 2012

BUILD YOUR OWN SKIMMER : Electronique skimmer Part 1

I will show how to build ATM skimmer for cheap price and how cybercriminal do it in a lot of new part on BUILD YOUR OWN SKIMMER

This first part is just an introduction


Rafael101 is one of the most famous seller of ATM skimmer on underground market

He has selling Audio skimmer for diebold and skimmer with electronic for ncr and wincor

ncr, wincor and diebold are different ATM who don't use same bezel and security, for exemple
diebold in France have trigger Alarm security, when you put your skimmer in the bezel, the 
ATM come offline and not work

Now he sell offline verifone (hacked point of sale who register tr1 + tr2 + pin)



His thread : here




you can download his public pic to sendspace in picture (if you had good eyes)


I have contact him on ICQ for price of all his product

He sells Diebold audio for 2200$ (yes is exmpensive because build an audio skimmer is easy if you read all part)

He sells to atm skimmer with electronic in different part, you need to build this

electronic skimmer :

bezel ncr over anti 1600$
bezel ncr green 1000$
bezel wincor 1000$
camera with a 6hours batery life 350$
electronic skimmer 900$
cover for camera 150$

Private picture files (received from icq) :

ncr over anti with cover for camera for ncr

The ncr over anti is the most expensive but this is normal, he is used to ncr ATM who have already an anti and have a great plastic quality for the mm

The ncr over anti in ATM look like this when it is used

you can see, it more big than an normal ncr anti


I don't post other picture becaus there a same than other fake bezel you can see in lot of website

I will show you in second part how you build your own electronic skimmer (bezel and camera in other part) for not 900$ but 50% off

Sunday, July 29, 2012

How to bruteforce botnet admin panel using windows


Sry for long posting but this is holiday in france
I have decide to show you how I bruteforce in windows for all people same me who hate linux, you lose time to run linux in VM with hydra

This method is called FUZZER, bruteforce form login is useless because very low and sometimes 
protected by captcha...



form login


.
Fuzzer method is bruteforce the request you send to the server with the username and password

live http header (firefox plugin), you can se the request

I teach you 2 method with different software one with webslayer and one with acunetix/burp suite
You need to download dictionnary for password
I used only admin for username
For password, I used this .txt 
For find admin panel, I simply used havij (panel finder) or google seach

#1 Webslayer method


you need to download : webslayer and live http header (firefox plugin) don't exist for chrome

Webslayer is the fuzzer, he don't sniff the http headers, you need to used for that live http headers.
First find a form login (botnet, exploit pack, istealer login planel ... or website too).
Send the link in firefox and open live http header and write 123456 or what you want in login and password, and copy this request :

Exemple of a request

After you past the link in Webslayer and modify the 123456 in admin (for login) and FUZZ (for password)
FUZZ is the text file with login or password you have choose
you can used FUZ2Z if you want used 2 dictionnary

Webslayer ready to start !

You have just to press start attack



If all is green, this mean fuzzer work, for find the good login and pass if location change or chars/code change ...
Just wait one night with and a day of work with a good dictionnary and you can find what you want :)
You can execute an unlimited number of webslayer :)



#2 acunetix/burp suite method


In this exemple I will show you only acunetix method because more popular than burp suite, but this is the same method for 99%

first buy acunetix with for 2000$, no this is a joke used a hacked credit card or used this cracked version 8 (last version)

At First got to this link and download acunetix scanner

http://www.acunetix.com/download/fullver8

ID: acunetixwvsfullv8
Password: nFu834!29bg_S2q


Then install it do not open it
If opened Closed it
Open patch and click on patch
Now open Acunetix you will be asked for some details

Enter below details
License Key: 2e3b81463d2s56ae60dwe77fd54f7d60
Name: Hmily/[LCG]
ComPany: Www.52PoJie.Cn
Email: Hmily@Acunetix.com
Telephone: 110

Patch Download Link:
here

You need to download too another firefox plugin (yes if you prefer chrome this is not exsit)
Download foxyproxy

We used only the fuzzer of acunetix, don't used authentification tester this is not work with cracked version

Foxyproxy can send request to acunetix to the httpsniffer because if you dont used foxyproxy, acunetix cant sniff http for firefox

First find a url with form login, open foxyproxy and add localhost and 8080 same in this picture

foxyproxy option
After click on used the proxy localhost:8080 for all url

open acunetix and click on start for http sniffer

connect to your form login with 123456 for user and password

In the http sniffer find the request and right click send to http fuzzer

Http sniffer
Now we start fuzzing, add click on add generator and add file generator with 2 files one with login.txt and one other with password.txt (select filetype Text)
click on insert into request in you 123456 for login and pass and click on start

Http fuzzer setting
After you have just to wait same Webslayer

Http fuzzer in action
dont forget to stop http proxy sniffer and foxyproxy

Conclusion


For me acunetix is most fast than webslayer (for not a lot)
You can open only 2 acunetix in same time and a number of unlimited of webslayer
All night and for each day of work I used 2 acunetix and 5 Webslayer in same time
I try to access to botnet, exploit pack ... not only webshop too (but I dont do any ilegal activity)

One day with this method I found login and pass of a shop with lot of credit card in clear (not crypted)

Hacked cvv2
I dont resell them in shop or other (Im 100% White hat)
You can be surprised with fuzzing method, you can access to big website with a big dictionnary
(I would like show admin for big website I have but this is too many ilegal)
Personnaly I never access to a botnet or exploit pack now :( (just an istealer and a webshell)
Maybe xylito is better than me.

Dont do that for hacked website
If you have any question I am here

I used a lot acunetix not only for fuzzing, but scanning and other, I can rep to your ask with this penetration soft


Saturday, July 14, 2012

Holidays

Im in holiaday no news for 1 weeks
thx for all subscriber
thx to Leguepard60

Thursday, July 12, 2012

BUILD YOUR OWN SKIMMER : Audio for Diebold PART 2

The second part for mp3 skimmer for Diebold
I have take 2 source one of c.pro and one other of phreaker.us (electronic russian hacking forum)

c.pro source :


Приветствую, в данной теме показано как собрать аудио-скиммер за 10мин,особо не тратясь
Данный способ знают все,но всё же давайте по подробнее
Нам потребуется:китайская ручка-шпион, головка от магнитофона,батарея от телефонки(860mah хвати),2проводка разных цветов,изолента и паяльник.
С чего начнем?
Разумеется с выбора китайской ручки-шпиона
Ручки бывают уже с встроенной памятью(2-16GB) или со слотом для флешки micro-sd,данный стафф легко распространен и кардится в китай шопах.Лучше сделать несколько моделей ручек с разных китай шопов.
И так, берем ручку, откручиваем низ ручки где стоит стержень, видим вход для зарядки(он может быть 2х видов(вход для провода как на плеерах,нокии 6300 и тд) или просто USB

Мне попалась USB.Снимаем корпус ручки,перед нами остается только плата
Вот фото данной платы:

На ней всего 2 кнопки: Вверху-вкл/выкл, в середине-сброс
А так же 2 лампочки: желтая-зарядка/ожидание, синяя-идет видеозапись

Нужно заменить аккум,а то ским проработает не долго, снимаем старый и ставим новый аккум,он будет распологаться вверху морды
Перед тем как припаять головку,нам нужно увеличить провода которые будут соединять голову с платой,отпаиваем старые(они на фото:красный и черный), припаиваем проводки примерно 4см чтобы был небольшйо запас и голова стояла в прозрачке как положено.
к проводам паяем голову-осталось все только правильно установить и залить.Камера устанавливается под углом(тут нужно будет замерять у атм правильно ли она стоит)
Итого получится(фото взято с инета):


Данные аудио кишки подходят только к дибу оптева)сейчас много моделей данной фирмы оснащены датчиками на скиммеры.Как проверить есть ли такой датчик?
А все очень просто,в темное время суток лепим на картоприемник гвоздь на скотче и ждем)если в течении 30мин он не ушел в офф и никто не приехал,то на данном АТМ не установлена данная антискиминговая система.
Еще возможны помехи создаваемые АТМом,экранируйте свои девайсы)
PS Перед установкой кишков еще раз проклейте морду с внутренней стороны(как бы не уверяли вас селлеры в крепкости морд),а то может случиться маленькое недорозумение

Pss не работаем по ру (рос,петрокомерц,банк москвы и многие другие) сам лично жопу надеру
Автор данной статьи не несёт никакой ответственности за совершаемые Вами действия. Всё, что Вы делаете - Вы делаете на свой страх и риск.
Всех благ,да простят меня тру кардеры


phreaker.us source

This is a very good post for mp3 skimmer, I dont copy past all post of the forum but you can find lot of interesting method.
The link https://www.phreaker.us/forum/showthread.php?t=4638

Wednesday, July 4, 2012

Prvtzone new cardeprofit ??

I have found an interesting post of Rome0 (always him) in C.pro about prvtzone (new forum of carding)After the carderprofit honeypot (story here), All new carding board are suspicious and a carder (Rome0) who have time to lost (because he is just a reseler) have write what he thought about the new board

True or Fasle, I don't know





Today by surfing on forums RU i have see thread who talk about forum carding and i see some forum i have never heard of my life .
I take a look on those NEW FREE OPEN REGISTRATION forum ... called Prvtzone.XXXX . When enter in url , i see design correct as forum carding , really common as other , see some Advert Banner (wievable by non register user ) where unknown ppl advert ( funny shop as " topdumps4you ) it not exist ( just example)

so i decided lookup this forum , first i trace DNS lookup of site and see:

Quote:
Prvtzone.XXXX
IP address: 108.162.197.83
No host name is associated with this IP address or no reverse lookup is configured.
108.162.197.83 is from United States(US) in region North America
TraceRoute to 108.162.197.83

Hop (ms) (ms) (ms) IP Address Host name
1 1 0 0 206.123.64.42 -
2 0 67 0 64.124.196.225 xe-4-2-0.er2.dfw2.us.above.net
3 2 2 5 206.223.118.61 equinix.tge9-3.ar1.dfw1.us.nlayer.net
4 1 0 1 69.31.63.182 as13335.xe-4-0-5.ar1.dfw1.us.nlayer.net
5 1 0 1 108.162.197.83 -
Trace complete

NetRange: 108.162.192.0 - 108.162.255.255
CIDR: 108.162.192.0/18
OriginAS: AS13335
NetName: CLOUDFLARENET
NetHandle: NET-108-162-192-0-1
Parent: NET-108-0-0-0-0
NetType: Direct Assignment
Comment: XXX.cloudflare.com
RegDate: 2011-10-28
Updated: 2012-03-02
Ref: http://whois.arin.net/rest/net/NET-108-162-192-0-1
OrgName: CloudFlare, Inc.
OrgId: CLOUD14
Address: 665 Third Street #207
City: San Francisco
StateProv: CA
PostalCode: 94107

Country: US
RegDate: 2010-07-09
Updated: 2011-11-03

Keep in Mind CloudFlare INC & Prvtzone are associated 
after few research about Cloudfare in usa i have discovered they are linked too Lulzsecurity 
Lulz Security is in collusion with the FBI and Federal
Agencies to advocate Net Neutrality. This will become
very obvious as this thread develops. 
Lulz Security

Quote:
hxxp://lulzsecurity.com/

Lulz Security comes with an who is IP of 199.27.135.62
That IP look-up renders the following data:

NetRange: 199.27.128.0 - 199.27.135.255
CIDR: 199.27.128.0/21
OriginAS: AS13335
NetName: CLOUDFLARENET
NetHandle: NET-199-27-128-0-1
Parent: NET-199-0-0-0-0
NetType: Direct Assignment
OrgName: CloudFlare, Inc.
OrgId: CLOUD14
Address: 665 Third Street #207
City: San Francisco
StateProv: CA
PostalCode: 94107
Now we know PRVTZONE - CLOUDFARE - LULZ SECURITY ARE ALL LINKED!!!! 

But who are Cloudfare ??? 

Cloudflare, Inc.

Quote:
http://www.cloudflare.com/

Let's reveal who are the folks behind the masks
of Cloudfare Inc.
Key Executives
Mr. Matthew Prince, Co-Founder
Ms. Michelle Zatlyn, Co-Founder and Director
Mr. Lee Holloway, Co-Founder and Lead Engineer
http://investing.businessweek.com/re...capId=81851700

Remember these names, we will be seeing them again.

Mr. Matthew Prince Co-founded CloudFlare, Inc. in 2009 and serves as its President and Chief Executive Officer. Mr. Prince worked as an attorney for one day before jumping at the opportunity to be a founding member of a tech startup. He serves as a Director of CloudFlare Inc. Mr. Prince attended the University of Chicago Law School and earned MBA from Harvard Business School in 2009.

http://investing.businessweek.com/re...sonId=82018167

Ms. Michelle Zatlyn co-founded CloudFlare, Inc. in 2009 and serves as its Head of User Experience. Ms. Zatlyn worked at Google and Toshiba, launched two successful startups. She serves as Director of CloudFlare, Inc. Ms. Zatlyn holds MBA from Harvard Business School and also holds a degree in Chemistry.

http://investing.businessweek.com/re...sonId=82018319

Please also note the connection to Google with Ms. Zatlyn.

and the computer guru of the outfit


Mr. Lee Holloway Co-founded CloudFlare, Inc. in 2009 and serves as its Lead Engineer.

http://investing.businessweek.com/re...onId=128404844

Lee Holloway's other current projects are extremely interesting
to this investigation as you will see a pattern develop.

Lee is the co-founder and lead software engineer at CloudFlare.
Lee holds a degree in Computer Science from the University of Santa Cruz. He is a software architect specializing in high-availability, high-volume databases including RegistryCompliance.com, Michigan’s Children’s Protection Registry and Walmart.com. He is also the co-founder of Project Honey Pot.

http://www.crunchbase.com/person/lee-holloway

Do we remember Project Honey Pot ?

After signing up for a new account, or logging in to your existing account, you will be provided a link. Hide this link on your web pages and we'll track anyone who follows it.

http://projecthoneypot.org/5days_monday.php

Project Honey Pot is a tool used by Law Enforcement Agencies
including the FBI to track and prosecute internet users as this next
article will show.

Quote:
Project Honey Pot springs $1 billion lawsuit on spammers
By Jacqui Cheng | Published 4 years ago

A "John Doe" lawsuit filed in the U.S. District Court in Alexandria, Virginia, this morning could be one of the largest anti-spam suits ever filed in the US so far. The suit was filed by Project Honey Pot, a free anti-spam service that collects information on e-mail address harvesters across thousands of sites on the Internet that have their software installed. The class-action complaint was filed on behalf of roughly 20,000 Internet users in more than 100 countries, according to the organization's web site.

Because of webmasters large and small installing its software on their servers, Project Honey Pot has collected information on thousands of e-mail harvesters in the US—people or bots that automatically scan web sites for e-mail addresses and then store them in a database for sale to a spammer. The organization hopes that by filing the "John Doe" suit, they can use that information in conjunction with subpoenas to find out who the actual spammers are.

The lead attorney in the case is Jon Praed of the Internet Law Group. Praed has achieved quite the reputation as a "spam hunter" in recent years, as he has successfully represented AOL and Verizon against spammers.

Under Virginia's anti-spam statute and the federal CAN-SPAM law, Project Honey Pot's case could result in more than $1 billion in statutory damages against spammers
http://arstechnica.com/tech-policy/n...n-spammers.ars

Please note the Name of the Attorney and his Law Firm.
Jon Praed, Internet Law Group

Internet Law Group website

http://www.i-lawgroup.com/

from their web site link above we find this tid-bit


Quote:
We help our clients achieve this objective by collecting information about acts of Internet fraud from across our client base and other sources, using automated systems developed in-house. We trace the acts back to their human source, using a variety of formal and informal information-gathering techniques. Our clients hire us to increase the intelligence of their own work, and to expand their view into the world of cyber-fraud.
So we have 1 connection for CloudFlare and Internet Law Group.
Is there more than 1 link? you bet.

In comes a Psudo entity called Unspam Technologies
which has the very same CEO as CloudFlare
Matthew Prince and who also has the very same
Lead Engineer, Lee Holloway and also has the very same
Law Firm representing them.



Punch number two is for the 15,000 IP addresses of crawlers. Those are the people collecting and selling e-mail addresses. Harvesting is a slow process and botnets are expensive to rent by the hour, so the spammers do it themselves, on their own computers with a constant connection, since one is needed.

Gotcha, said Matthew Prince, CEO of Unspam and Project Honey Pot. "Those will be some of the first targets from this litigation," he said. "We've identified very specific targets. In some cases have a good sense of who these people are. Then we can bring the full weight of the law down on these people who are breaking it."

The idea of suing spammers may seem as ludicrous as suing God; where do you deliver the subpoena? But Jon Praed, the lawyer on the case, founding partner of the Internet Law Group and one of the top lawyers involved in spam suits, said not to think that way.

http://www.internetnews.com/security...le.php/3674731

What is Unspam Technologies

Quote:
Unspam is a software and services company helping governments implement and enforce effective laws to control unwanted messages. We also provide basic as well as expert compliance consulting services to businesses wishing to ensure efficient adherence to the law.

http://www.unspam.com/about.html
Now we have double links between 3 individuals and
2 separate business entities with a direct connection
to the FBI who investigated the actions of these groups.
But .... is it legal ? Not according to the US Constitution.


Quote:
Spammer walks as court says state antispam law is unconstitutional.
Justice G. Steven Agee, who has since moved to the U.S. Court of Appeals for the 4th Circuit, wrote the unanimous opinion for the court. “The right to engage in anonymous speech, particularly anonymous political or religious speech, is ‘an aspect of the freedom of speech protected by the First Amendment,’ ” Agee wrote, citing a 1995 U.S. Supreme Court case.

“By prohibiting false routing information in the dissemination of e-mails,” the court ruled, Virginia’s anti-spam law “infringes on that protected right.”
http://www.zdnet.com/blog/government...itutional/3999

Was defeated in the Supreme Court. What to do now
Net Neutrality laws to make their illegal actions legal.

So who is doing this and how

George Soros through the FCC



Quote:
The Federal Communications Commission colluded with a George Soros-funded, Marxist-founded organization to publicly push a new plan to regulate the Internet under the government’s "net neutrality" program, according to just released documents.
http://www.wnd.com/?pageId=306385

Lulz Security and Project Honey Pot both have
pages on their web sites for donations.
And can only be paid by BitCoin.
Very unusual since this is the very
same secrecy they are supposed to be
prosecuting.

Now, in lieu of all this data of these people and the
orgs behind them with a common agenda, Why do
you suppose they would attack Senate.gov and
CIA.gov ? False Flags !!!!

To pave the way for net neutrality and control
of the internet which was their original mission.

I wonder just how much of those donations
comes from Soros who has the same agenda ??
Now, you do your own homework

Monday, July 2, 2012

SQL injection : CVV2 hashed in CMS hotel website

Hi, just find an easy vuln in hotel website for worldwide CVV2 :
This website used a CMS that is used by a lot of Hotel website
They have lot and lot of Hashed CC number !

The panel : 



The stats



Lot of cvv2


A cvv2 in pdf (with exp date, cvv2 code, cc hashed number)


Lot of other website, using the CMS are vulnerable !!! (MORE CVV !!)


If you know how to decrypt this HASH, you are rich
I have seen more than 10 000 Worldwide CVV in all CMS
They have not only US but lot of EU country too

If you have any comment :)