Jump to content

All Activity

This stream auto-updates     

  1. Today
  2. 2sreda

    free VPN

    I am looking for a free VPN, which in case of something will not give data to anyone who does not need it, does not log and so on. Which VPN do you use yourself?
  3. Bitcoin and cryptocurrency prices have staged a remarkable recovery over the last week, reinvigorating a tired crypto market. The bitcoin price has added almost 30% over the last week, with ethereum climbing more than 20% (subscribe now to Forbes' CryptoAsset & Blockchain Advisor and discover crypto blockbusters poised for 1,000% gains). Now, an expert crypto panel has predicted ethereum could be set to double in price to $4,600 by the end of 2021—an increase that would dwarf the panel's bitcoin price prediction. Sign up now for CryptoCodex—a free, daily newsletter for the crypto-curious that explains the world of bitcoin with brevity. Arriving in your inbox at 7am EDT every weekday
  4. The content of the article Chip Legacy Brazilian hack Cryptogram Replay and Cryptogram Preplay PIN OK Conclusion Almost all modern bank cards are equipped with a special chip that stores the information necessary for payments. In today's article I will talk about the methods of fraud with such cards, as well as the methods used by banks to counter carders. INFO You can learn about the principles on which the security of banking payment systems is built in the articles “Understanding how credit card security systems work” and “How hackers steal money from bank cards”. CHIP LEGACY One of the types of information contained on the chip card is the so-called Track2 Equivalent. It almost repeats the contents of the magnetic stripe one-to-one and, most likely, serves as a card identification parameter in HSM systems and other card processing subsystems. One of the types of attacks that are carried out from time to time by cybercriminals involves recording Track2 Equivalent data on a magnetic stripe, after which fraudulent operations are carried out either as regular transactions on a magnetic stripe or in a technical fallback mode. To steal such data from ATMs, so-called shimmers are used. Shimmer - a device for discreet data removal when using chip cards at ATMs. In one of the articles on the PWM-Ming mentioned that in 2006, at the beginning of issuance of chip cards in the UK field Track2 Equivalent contained the original CVV2 / CVC2. Because of this error, it was easy to create clones of magnetic stripe cards, which were used for payment using a chip. Then the payment systems decided to use different seeds when generating CVV2 / CVC2 fields on the magnetic stripe and in the Track2 Equivalent field. It would seem that the problem has been solved - the value of the secret field CVV2 / CVC2 on the magnetic stripe does not coincide with what is written on the chip. But shimming is alive and well. Why? Many banks still approve transactions with CVV2 / CVC2 values read from the chip! This is often mentioned by Visa and almost never written to MasterCard. One of the reasons, in my opinion, is that in almost all MasterCard cards the CVC2 in Track2 Equivalent is equal to 000. For cards this is also irrelevant: among the dozens of banks I have tested over the past two years, I have not found a single card where this attack would be possible. Nevertheless, it is worth noting that such attacks are popular in USA. INFO One of the few MasterCard cards with which I was able to reproduce this attack belonged to a bank that did not check the value of the CVC2 field at all. I could substitute anything there - 000, 999, or any other options in between. Most likely, this bank has not turned off the debug mode, which approves any transactions. What is it fraught with? A hacker could change the field indicating that the card does not contain a chip, and verification of the integrity of this field would be impossible, because any CVC2 was accepted by processing. The vulnerability, very much like the next one on the list, was quickly fixed after a letter to the bank.Service Code According to my statistics, 4 out of 11 cards were subject to similar ata Cams. BRAZILIAN HACK This term refers to several types of attacks, including the attack on offline terminals described by Kaspersky Lab. Brian Krebs spoke about the most massive attack with this name . What is the essence of the sensational attack? In the early 2010s, chip cards finally became widespread in the United States. Several banks have started issuing such cards. It is worth noting that so far the most common chip scheme in the USA is not Chip & PIN, but Chip & Signature. The owner of such a card does not need to enter a PIN-code, but only needs to insert the card into the reader and confirm the transaction with a signature on the receipt. Why this scheme has taken root so well - I will tell you further. It seems to me that somewhere in this process there was an insider leak of information, and the hackers found out that the chip transaction seems to go through, but is not verified on the side of the issuing bank. The bank simply took the Track2 Equivalent field and performed identification as if it were a normal magnetic stripe transaction. With a few nuances: the issuing bank was now responsible for this kind of fraud under the new EMV Liability Shift rules. And issuing banks, not fully understanding how such cards worked, did not impose strong restrictions on "chip" transactions and did not use anti-fraud systems. Quickly realizing that they could benefit from this, carders opened merchant accounts and, using black market data from Track2 magnetic stripes, made hundreds of transactions in a “chip”. The investigation took years, and by the time the investigation was over, the scammers had already disappeared. The amount of losses was not disclosed, but it is clear that they were significant. The saddest thing is that since then, the inhabitants of Latin America are prowling around the svein search of the "white whale" and actively testing the banks, trying to find another such non-disabled debug interface. CRYPTOGRAM REPLAY AND CRYPTOGRAM PREPLAY "In the wild" such an attack was observed only once. It has been documented and described (PDF) in a study by renowned experts from the University of Cambridge. The essence of the attack is to bypass the mechanisms that ensure the uniqueness of each transaction and cryptogram. The attack allows you to "clone transactions" for further use without access to the original card. In the first hour or minute it has told that the input card receives a certain set of data: the amount, the date of the transaction, as well as two fields, providing the entropy, even if the amount and date of the same. From the terminal side, entropy 2 32 is provided by 4 bytes of the field UN - a random number. From the side of the card - ATC-counter of operations, increasing by one each time. The pseudo function looks something like this: Cryptogram=Signature(ATC,UN,Amount,Misc,SecretKey) If one of the fields changes, the output value of the cryptogram also changes. However, what happens if all fields remain the same? This means that the previous cryptogram will remain valid. This leads to two possibilities for attacks on chip transactions. Cryptogram Replay. If the compromised terminal issues the same field UN, once read from the card, the cryptogram with the transmitted predictable field UNcan be used as many times as desired. Even the next day, attackers can transmit information about the old cryptogram with the old date in the authorization request, and this will not lead to denial. In my tests last year, I repeated the same cryptogram seven times over seven days, and this did not raise any suspicion from the bank. Cryptogram Replay Attack Scheme. Cryptogram Preplay. This scheme is used if the vulnerable terminal does not return the same UN, but gives them predictable ones. This is how the vulnerable ATM worked in the Maltese attack described above. In this case, the attacker, when physically accessing the card, clones several transactions "for the future." Unlike the first attack, each transaction can only be used once. This attack is interesting from the historical point of view of the development of the EMV protocol. When the protocol was created, the ATC field was created specifically to protect against such attacks. The issuing bank had to check the value of the ATC field, and if these values came out of order, with noticeable jumps, suspicious transactions were rejected. For example, if transactions with the ATC value were received for processing , then the transactions whose numbers are highlighted in this sequence should have been considered suspicious and rejected by the processing. But then complaints from customers began to come in, and adjustments were made to the technology.0001, 0002, *0008*, *0008*, *0008*, 0009, 0010, *0003*, *0004* Consider an example: a bank client gets on a plane, pays in the plane with a card using an offline terminal. Then the plane lands and the client pays with a card at the hotel. And only after that, the terminal used on the plane connects to the network and transmits transaction data. In this case, a jump in ATC will be recorded, and, following the rules of payment systems, the bank could reject an absolutely legitimate transaction. After several such episodes, payment systems have made adjustments to their requirements for ATC leaps: jumps should be counted only if the delta is between the values of the counter "above X", where the value of X must be determined by each bank individually; jumps are not necessarily a sign of fraud, but continuous jumps above the X value are a reason to contact the client to find out the circumstances. At the same time, the first scenario - cryptogram replay - was left behind. If the card processing is designed correctly, there is not a single reasonable explanation for the situation when the same set of data (Cryptogram, UN, ATC) enters the input many times and is successfully approved by the bank. Over the past year, I sent information about this attack to more than 30 different banks and received a fairly wide range of responses. In some cases, incorrect design of processing services leads to the fact that the bank cannot simply block operations with the same values. It is also worth noting that in the "wild" I have not come across terminals that would return the same UN field value. This means that attackers have to use their own terminals, which makes money laundering more difficult. In addition, even offline authentication does not always help: it can be bypassed or it can be assumed that the UN source is compromised in it. In this case, the resulting values of the DDA / CDA authentication schemes for the predictable UN field can be calculated in advance. Statistics show that 18 out of 31 bank cards are susceptible to replay / preplay attacks against a contact or contactless chip. At the same time, in Russia, I could not find a single bank vulnerable to this type of attack, which is extremely curious. PIN OK This is perhaps the most famous attack on chips. The first theoretical prerequisites for this attack were described by the Cambridge team in 2005 in the Chip and Spin study, a year before the EMV standard became widespread in the UK. But the increased attention to this attack came much later. In 2010, a full-fledged study of the Cambridge Quartet was published on the PIN OK attack. For this attack, they used a device that implements a man-in-the-middle technique between the card chip and the terminal's reader. A device for the implementation of the "man in the middle" technique In 2011, at the Black Hat and DEFCON conference, a group of researchers from Inverse Path and Aperture Labs unveiled more information about this attack. At the same time, in 2011, an organized criminal group used 40 stolen bank cards to carry out 7,000 fraudulent transactions, as a result of which 680 thousand euros were stolen. Instead, the researchers apply the criminals bulky device used the little invisible "second chip" mounted on top of the original, which made it possible to emulate an attack in real condition-ditions. In December 2014, researchers at Inverse Path again brought up the topic of attacks on EMV transactions and presented some statistics they had collected over three years (PDF). In 2015, a detailed technical case study (PDF) was released by unknown attackers in 2011. Let's take a look at the technical details of this attack. To implement it, recall, you need to use the man in the middle technique. The card transmits to the terminal the CVM List (Card Verification Method) field - a priority list of cardholder verification methods supported by the card. If the first rule on the card is "Offline PIN encrypted / unencrypted", nothing happens at this stage. If the first rule is different, then during the attack the first rule is changed to "offline-PIN". The terminal then asks the cardholder for a PIN-code. The “offline-PIN” rule means that the PIN-code will be transmitted to the card for verification in an open or encrypted form. In response, the card will either answer 63C2 "Invalid PIN, there are two attempts left", or 9000 "PIN OK". It is at this stage that an attacker who has infiltrated the authorization process will replace the first response with the second. At this stage, the terminal considers that the PIN has been entered correctly and requests a cryptogram from the card (Generate AC request), passing all the requested fields to it. The card knows that the PIN is either not entered at all, or entered incorrectly. But at the same time, the card does not know what decision the terminal made next. For example, there are terminals that, when entering an incorrect PIN-code, ask the cardholder to sign on the touchscreen - this is done for his own comfort. Therefore, when the terminal asks for a cryptogram, the card gives it back. The response contains the CVR - Card Verification Results field, which indicates whether the PIN was verified by the card or not. Moreover, this field is part of the payment cryptogram, and attackers will not be able to change its value: The terminal sends all data in the ISO 8583 Authorization Request packet to the acquiring bank, then they are sent to the issuing bank. The bank sees two fields: CVM Results, which indicates that the offline PIN was selected as the verification method and that the terminal supports this verification method. But the bank also sees that the card did NOT accept the PIN-code or that it was entered incorrectly. And in spite of everything, he approves the transaction. If the card uses the CDA authentication scheme and attackers need to override the first CVM list rule, offline authentication will fail. However, this is always bypassed by substituting Issuer Action Code fields. The details of this case are described in the latest version of the presentation from 2014 by experts from Inverse Path. Also, in the first study from 2011, experts showed that the EMV standard allows you not to reject transactions on a payment device, even if secure methods of authentication and verification did not work, but go further, each time choosing less secure methods (the so-called fallback). This opens up other opportunities for attackers, including PIN stealing attacks during operations on compromised POS terminals. CONCLUSION Interesting statistics for the last year: despite the fact that in 2010, the "real cybersecurity man" of the banks be touched the way someone does not follow the obvious problems about the card-Ces-Singh, in 2021, all about as bad. The statistics of inspections over the past year showed that 31 out of 33 bank cards from different parts of the world, including ones, are vulnerable to this attack. In the next article, I will consider the schemes of attacks on contactless cards and related applications - mobile wallets.
  5. Hello. I sell fully verified accounts of various services. I have a huge number of people who are ready to undergo verification of any service. My accounts are high quality. Constant discounts for regular customers! For a price list, please contact me personally. CryptoExchanger and Cryptowallets: -- Paxful -- LocalBitcoins T-2 Level -- Bitzlato -- Coinmama -- Paxum -- Bittrex -- Binance -- Cex.io -- Kraken Pro -- Huobi -- Bitfinex -- Blockchain Gold -- Koinal -- Coinpayments -- Advcash -- FTX -- Poloniex -- Crypterium -- Uphold -- Buyex -- Coinsbit -- Hibtc -- Transferwise -- Wirex -- Litebit -- Coinbase -- Bitpanda -- Coinfalcon
  6. Magnetic Stripes Translated from Hack-Tik, #8, #9/10, available at PO Bos 22953,1100 DL Amsterdam, The Netherlands Translation by Dr. Abuse Text/Schematics _copied_ from 2600 Magazine, Summer 1991 by: * ..oooOO Count Zero OOooo.. * * * * -=Restricted -=Data -=Transmissions * * * * "Truth is cheap, but Information COSTS!" * (Read _my_ article on Magstripe Technology in Phrack #37 if you want _detailed_ descriptions of encoding tech, specification, etc. -c0 ) People KEEP ASKING me about this article that appeared in 2600, and many people wanted the schematics. I figured I might as well type it up in order to help spread the info around as efficiently as possible. I hand-drew the schematics in 320x200 .GIF format. Enjoy, and remember to always SHARE the knowledge... (The following is a VERBATIM copy of Dr. Abuse's translation. Thanks Doc!) "Cash is out. Plastic is in. In the nineties, the question is: who has the best hand of cards? We will help you play the big magnetic card game. Everybody has looked at those credit cards and wondered what exactly was on them. Whoever dared to even ask about magnetic readers/writers was shocked after hearing the price and they went back to their daily living. And this while you would be very anxious to know what the bits and bytes mean. We now give you the opportunity to build your own credit card reader/writer. For the cost of playing around with electronics plus a few dollars, you can build your own magnetic card copier. This device reads from one magnetic card and puts the data out onto the other card. For the advanced electronic hobbyist, there is the magnetic card reader and writer. Everybody who knows ehat a TTL is and can squeeze something out of his computer and/or hold a soldering iron will be able to make this credit card reader/writer together with the schematics. Far more interesting than all of the electronic mumbo-jumbo is to first see what's really on the magnetic stripe. For that we give you the first bit of information in this article. The information on most credit cards is stored in binary form. These ones and zeros are stored by changing the magnetic field of the magnetic head by 180 degrees. To see what's really on the card, you put some iron filings on the magnetic strip and tap the card gently onto the edge of the table (keep paper underneath it because it probably would have cost you lots of effort to make the iron filings) and behold! Here's your magnetic information, plainly cidible to the eye. Some cards have such big bits that you theoretically should be able to change the information on it with a magnetized razor blade (Paris Metro cards are a good example). On other cards, the bits are so close to each other that you will only see a magnetized solid bar. To store away the information on magnetic cards, some international standars were developed by ISO - the International Standards Organization. To name one: the magnetic stripe is divided up into three tracks. A lot of manufatcurers use other coding methods to write the cards with and only the iron filing method will give you insight as to what's on the card in these instances. The first project as amntioned before is to copy the information from magnetic card to another. This means that it doesn't matter whether the information is encoded or not since you are just copying. The only thing you need to know is the exact location and height of the track with the information that you want to copy. As long as the write head of your copier is bigger than the mangnetic strip, you are safe. See the schematic on this page. (Schematic #1) The Credit Card Copier At the left of schematic #1 you will see the read head. For this (as well as the write head) you cannot use any cassette player head which happens to be lying around. You will need to use a data head or a card reader head (you can obtain them from Michigan Magnetics among others). If the head is bigger than the track you are reading from, you will pick up extra noise but if the head is too small, the signal might become too weak. Experimenting with the gain is essential. The write head should be as big as possible unless you want to write more than two narrow tracks next to each other. Between points A and B you can jput a pair of headphones (which you have put in series). If you pass the read head along the stripe, you will hear a sound that might be familiar to you hobbyists who used to once work with data cassettes. Now you will need to find a way to make the read and write head go simultaneously along both cards. The trick for this is to take a piece of wood and mount both heads on both ends of it. Attach the cards (with scotch tape) to a solid surface and gently slide the heads along both cards (making sure that the heads go in parallel with the magnetic stripe). There are, however, cards on which the infomation is not put on the stripe at a nintey degree angle. If you see something like that (using the iron filing method) you will have to adjust the position on which the heads are mounted. A little trick to adjust the heads is to replace the 220 ohms resister in front of the headphones by a 100 nF capacitor and then listening until you find the angle that gives you the highest pitch sound. You can only write to a card which you have erase previously by, for instance, a demagnetizer. To doublecheck if your copy is good, you can listen to it by passing the read head over it and checking to see if the sound of the original and the copy are the same. We found ou that the human ear is a very accurate meter to indicate the accuracy of the copy. One last word about the dual opamp - pins 4 and 8 of that chip are used to supply positive and negative voltage (see schematic #3). The Reader/Writer This schematic reads and writes to the same head. If you want to write something with this schematic, you will have to come up with a device which has a very accurate constant speed, like a modified printer. The most suitable device, though, would be a real reader/writer mechanism. Most opamps want to have a positive as well as a negative voltage. But by means of an active voltage divider (see schematics) we can supply the whole card reader from one 12 volt power supply. The active voltage dicider is used twice in the reader/writer. First of all to divide the 12 volt down to 6 volts (in order to do this you put a 5.8 kohm resistor where the asterisks are in the schematic). The second voltage divider you make by putting a 3.3 kohm at that spot. This is done to divide the 5 volts out of your computer into 2.5 volts. The best thing to do is to plave a relay on the write line going to the head. This is so as not to introduce noise while reading form the card. Now all you need is an interface that can control the motor fo your read/write unit and which can exchange the bits with the circuitry described above. What you can do then is make binary copies of your card. The credit card reader/writer can only be used on cards which store their information in binary form, so go and check first with iron filings. In this section, we will describe several data formats which are used in credit cards. We will only describe the three tracks as they were described by ISO. On the third track a large quantity of formats are used. Only two of them are published here. The real formats as they are used by banks tend to differ from the original ISO standards but a little bit of research can do miracles on these occasions. You might wonder how the bits as described later are encoded onto the card because the schematic as we described above is only capable of putting 180 degree magnetic field changes onto the card. To explain that we use track 2 because the bits are physically the largest and this ought to work with homemade electronics. Track 2 The bits are encoded as follows: they are separated by reversing the magnetic field. These reversals make the output of your reader go from one to zero or vice versa. Beware: the fact of whether or not it's a one or zero is not important, but the change in polarity is important. And now, to make it even more complicated, not only is there a magnetic reversal between tow bits but also in the middle of a binary one is a reversal. So if you have a constant moving head over your card, software should be able to determine whether they are reading a zero or a one. In fact, nobody is capable of speeding up the speed of his reading head twice within the time period of one bit. THerefore, even a constant speed is not required. SO you will get away with cheap, lousy equipment. Now you have a whole lot of ones and zeroes inside your computer and you still don't know anything. The important thing here is to know the bit stream starts at the left side of the card so the strip is being read from right ot left and after a couple of zeroes the data will start in the following format: P1248P1248 etc. The P stands for parity bit and the 1,2,4,8 stand for the decimal values that they represent (0001 0010 0100 1000). If you decode this, there is your data, which is similar to Track 2 specifications (ABA). How the LRC character work (a checksum) we don't know yet. BUt our mailbox is open to any suggestions." ---Well, there is it. Pretty damn good. If you want greater detail, be sure to check out my article in Phrack #37. Happy hunting! ..oooOO Count Zero OOooo.. *cDc* -=RDT Schematic 1. Schematic 2. Schematic 3. Schematic 4. Schematic 5. The original article scanned: Page 1. Page 2. Page 3. Page 4. WARNING: I have not tested the designs appearing in the article above nor I know of anybody who did it, in fact I received some e-mails from people who tried them without success. So be aware before spending your precious time with them. On the other hand, let me know if you succeeded with them.
  7. Good day seniors! I'm very interested in purchasing credit card details for cloning but I've been ripped off before many times that's why I'm asking for your guidance on legit shop to buy. Your guidance on Legit GSM Data receiver skimmer shop would be highly appreciated too as I want to buy one soon.
  8. Tell me who sells Revolut to Germany or Spain . better a business account.
  9. Yesterday
  10. Last week
  11. I have a new method to clear Fullz guaranteed any uk spammers message me and I’ll send you my telegram/icq. Let’s work and make £
  12. policia

    Libre Torrent

    LibreTorrent is a free open source torrent client for Android. Automatically move downloaded files to another folder or external drive HTTP \ S and magnet links Supports proxies for trackers and peers 35 + translations and much more... https://gitlab.com/proninyaroslav/libretorrent
  13. Universal Radio Hacker (URH) is a complete wireless protocol exploration suite with native support for many common SDRs. URH makes it easy to demodulate signals, coupled with auto-sensing modulation parameters, making it easy to identify bits and bytes that fly through the air. Since data is often encoded before transmission, URH offers customizable decoding to crack even complex encodings such as CC1101 data whitening. When it comes to protocol reverse engineering, URH is useful in two ways. You can either manually assign the protocol fields and message types, or allow URH to automatically output the protocol fields using smart data. Finally, URH includes a fuzzing component for stateless protocols and a simulation environment for stateful attacks. This project should only be used for testing or educational purposes. https://github.com/jopohl/urh
  14. on this site you can get free full info on this site, you can generate a document number on this site you can see what the original document looks like https://generatormr.site
  15. Earlier
  16. What is it? From some books and materials, you may already know that search engines have many special commands to refine queries. You can search not only by keywords, but also by fragments of site addresses, file extensions, etc. In addition, with the help of special characters, you can exclude or, on the contrary, be sure to include some words or whole phrases. Dork is just such a request: sharpened for a specific topic, aimed. Dorks are usually associated with "legal hacking": they allow using a search engine to access hidden sections of the site, for some reason "sticking out" without special protection. Yes, if you ever have your own web resource, cover it from such incidents. Usually, articles on dorks are devoted to this very thing - otherwise there would be no point in writing this post, but I want to cover dorks in a net-stalker context. Home hackers are leaking their client bases and are happy. For us, the compilation of a dork is determined by expediency. There are no private doors / dorks. There are people who have passed their compilation better than you. Pull up to their level = get a "private" dork for free. What does it look like in netstalking? You can make dorks for both delisourch and non-random. That is: both to search for a specific object, and to gain access to a wide class of objects, from which you do not yet know what exactly to expect. An example of the first: searching for a book or a specific document (some kind of building permit, say). Example of the second: all Excel tables from sites on the .gov domain; all users of all Russian forums on the selected engine with specific interests in the profile. A couple of case examples. (from hex break) Netstalkering in googledrives: inurl: "/ drive / folders /" site: drive.google.com (from CapyB) There is a cool dork for tor "(site: onion.link | site: onion.cab | site: tor2web.ch | site: tor2web.org | site: onion.sh | site: tor2web.fi | site: onion .direct | site: onion.gq | site: onion.top | site: onion.rip | site: onion.guide | site: onion.to | site: onion.gold) here the query "allows you to find a significant part of onion resources, but not blockable tor project like other crawlers Also, dorks are the main way to search on the Internet of things (the same cameras) through search engines such as shodan.io, censys.io . How to work with it? Where to get dorks? The question is harmful, the correct one sounds like this: How can I learn to make my own dorks? 1. Take a list of search commands of several major search engines (the search engines themselves provide this information). Think back to a couple of your last difficult queries. Try to formulate them through these commands. 2. Consider the finished doorknobs. A number of analyzed examples are right in this article. 3. To compile a dork for a site or engine - see what the addresses of pages / file resources on this site / engine consist of. see Trello incident. This point is closely related to parsing pages. Those. the same thing you need to be able to get and download / automatically analyze all pages through a script in some Python realties. 4. Go from big to small. Take what you are looking for and define it in more and more detail. For example. You need to find some ice cream from your childhood, about which only the red color of the label in English and the fact that it was red remained in your memory. "red ice cream" - didn't work, many options "red ice cream - babaevskoe" - again many options "red ice cream - babaevskoe -" red October "" - again many options "" ice cream of red color "1997 - babaevskoye -" red October "" ... etc. (The "-" sign is an exception, one of the special characters mentioned at the beginning) Or, using an example with a more random search at a site address: I am interested in the site aaa.com. You need to go over its php files, but not where the main content of the site lies. We look for php files like this: site: aaa.com filetype: php If there are many results, then we cut off those pages of which there are most, for example: site: aaa.com filetype: php -index -news -search This filters out everything that is generated based on the index.php, news.php, search.php pages. As a result, more hidden / hardly viewed copies remain in the search results. This is the basis for compiling dorks. Difficult cases are already variations on its basis. Take a close look at the urls of your target site or sites, try different commands, and be sophisticated in highlighting the features of your searched object. Gradually, the skill of writing effective search queries will fall in your hand as conveniently as the body of a mouse.
  17. For three days in a row, I accepted money transfers to various cards, and interestingly, not a single card flew into the block, everything is as safe and efficient as possible.
  18. Bitcoin and cryptocurrency prices have suddenly crashed lower, falling sharply after weeks of malaise. The bitcoin price dropped under the closely-watched $30,000 per bitcoin level as smaller cryptocurrencies including ethereum, Binance's BNB, cardano, Ripple's XRP and the meme-based dogecoin recorded double-digit percentage losses, wiping away $200 billion in value over the last week (subscribe now to Forbes' CryptoAsset & Blockchain Advisor and discover crypto blockbusters poised for 1,000% gains). The sudden bitcoin and crypto move lower coincides with a global stock market sell-off yesterday that saw the Dow Jones Industrial Average post its biggest one-day point drop since October as fears mount the highly contagious Covid-19 Delta variant could set back economic recovery efforts. Sign up now for CryptoCodex—a free, daily newsletter for the crypto-curious that explains the world of bitcoin with brevity. Arriving in your inbox at 7am EDT every weekday
  19. Today we will talk about contactless payment Apple pay, Google pay and Samsung pay. What is apple pay. With the help of Apple Pay programs, users of iPhone 6/6 +, 6s / 6s +, SE, 7/7 +, 8/8 +, X, XS / XS Max / XR, Apple Watch can pay for purchases using NFC technology (“near contactless communication») In combination with the Wallet program. Apple Pay does not share original bank card details with the merchant; instead, transactions use a "dynamic security code" The main feature and plus of this theme is offline purchase. This is the same as if you go and pay with a personal card in the store, but there are nuances that will be described in this manual. What do we need for Apple pay. 1. Card, here I think everything is clear. 2. Phone with NFC function. This is any phone of the Iphone brand starting from the 6th series and above. 3. The dialer, punched SSN and DOB. 4. A store with a POS terminal supporting NFC (Such posses are now everywhere, if you do not live in the village) At the POS or at the store itself (if it is a shopping center) there will be such a picture. Or just ask at the checkout “Can I pay by contactless payment? (apple pay in our case) 3. We buy cards. What cards are right for us? Any cards that support Apple Pay. You need to choose those banks that enroll by lookup through the SSN and DOB. There are a lot of such banks in USA, choose the bank that you like. When buying, choose the card that has information about cardholders's mail and his phone. Because from personal experience, if you give a task to a punch or try to do it yourself, the chance of success is close to zero. 4. Enroll the card. We look up ssn, ext. We go to the bank's website from the Dedicated Server / Sphere. First, we are looking for tunnels / socks USA, the state is not important, the main thing is that it is clean. There will be 2 ways of development. 4.1. You've come across a primari roll. In this case, we simply register the card with our data. 4.2. You got a rerrol. This is the case if cardholder has already been registered with online banking. We pay the dialer (on average, it costs $ 10), give him the mail that is linked in online banking and his phone (this is all learned when we start rolling). We make the mail to which we want to change (it is advisable to choose a neutral mail or mail similar to cardholder mail.) After changing the mail, we restore the password, as if we had forgotten it. A link comes to the mail that you changed. Enter your password. According to statistics, 70 percent of rerrol and 30 primari came across. 5. Preparing to attach the card to Apple Pay. We need VPN (nord, for example), American icloud. When we created the American icloud, we download the application of your bank (from any ip). 6. We attach the card We go to the Wallet application on our Iphone. Add a card, there should be no difficulties. We reach this stage: We minimize by pressing the Home button. We launch our VPN. We are looking for any IP USA. After connecting to the IP USA, we launch the pre-downloaded online banking application. We enter the login \ password of our account. In the case of primari roll, enter your mail and password. In the case of a reroll, enter the mail that you gave to the dialer and your password that you restored. After we go to online banking, our card is automatically confirmed in the wallet application. Congratulations, we can go shopping. 7. Shopping. We make 1 transaction up to $ 100. We need this to warm up. When shopping, you should imitate the actions of a regular customer as much as possible. Always think like this: "I would have done this if it were my card." For example, you would hardly make many transactions for different amounts in one store. The real buyer will collect the basket and go and buy everything together. And there are a lot of such examples. We alternate between different amounts. $ 50, $ 150, $ 100, $ 290, 170. Frequency 15-20 minutes. You can make amounts and much more, but the card will die faster. On average, you have 5-6 transactions to complete your card. Then she dies. The amount you can make is highly dependent on the acquiring bank. In the EU, these amounts will be higher than in the CIS. Why? Because there is a much higher chance that an American will go on a trip to Europe than to your "city" with a population of 5000 heads. Also, the amounts depend on your chosen bank and bin. Somewhere the daily limit is $ 1,500. Somewhere it is lower, and somewhere higher. On average, $ 300 per transaction is the golden mean. After 1 and 2 transaction, you need to go to the mail and confirm that I am cardholder. Therefore, you need to monitor mail after each transaction. After such a message arrives in the mail, know that cardholder either already knows that someone has decided to buy at his expense, or he will very soon find out. Usually I received such a message for 4-5 transaction and I had another 20-30 minutes to buy in full. It is especially fun when you run to the store, knowing that the card is about to die and urgently ask for some product to quickly punch through and pay ). 8. Cost - $ 5 look up through mail and phone. (Or it will be already upon purchase) - $ 5 Dob and ssn - $ 10-15 Valid Card. - The dialer (if the roll is not a primari). 9. After working off the phone After each development of the card, we flash it through recovery mode There is a lot of information on the Internet on how to do this. Choose any article / video. Why do we need to do this? Apple Pay gives your device an identification code, which obviously goes black after the card dies. 10 limitations. It happens that after some actions, it throws a restriction on your card. What does it mean? This means that you can continue to use the card, but the purchase limit is $ 15 (this limit is different in different banks) If you come across a primari roll and you have a restriction thrown, in this case, you can use the card as your own for months (albeit with a limit). If the restriction was given immediately. To do this, you need to make 1-3 transactions, the mail will receive a letter "Was it you?" We confirm and the restriction is lifted. The same restriction is thrown after 6 transactions. In 15 percent of cases in LC there will be an additional service "chat with the bank", we write to them, we say that we want to remove the restriction. They will ask you to take a picture of the last checks. We take photos of the checks, we send them. You can also call the bank and ask to remove the restrictions. I describe the most common 3 outcomes of events. 1. In the first, we are asked to receive an SMS. In this case, we will not do anything. We can change it in the LC to our phone number, but often because of this, the card goes into hold. It's not worth it. 2. In the second case, they ask to come to the bank. It is clear that we cannot do anything about it. 3.10 percent that after calling us they will not ask for anything and the restriction will be lifted. In case of restriction, I just score. Remove restriction = kill card and spend money. 11. Security. I think many of those who have read this manual have a question, "Will they not take me to places that are not so distant?" Answer: No. Let's explain why. Apple writes itself that no one knows your card details. It is not transferred either to the store in which the purchase is made, or to the ePlu itself. All that the store sees is a code that is assigned to your device. As we know from the last point, it changes. That is, transactions with their anonymity resemble cryptocurrencies. Made a purchase, the card is dead, changed the code. In the worst case, you simply won't get paid. 12. Additional information. 1. It very much depends on which acquiring bank. For example: In Moscow time, St. Petersburg, you can beat 75k for a tranza, in a small town the figure does not change for the better. On average, 25-30 thousand per transaction. 2.If you decide that after the purchase, you can return the product and you will be given cash. I say right away, you will not succeed, they return the money to the card from which the payment was received. 3. It is better to call from 13:00 to 15:00 and after 22:00 Moscow time. I noticed that banks are especially loyal at this time. 4. You need to fix the card not through wi-fi, but through the network. 5.If there is a problem with the card roll (for example, after being asked to enter the data, the page does not go further), change the ip and session. 6. The credit balance depends on income, in the pension they calculate the limit and it is always different from 4 to 30. 7. It happens that the cvv does not pass on the card. With this it is not clear what to do. Most likely this is a family card. 8. If during password recovery (to find out the mail and phone number) nothing is displayed at all. In this case, you need to click on the mail or password (there will be several of them) 9. When 2 verif is knocked out in the primary enroll, you press there is no access to these methods 10. When comes "confirm that you are cardholder" comes both by mail and by SMS. That is, when this happens, cardholder knows that someone is using his card. Now let's talk about Google pay. 1. What phone do we need? All smartphones that run Android 4.4 and higher are compatible with Google Pay. In addition, for you to be able to pay through terminals, your phone must support NFC wireless technology. You can find out the version of the operating system in the settings of the device by clicking "System" → "About phone". To check for NFC support, look for the appropriate item in the settings. If there is one, the smartphone supports NFC. If you do not find such a function on your own, check its availability in the device on the manufacturer's website. How to connect and set up Google Pay 1. Install the free Google Pay app on your smartphone. 2. Open System Preferences and enable NFC. 3.Set up your screen lock with a PIN, password, pattern or fingerprint. Launch Google Pay and follow the instructions of the program to connect cards. As you already understood, exactly the same technology is used as in Apple Pay. The only difference is that the card is not attached in the Wallet application, but in its own application. Samsung Pay The application differs in that, unlike Apple Pay, it supports not only NFC payments, but also payments using electromagnetic transmission technology (MST), which allows you to pay using terminals that support only magnetic stripe cards. This tells us that we can pay in this way even at old terminals. How to add a card If your smartphone supports this technology, then you have a standard application - Samsung Pay. You need to go to this application to add a card. In the lower right corner, find the "Run" button and click on it: You need to follow the instructions in the app. Set a fingerprint or set a password. This is needed to confirm transactions. Adding a card. Next, you need to enter the card details manually. After entering the card details, we agree to the Samsung Pay rules. Just like in Apple pay, we confirm the card using the application of your bank. Painting on the screen. Your signature is the final step. After that, you will see a message that your card has been successfully added. Then you can use your phone to pay. Supported devices: Galaxy S Samsung Galaxy S6 (including S6 Edge, Active and Edge +) Samsung Galaxy S7 (including S7 Edge and Active) Samsung Galaxy S8 (including S8 +) Samsung Galaxy S9 (including S9 +) Galaxy Note Samsung Galaxy Note 5 Samsung Galaxy Note FE Samsung Galaxy Note 8 Samsung Galaxy Note 9 Galaxy A Samsung Galaxy A5 (2016) Samsung Galaxy A7 (2016) Samsung Galaxy A3 (2017) Samsung Galaxy A5 (2017) Samsung Galaxy A7 (2017) Samsung Galaxy A7 (2018) Samsung Galaxy A8 (2018) Samsung Galaxy A8 + (2018) Samsung Galaxy A6 (2018) Samsung Galaxy A6 + (2018) Samsung Galaxy J4 + (2018)
  20. 3 BNB - Fair launch only 5 BNB - Snipes DxSale launches 40 BNB - Contract bot (anti sniper bypass functions)
  21. USA info is easy to get. What about Canadian DOB (and other such information)???? Where can I find?? Thank you.
  22. Anyone with good fulls/logs text me your ICQ/Telegram. Have a working method to clear big balances. Hmu asap so we can work together Add my ICQ:@A78612345
  23. Bob: I was selling a synthesizer on a popular classifieds site. I received a message in the chat that my product was bought with delivery. And then a QR code - like you need to follow the link and enter the details of the card for which I want to receive payment. I scanned the code with my phone from the computer screen, a page opened with a description of my synthesizer, the price and right there - a form for filling in the card details. I have already begun to enter, but then I look: you need to write not only the number, but also the expiration date, and three digits from the back. I looked more closely at the page and then only noticed that it was a fake: there were errors in the website address, the design was a bunch of blunders. It's good that I noticed it in time. Financial Culture Expert: The scammers hoped that Bob would enter the card details on a fake website and thereby give them access to an account from which they could steal all the money. The criminals encrypted the phishing link into a picture with a QR code to bypass the ad site's security mechanisms. Usually, the security service of an online site blocks dubious links, but does not prohibit the publication of images. After all, users need to exchange product photos. Often, scammers offer to transfer the discussion of transaction details to a third-party messenger - and there they can send a link or QR code to go to a fake page. A phishing site can try to steal both the buyer, who must enter his card details for payment, and the seller, who must receive the money on the card. To ensure that the sale or purchase of goods on the classifieds site does not result in losses for you, follow the cybersecurity rules: Only communicate with buyers and sellers in the ad site's internal chat, where phishing links are blocked. And it is better to pay through the "safe deal" service, which is offered by large online platforms. Be wary if you are offered to go to a third-party messenger or to any external page “to fill out a transfer form”, including by using a QR code. Always check the site before entering any data on it. Make sure it's not a phishing page disguised as an ad portal, online store, or delivery service. By phone or in private messages, do not tell anyone the full details of your bank card, including the expiration date and three digits on the back, as well as passwords and codes from notifications from the bank. For a transfer from one person to another, only the card number is enough. Get a separate card for online purchases and do not store large amounts on it. Then, even if scammers gain access to your account, they will not be able to deprive you of all your savings. For more information on how to secure your accounts from fraudsters, read the texts "Safe shopping on the Internet" and "Social engineering: why people give money to fraudsters themselves."
  24. ExpressVPN is really good for carding. And also, it's easy to card
  25. Today we have one more introductory info on real carding and today I will tell you how to pay in shops with credit cards of my own production. You probably think that everything is simple, right? But fucking. Let's imagine such a situation, we came to the store to buy a laptop, pay with our credit card, and the terminal issues CODE-06 (it means that the card is screaming) and what to do about it? Therefore, now I will tell you about some points that must be taken into account when buying any crap with our cards. Shop selection And it's a no brainer that the store needs to be chosen farther from the place where we copied the dump of the card and transferred it to our plastic. But just in case, I'll say it again, we choose the store at a stop hundred kilometers from the place where the card data was connected! Next, choose a store: It can be absolutely any store with food, equipment or clothing. There is only one rule - the seller must be a girl and preferably a young woman (recommended). But again, everything is at personal discretion, you can buy from the kid. Don't forget your homies Never go to this business alone, there should always be someone on the safe side, from 2 to 4 people. If there are two of you, then one at the time of purchase is standing nearby and insures, and if there are four, then the other two graze on the street. And now I'll tell you how to behave if there was a pickup (card interception or just fucked up) and how to behave, using the example of different stores. How to behave in the case of a pickup truck There are many subtleties with buying in stores, such as: Lack of documents The discrepancy between the card number and the number on the check (we are not Vangi, to guess this) Signature mismatch Or the ATM will issue some incomprehensible codes, up to code-06, which I wrote about above. And in such situations there is a behavior algorithm that I will tell you about. Grocery store: Here we collect a lot of products, right to the dump. Have two credit cards and homies for insurance with you. We choose a younger cashier and approach him. It is recommended to work from 17:00 to 19:00 - in this interval. When queues at the checkout counters begin to accumulate and attentiveness decreases. The main thing all this time is to communicate with the cashier and establish contact. Your friend should be behind him and he should preferably have cash with him. They tell us the amount and ask for a card, we give it and then there are two ways of development. All hockey - the transaction goes through, we go out into the street with a joyful fuck, get into the car and leave. (but no, completely out of my mind ?? do not leave the car near the store, they will track you in cameras and fuck you in all your carder holes) Pickup - the card did not go through, what can I do? The main thing is not to let the cashier take the card, we start talking to the cashier with a disgruntled face and pushing that you do not have time and pull the second card, in most cases all normal cards take it. If the second card does not work, then it's really fucked up, I advise you to run out of the store and take your cards. BUT if the situation is really heating up, then your sidekick next to you helps out and pays for you in plain sight, referring to the fact that he is your neighbor and you will take the money from him later. Digital Store: Here we choose a laptop, a prefix, it is recommended to dial numbers up to $ 1000. Have a chat with a consultant for about 10 minutes, ask him about all sorts of subtleties, and only then we go to the checkout. Here the aunts are more experienced, and they click on the grief of the carders once or twice. At the checkout you need to play a circus, let them call you, and tell the whole checkout that you will buy a gift for your sidekick and return to work. Gently remove the credit card from the wallet and give it to the cashier. All hockey - the transaction passed, we calmly fuck off and enjoy the purchase Pickup - In no case should you give a second credit, you need to pick up your own, swear at the bank and calmly leave the store, saying that you can remove the money from the ATM and come back, you can't run! Advice: Never buy in big supermarket, they took a lot of carders from the outside and never buy plasma, because it's fucking corny and 5 out of 5 are firing on this. Brand clothing store: So you drove into a Gucci store in London and planned to buy some clothes. I will say right away that buying in such shops is the most dangerous thing. We typed a piece of gear at $ 1000, we communicate with consultants, we look like a wealthy person, let them constantly call you on the phone. We give the cashier a credit, he will look at it in any case. If it is not made of high quality, then these bastards call the bank, but we do not scam and say that there is not enough time, but we will wait. We hope that some inexperienced dick from tech support will remove the pipe at the bank. The bank will not tell her anything if you have not used the cards before (the holder has not yet announced the loss). You just tell her that go to the bank, remove the money and come back, and fuck ourselves. If all the hockey and transaction has passed, then we leave with a satisfied eblet. In the next article I will tell you more about buying skimmers on the Internet.
  26. USA info is easy to get. What about Canadian DOB (and other such information)???? Where can I find?? Thank you.
  1. Load more activity

  • Create New...