Goals and objectives: Using phishing emails to get CC (fullz)
Equipment: shells. Domain + hosting. fake pp page. GUI application. Script for sending emails. Script for sending a report to an email address. Mail base.
1) Preface:
Today we will learn an effective method of mining CC (fullz). This method is universal having mastered it, you will be able to extract absolutely any material, starting from ordinary CC to acanthus from almost any office, whether it is account verizon or a bank, it does not matter.
2) Purchase of consumables.
A) Shells.
Shells are needed for sending emails. They must contain the mail () function . We will determine shells with this function in an experimental way (we loaded the script and sent the email. If it has reached us, then this shell is suitable for us ).
I do not recommend buying minted shells for sending emails for two reasons: the price of such a product will be inflated, and the script that we will use for sending messages may not work on them. For this reason, I suggest taking zero shells for 0.5 bucks (the average market price). The only thing that we can ask the seller is to fill in the script for sending to the purchased shells.
B) Mail of the database.
Today we will send fake sticks, so the ideal option will be a database merged with the shop, where payment is made exclusively through the stick, preferably in a specific country . Today I have in the development of the USA base for 10k soaps purchased for $ 12 ( some kind of shop with fishing staff). For 10 k soaps from such a database, you can pay 10 - 20 bucks. Well, there as you have already agreed ...
C) Domain + hosting
You need it to send reports to our soap.
No abusive expensive hosting we do not need, will go purchased on westhost.com for example. The domain name is arbitrary. I do not advise you to card, he will die at the most inconvenient moment - we will lose much more than we save.
3) Prepare all components for operation.
Loading scripts on shells and then checking them for performance.
How to fill in scripts is up to you! loading via a loader, manual loading, or the seller will fill them in. There is no difference. I'll show you the manual method for clarity .
Screen (the button for uploading a file is circled on the screen. A white line is used to underline a script that has already been uploaded)
After downloading the script, you need to check whether it sends emails with an attache (attached file) or not. The script has a web interface. for this reason, we can simply open our script by specifying the path to it in the browser's address bar. After opening it in the browser, we send a test email to our email address
Screen (the screen shows checking the script)
Loading a script for sending reports to an email address.
In the script, you need to specify your mailbox. To do this, open the script using notepad
Screen (the screen shows editing the script in a regular Windows notepad, the replaced email address is highlighted in red)
After editing, we upload the script to the hosting via the ftp manager, in this case filezilla .
Screen (uploading a file to the hosting service, red highlights the uploaded file)
Setting up a fake account:
You need to specify the path to the script for sending reports to email . To do this, open the fake page in notepad and actually enter the link in the right place.
Screen (the screen shows the link replacement )
Next, we check everything for performance. To do this, open the fake file in the browser, enter the data and see if the report was sent to the email address.
Screen (the screen shows a fake check. After successfully sending the data, the client was redirected to the paypal home page .)
To automate mailing lists, we will use a GUI application for Windows.
To do this, open it. In linki.txt we provide links to the uploaded script for mailing. We also create another text file that will contain problematic links errors.txt
Next, we upload emails to the app, specify the sender, subject and text of the message, and the attached file. Number of threads (depends on the number of shells 10 shells = 10 threads, etc.) usually from 50 links you can send somewhere 100k emails. We set a delay of 30-40 seconds, which is the best option.
Very soon, reports will start coming to our email address, in this case, these are full usas, because the database is pure usas. While we wait for the reports, let's talk a little from the heart . When sending emails in this way, we avoid fake locs, this is the most important thing - after all, when a fake is on the hosting, these are momentary loks. In this case, the fake is an attack. Hosting is only needed for transmitting data from the fake form.
It is important to understand that the fake paypal example is just the tip of the iceberg. In this way, you can extract almost any material at a penny's cost. A page with a fake will cost 50 bucks, let the shells become a buck, from 50 links to 100 k you can send it for $ 0.5 for 1 k of sent soaps . Now one fullz USA costs ~8-15$ and you still need to find where to buy it, I'm not even talking if it's not a fullz but an eu CC with a vbv pass that is very easy to get by stupidly adding a couple of lines in the code of this fake paypal. In the end, everything pays off decently.
I can show you another fake profit variant:
Sends ext. CC. log and pass from aka skril . As you understand, there are just a lot of options for making money using this scheme.
It is also worth considering that in addition to the pros, there will also be cons . The main disadvantage is that after we send ~ 1kk-1.5 kk of emails, our attach and the letter will need to be deleted because the letter will no longer reach some mailers . There is nothing terrible this is a normal working moment, to be treated independently ( if you know html5) or with the help of 10 – 20 $ by any not particularly cool coder =)
Special attention should be paid to the quality of mail bases. If you send it somewhere unclear, then the result will be the same. Don't take databases with a lot of gmails. Yahoo, all sorts of corpses, aol, mail com and the like-it will go perfectly .The plans were to record a video of all the work done with comments for greater clarity, but I'm not a very cool cinematographer, so I couldn't hide data that would threaten my security - such as resources with flooded shells, ip, etc. For this reason, I chose the text option .
A few hours later, the first fullz arrived.
Most of the reports come in the first week. As clients read their emails.
Equipment: shells. Domain + hosting. fake pp page. GUI application. Script for sending emails. Script for sending a report to an email address. Mail base.
MOVE ROBOTS:
1) Preface:
Today we will learn an effective method of mining CC (fullz). This method is universal having mastered it, you will be able to extract absolutely any material, starting from ordinary CC to acanthus from almost any office, whether it is account verizon or a bank, it does not matter.
2) Purchase of consumables.
A) Shells.
Shells are needed for sending emails. They must contain the mail () function . We will determine shells with this function in an experimental way (we loaded the script and sent the email. If it has reached us, then this shell is suitable for us ).
I do not recommend buying minted shells for sending emails for two reasons: the price of such a product will be inflated, and the script that we will use for sending messages may not work on them. For this reason, I suggest taking zero shells for 0.5 bucks (the average market price). The only thing that we can ask the seller is to fill in the script for sending to the purchased shells.
B) Mail of the database.
Today we will send fake sticks, so the ideal option will be a database merged with the shop, where payment is made exclusively through the stick, preferably in a specific country . Today I have in the development of the USA base for 10k soaps purchased for $ 12 ( some kind of shop with fishing staff). For 10 k soaps from such a database, you can pay 10 - 20 bucks. Well, there as you have already agreed ...
C) Domain + hosting
You need it to send reports to our soap.
No abusive expensive hosting we do not need, will go purchased on westhost.com for example. The domain name is arbitrary. I do not advise you to card, he will die at the most inconvenient moment - we will lose much more than we save.
3) Prepare all components for operation.
Loading scripts on shells and then checking them for performance.
How to fill in scripts is up to you! loading via a loader, manual loading, or the seller will fill them in. There is no difference. I'll show you the manual method for clarity .
Screen (the button for uploading a file is circled on the screen. A white line is used to underline a script that has already been uploaded)
After downloading the script, you need to check whether it sends emails with an attache (attached file) or not. The script has a web interface. for this reason, we can simply open our script by specifying the path to it in the browser's address bar. After opening it in the browser, we send a test email to our email address
Screen (the screen shows checking the script)
Loading a script for sending reports to an email address.
In the script, you need to specify your mailbox. To do this, open the script using notepad
Screen (the screen shows editing the script in a regular Windows notepad, the replaced email address is highlighted in red)
After editing, we upload the script to the hosting via the ftp manager, in this case filezilla .
Screen (uploading a file to the hosting service, red highlights the uploaded file)
Setting up a fake account:
You need to specify the path to the script for sending reports to email . To do this, open the fake page in notepad and actually enter the link in the right place.
Screen (the screen shows the link replacement )
Next, we check everything for performance. To do this, open the fake file in the browser, enter the data and see if the report was sent to the email address.
Screen (the screen shows a fake check. After successfully sending the data, the client was redirected to the paypal home page .)
To automate mailing lists, we will use a GUI application for Windows.
To do this, open it. In linki.txt we provide links to the uploaded script for mailing. We also create another text file that will contain problematic links errors.txt
Next, we upload emails to the app, specify the sender, subject and text of the message, and the attached file. Number of threads (depends on the number of shells 10 shells = 10 threads, etc.) usually from 50 links you can send somewhere 100k emails. We set a delay of 30-40 seconds, which is the best option.
Very soon, reports will start coming to our email address, in this case, these are full usas, because the database is pure usas. While we wait for the reports, let's talk a little from the heart . When sending emails in this way, we avoid fake locs, this is the most important thing - after all, when a fake is on the hosting, these are momentary loks. In this case, the fake is an attack. Hosting is only needed for transmitting data from the fake form.
It is important to understand that the fake paypal example is just the tip of the iceberg. In this way, you can extract almost any material at a penny's cost. A page with a fake will cost 50 bucks, let the shells become a buck, from 50 links to 100 k you can send it for $ 0.5 for 1 k of sent soaps . Now one fullz USA costs ~8-15$ and you still need to find where to buy it, I'm not even talking if it's not a fullz but an eu CC with a vbv pass that is very easy to get by stupidly adding a couple of lines in the code of this fake paypal. In the end, everything pays off decently.
I can show you another fake profit variant:
Sends ext. CC. log and pass from aka skril . As you understand, there are just a lot of options for making money using this scheme.
It is also worth considering that in addition to the pros, there will also be cons . The main disadvantage is that after we send ~ 1kk-1.5 kk of emails, our attach and the letter will need to be deleted because the letter will no longer reach some mailers . There is nothing terrible this is a normal working moment, to be treated independently ( if you know html5) or with the help of 10 – 20 $ by any not particularly cool coder =)
Special attention should be paid to the quality of mail bases. If you send it somewhere unclear, then the result will be the same. Don't take databases with a lot of gmails. Yahoo, all sorts of corpses, aol, mail com and the like-it will go perfectly .The plans were to record a video of all the work done with comments for greater clarity, but I'm not a very cool cinematographer, so I couldn't hide data that would threaten my security - such as resources with flooded shells, ip, etc. For this reason, I chose the text option .
A few hours later, the first fullz arrived.
Most of the reports come in the first week. As clients read their emails.
