by Murder Mouse


Section 0: The Disclaimer

As covered on the main site all information presented within this guide is for information purposes only. Any attempt to use the information within this guide to commit anything illegal is solely the responsibility of the reader, and neither I, Information Leak, nor anyone else affiliated is responsible for what you do with the following information.

Section 1: The Introduction

Originally I was working on a security scanner for ecommerce sites, but since I'm about to get back into school and won't have as much time as before to really work on many projects I decided it'd be better to just go ahead and write a tutorial on the subject. So for this tutorial we will talk about one way a carder would collect CCs to cash/use/sell/whatever, and that of course is exploiting ecommerce sites. There are millions of sites out there used by businesses large and small for peddling their services/merchandise, and needless to say there are plenty of them out there that are easily exploited. So here it is, the answer to every "how to hack cc" question out there. Enjoy...

Section 2: Database Vulnerabilities

One of the most common and easiest ways to exploit ecommerce sites is to use database vulnerabilities. These are present due to insecure database software that many ecommerce sites will use for recording and tracking online purchases. One method that an attacker could use to find such database vulnerabilities on a specific site is to use an exploiter. Exploiters are software that will use an exploit list to scan for exploits on a target web server, and report back any positive responses. CMXploiter IV (http://xtremet.deny.de/downloads/cmxiv_setup.exe) is an example of an exploiter, though there are others that you can look for to use as well. The interface for CMXploiter IV is pretty self-explanatory, but I'll run you through the basics anyway. To use this tool you would first click "Load", which will bring up three different tabs. You would click "Exploit Lists" to select an exploit list to use, "Proxy List" is to of course select a list of proxies to use, and "URL List" is to select a list of targets to scan. Then from there you would go to Options. The first menu to pop up is the Current Session Options. Edit the responses to include in session history so that only the "200 Series responses" (positive responses) are included in the results, and from here you can also edit the "Socket Timeout value" based on your internet connection (leave as is for faster internet connections, set to 40 for slower internet connections). Then go to Proxy List Selection Options and either put in the proxy you are going to use for the scan, or click "Multi-Proxy Mode" to tell CMXploiter IV to use the proxy list you loaded. Now that you have everything configured go to Start and select the type of scan you want to do. "Single URL Scan" is used to scan a single server with the exploit list provided, "Multi-URL Scan" is used to scan every site in the url list for every exploit in the exploit list, and "Single Exploit Scan" is used to scan every site in the url list for a single exploit. On a last note with any exploiter you use if the option is available be sute to set it to use GET requests instead of HEAD requests for the scan. I've found that you get much more accurate results that way. Now that I've covered all the configurations I'm going to provide an exploit list that you could use for scanning database vulnerabilities...



The only problem with database vulnerabilities for a carder is that some of these don't reveal the cvv2 of the card number, which is of course usually needed to use the cc (except of course with many online shopping sites that you can simply put 000 or 0000 as the cvv2). Also many of the databases are encrypted using either blowfish or rc4. You can use John the Ripper (http://www.openwall.com/john/) to crack blowfish, and I'm sure there are some crackers out there that you can use to crack rc4. Here are some examples of each encryption provided by esc from the Igniteds community of each encryption...
RC4 = *xco[aOßI
Blowfish= |AA|BC|
Good luck.

Section 3: Google Syntax

A quick tip for finding database vulnerabilities besides scanning for them using an exploiter is to use googledorks. To do this just take the exploit you're interested in looking for, and for example add an inurl: to the search. For example "inurl:xshop.mdb" could be used to find all the sites that the google spider has found that contain this file (except of course the sites that blocked this file from being listed using a robots.txt for example).

Section 4: SQL Injection

Of course what remains a very popular method for exploiting ecommerce sites is to use SQL injection. It has been covered many times, and is very common among web servers. Since it has been covered so many times I will simply include a list of guides that you can read to familiarize yourself with SQL injection. This list will include the names and location of the guides, and if for some reason any of the links become broken just slap the title of the guide into quotations on google and search for them...

Advanced SQL Injection: http://www.ngssoftware.com/papers/advan ... ection.pdf ... ection.pdf

More Advanced SQL Injection: http://www.stickyminds.com/getfile.asp? ... ame1%2Epdf? ... ame1%2Epdf

Demystifying SQL Injections: http://www.informationleak.net/sql_inject.txt

XSS & SQL Injection:http://www.hackthissite.org/articles/read/23

Section 5: The Conclusion

Well that's the conclusion for this guide. There are other methods as with any type of web server that could be used to exploit ecommerce sites, but this tutorial is meant as a basic rundown of some methods that could be used. If you are doing a security scan for an ecommerce site and come across a vulnerability that you are not familiar with, or don't know how to use to test don't be afraid to just google it. I'd also like to briefly thank s4mael from CCPower, who put together the exploit list that the database vulnerabilities listed were copied from. Also if you have any questions or comments then feel free to email me at murdermouse@informationleak.net. I must remind you before you do so that I'm not a carder, nor do I provide any type of services to any. Don't ask me if I have cc's, I don't have cc's and I will not help you get cc's.

Link: http://www.informationleak.org/viewtopic.php?f=46&t=5129#47775
Rating: - 0 out of 0 votes