16 + 64 = 80 (the card number is valid as it is the exact number of 10) Tips for you: 'How to ensure credit card security?' Ensuring the security of salary card and credit card information, which is an indispensable tool of our daily lives, is a very important issue. ATMs, POS devices, internet, etc. Are just a few of the points we use these cards. If the credit card type is Mastercard, Visa, or Discover, the field has exactly three numbers. If the credit card type is American Express, the field has exactly four numbers. Figure 3-6 shows a web page that requests a CSC and other information (you may recognize it from 'Validate Credit Card Numbers' Hack #25).
Hi there. This is my first serious 'Black Hat Hacking' post of credit cards hacking. Here will be explained all methods used to hack credit cards and bank accounts with lots of $ it. Now I?m sure most of you think that this is fake or scam, but i want to just tell u this is real and the only working method (in my opinion) to hack a credit card and make your wish come true (lol, hope it doesn't sound like a commercial).
Note: Hacking credit cards is an illegal act, this is only informational post and I am not responsible for any actions done by you after reading this tutorial. This post is for educational purposes only.
Lets start with some easy terms.
What is credit card ?
Credit cards are of two types:
- Debit Card
- Credit Card
1. Debit means u have a sum of amount in it and u can use them.
2. Credit means u have a credit line limit like of $10000 and you can use them and by the end of month pay it to bank.
To use a credit card on internet u just not need cc number and expiry but u need many info like :
- First name
- Last name
- Address
- City
- State
- Zip
- Country
- Phone
- CC number
- Expiry
- CVV2 ( this is 3digit security code on backside after signature panel )
If you get that info you can use that to buy any thing on internet, like software license, porn site membership, proxy membership, or any thing (online services usually, like webhosting, domains).
If u want to make money $ through hacking then you need to be very lucky? you need to have a exact bank and bin to cash that credit card through ATM machines.
Let me explain how ?
First study some simple terms.
BINS = first 6 digit of every credit card is called 'BIN' (for example cc number is : 4121638430101157 then its bin is '412163'), i hope this is easy to understand.
Now the question is how to make money through credit cards. Its strange?, well you cant do that, but there is specific persons in world who can do that. They call them selves 'cashiers'. You can take some time to find a reliable cashiers.
Be sure cashiers are legit, because many cashiers r there which take your credit card and rip u off and don't send your 50% share back.
You can also find some cashiers on mIRC *( /server irc.unixirc.net:6667 ) channel : #cashout, #ccpower
Well, check the website where u have list of bins and banks mostly 101% cashable. If u get the credit card of the same bank with same bin, then u can cashout otherwise not . Remember for using credit card on internet u don't need PIN ( 4 words password which u enter in ATM Machine ), but for cashout u need. You can get pins only by 2nd method of hacking which i still not post but i will. First method of sql injection and shopadmin hacking don't provide with pins, it only give cc numb cvv2 and other info which usually need for shopping not for cashing.
- Credit Card Hacking
- CC (Credit Cards) can be hacked by two ways:
- Credit Card Scams ( usually used for earning money , some times for shopping )
- Credit Card Shopadmin Hacking ( just for fun, knowledge, shopping on internet )
1. Shopadmin Hacking
This method is used for testing the knowledge or for getting the credit card for shopping on internet, or for fun, or any way but not for cashing ( because this method don?t give PIN - 4 digit passcode ) only gives cc numb , cvv2 and other basic info.
Shopadmins are of different companies, like: VP-ASP , X CART, etc. This tutorial is for hacking VP-ASP SHOP.
I hope u seen whenever u try to buy some thing on internet with cc, they show u a well programmed form, very secure. They are carts, like vp-asp xcarts. Specific sites are not hacked, but carts are hacked.
Below I?m posting tutorial to hack VP ASP cart. Now every site which use that cart can be hacked, and through their *mdb file u can get their clients 'credit card details', and also login name and password of their admin area, and all other info of clients and comapny secrets.
Lets start:
1. Go to google.com and type: VP-ASP Shopping Cart 5.00
Shopadmins are of different companies, like: VP-ASP , X CART, etc. This tutorial is for hacking VP-ASP SHOP.
I hope u seen whenever u try to buy some thing on internet with cc, they show u a well programmed form, very secure. They are carts, like vp-asp xcarts. Specific sites are not hacked, but carts are hacked.
Below I?m posting tutorial to hack VP ASP cart. Now every site which use that cart can be hacked, and through their *mdb file u can get their clients 'credit card details', and also login name and password of their admin area, and all other info of clients and comapny secrets.
Lets start:
- Type: VP-ASP Shopping Cart
- Version: 5.00
- How to find VP-ASP 5.00 sites?
- Finding VP-ASP 5.00 sites is so simple?
1. Go to google.com and type: VP-ASP Shopping Cart 5.00
2. You will find many websites with VP-ASP 5.00 cart software installed
Now let's go to the exploit..
The page will be like this: ****://***.victim.com/shop/shopdisplaycategories.asp
The exploit is: diag_dbtest.asp
Now you need to do this: ****://***.victim.com/shop/diag_dbtest.asp
A page will appear contain those:
- xDatabase
- shopping140
- xDblocation
- resx
- xdatabasetypexEmailxEmail NamexEmailSubjectxEmailSy stemxEmailTypexOrdernumber
Example:
The most important thing here is xDatabase
xDatabase: shopping140
Ok, now the URL will be like this: ****://***.victim.com/shop/shopping140.mdb
If you didn?t download the Database, try this while there is dblocation:
xDblocation
resx
Hack Credit Card On Irc Rules
the url will be: ****://***.victim.com/shop/resx/shopping140.mdb
If u see the error message you have to try this :
****://***.victim.com/shop/shopping500.mdb
Download the mdb file and you should be able to open it with any mdb file viewer, you should be able to find one at download.com, or use MS Office Access.
Inside you should be able to find credit card information, and you should even be able to find the admin username and password for the website.
The admin login page is usually located here: ****://***.victim.com/shop/shopadmin.asp
If you cannot find the admin username and password in the mdb file or you can but it is incorrect, or you cannot find the mdb file at all, then try to find the admin login page and enter the default passwords which are:
Username: admin
password: admin
This method is used for testing the knowledge or for getting the credit card for shopping on internet, or for fun, or any way but not for cashing ( because this method don?t give PIN - 4 digit passcode ) only gives cc numb , cvv2 and other basic info.
Shopadmins are of different companies, like: VP-ASP , X CART, etc. This tutorial is for hacking VP-ASP SHOP.
I hope u seen whenever u try to buy some thing on internet with cc, they show u a well programmed form, very secure. They are carts, like vp-asp xcarts. Specific sites are not hacked, but carts are hacked.
Below I?m posting tutorial to hack VP ASP cart. Now every site which use that cart can be hacked, and through their *mdb file u can get their clients 'credit card details', and also login name and password of their admin area, and all other info of clients and comapny secrets.
Lets start:
1. Go to google.com and type: VP-ASP Shopping Cart 5.00
2. You will find many websites with VP-ASP 5.00 cart software installed
Now let's go to the exploit..
The page will be like this: ****://***.victim.com/shop/shopdisplaycategories.asp
The exploit is: diag_dbtest.asp
Now you need to do this: ****://***.victim.com/shop/diag_dbtest.asp
A page will appear contain those:
Example:
The most important thing here is xDatabase
xDatabase: shopping140
Ok, now the URL will be like this: ****://***.victim.com/shop/shopping140.mdb
If you didn?t download the Database, try this while there is dblocation:
xDblocation
resx
the url will be: ****://***.victim.com/shop/resx/shopping140.mdb
If u see the error message you have to try this :
****://***.victim.com/shop/shopping500.mdb
Download the mdb file and you should be able to open it with any mdb file viewer, you should be able to find one at download.com, or use MS Office Access.
Inside you should be able to find credit card information, and you should even be able to find the admin username and password for the website.
The admin login page is usually located here: ****://***.victim.com/shop/shopadmin.asp
If you cannot find the admin username and password in the mdb file or you can but it is incorrect, or you cannot find the mdb file at all, then try to find the admin login page and enter the default passwords which are:
Username: admin
password: admin
OR
Username: vpasp
password: vpasp
Mirror Download
Shopadmins are of different companies, like: VP-ASP , X CART, etc. This tutorial is for hacking VP-ASP SHOP.
I hope u seen whenever u try to buy some thing on internet with cc, they show u a well programmed form, very secure. They are carts, like vp-asp xcarts. Specific sites are not hacked, but carts are hacked.
Below I?m posting tutorial to hack VP ASP cart. Now every site which use that cart can be hacked, and through their *mdb file u can get their clients 'credit card details', and also login name and password of their admin area, and all other info of clients and comapny secrets.
Lets start:
- Type: VP-ASP Shopping Cart
- Version: 5.00
- How to find VP-ASP 5.00 sites?
- Finding VP-ASP 5.00 sites is so simple?
1. Go to google.com and type: VP-ASP Shopping Cart 5.00
2. You will find many websites with VP-ASP 5.00 cart software installed
Now let's go to the exploit..
The page will be like this: ****://***.victim.com/shop/shopdisplaycategories.asp
The exploit is: diag_dbtest.asp
Now you need to do this: ****://***.victim.com/shop/diag_dbtest.asp
A page will appear contain those:
- xDatabase
- shopping140
- xDblocation
- resx
- xdatabasetypexEmailxEmail NamexEmailSubjectxEmailSy stemxEmailTypexOrdernumber
Example:
The most important thing here is xDatabase
xDatabase: shopping140
Ok, now the URL will be like this: ****://***.victim.com/shop/shopping140.mdb
If you didn?t download the Database, try this while there is dblocation:
xDblocation
resx
Hack Credit Card On Irc Rules
the url will be: ****://***.victim.com/shop/resx/shopping140.mdb
If u see the error message you have to try this :
****://***.victim.com/shop/shopping500.mdb
Download the mdb file and you should be able to open it with any mdb file viewer, you should be able to find one at download.com, or use MS Office Access.
Inside you should be able to find credit card information, and you should even be able to find the admin username and password for the website.
The admin login page is usually located here: ****://***.victim.com/shop/shopadmin.asp
If you cannot find the admin username and password in the mdb file or you can but it is incorrect, or you cannot find the mdb file at all, then try to find the admin login page and enter the default passwords which are:
Username: admin
password: admin
OR
Username: vpasp
password: vpasp
The Method is almost Perfect Not without this Simple Piece of Software that I my Self had Develop
This Hack Is very Dangerous and Powerful Use it With your Own Risk!!!
Mirror Download
Hello Friends, today I will explain you how a credit card hack works: how to hack credit cards using packet sniffing and session hijacking. In this tutorial, we will discuss how we can exploit the vulnerability in credit or debit card functionality to hack the card's password. Nowadays, fund transfers and online shopping are done using primarily internet banking and credit cards. Interestingly, those methods utilize SSL (click here to learn more about SSL). People tend to believe that their accounts cannot be hacked because their transactions are secured by extra security layer, SSL, but it's actually quite easy to break the SSL. It is always better to secure your computer and internet connection rather than depend on payment sites. So first, we should know how credit cards work and how transactions are performed. Please read on.
First, know that it's virtually impossible to see the actual data that is transferred during a transaction, but by using session hijacking and packet sniffing we can achieve see the data in an encrypted form.
What really is attacked?
The fatal flaw that enables sensitive information to be stolen occurs when an end-user is not properly educated on the easily executable, well-known SSL exploit: SSL MITM. Hackers take advantage of that to get access to your sensitive data. A great saying applies here: PREVENTION IS BETTER THAN A CURE. The only thing required to block the loopholes in the system is a properly educated end user. I have already shared two articles with you about how to secure yourself. The first is 'Make your computer 100% hacker proof' (Click here to read) and other is '10 easy tips to secure your computer' (click here to read).
How the hack works and how to do it:
PLEASE NOTE THAT hacking credit or debit cards is illegal and will result in serious consequences, including imprisonment. This tutorial is for educational purposes only. I am explaining this tutorial to make you aware of how it works.
Suppose you use a WiFi connection to connect to internet. A hacker will hack your WiFi network and connect to it. He will then run a series of utilities to redirect other user data through his machine, followed by more utilities to sniff the data, acting as an SSL Certificate Server to be the Man-the-Middle.
The following diagram shows a very simplified graphic of how your SSL banking session should work under normal conditions, then how it would work during an attack:
It is important to know that a certificate is used to establish the secure SSL connection. This is a good thing if you have the right certificate and are connecting directly to the website you intended to use. Then all your data is encrypted from your browser to the SSL website where the bank's website will use the information from the certificate it gave you to decrypt your data/credentials. If that is truly the case, then it is pretty darn hard for a hacker to decrypt the data/credentials being transmitted, even if he is able to sniff your data.
This is a bad thing if you have a 'fake' certificate being sent from the hacker and are actually connecting to his machine, not directly to the bank's website. In this case, your credentials are being transmitted between your browser and the hacker's machine. The hacker is able to grab that traffic, and, because he gave you the certificate to encrypt the data/credentials, he can use that same certificate to decrypt your data/credentials.
EXACT STEPS TO HACK CREDIT CARDS OR DEBIT CARDS
His first step would be to turn on Fragrouter, so that his machine can perform IP forwarding
After that, he'll want to direct your WiFi network traffic to his machine, rather than your data traffic going directly to the Internet. This enables him to be the 'Man-in-the-Middle' between your machine and the internet. Using Arpspoof, a simple technique, he determines your IP address is 192.168.1.15 and the Default Gateway of the WiFi network is 192.168.1.1:
The next step is to enable DNS Spoofing via DNSSpoof:
Since he will be replacing the bank or online store's valid certificate with his own fake one, he will need to turn on the utility to enable his system to be the Man-in-the-Middle for web sessions and to handle certificates. This is done via webmitm:
At this point, he is ready to go. Now he needs to begin actively sniffing your data passing through his machine, including your login and credit card information. He opts to do this with Ethereal, then saves his capture:
He now has the data, but it is still encrypted with 128-bit SSL. No problem, since he has the key. What he needs to do now is simply decrypt the data using the certificate that he gave you. He does this with SSL Dump:
He runs a Cat command to view the now decrypted SSL information. Note that the username is 'Bankusername' and the password is 'BankPassword.' Conveniently, this dump also reveals the banking site as National City. FYI, the better, more secure banking and online store websites will have you first connect to another, preceding page via SSL, prior to connecting to the page where you enter sensitive information such as bank login credentials or credit card numbers. The reason for this is to stop the MITM-type attack. This helps because if you were to access this preceding page first with a 'fake' certificate the next page where you were to enter the sensitive information would not display. The page gathering the sensitive information would be expecting a valid certificate, which it would not receive because of the Man-in-the-Middle. While some online banks and stores do implement this extra step/page for security reasons, the real flaw in this attack is the uneducated end-user, as you'll soon see:
With this information, he can now log into your online bank account with the same access and privileges as you. He could transfer money, view account data, etc.
Below is an example of a sniffed SSL credit card purchase/transaction. You can see that Elvis Presley was attempting to make a purchase with his credit card 5440123412341234 with an expiration date of 5/06 and the billing address of Graceland in Memphis, TN (He is alive!). If this was your information, the hacker could easily make online purchases with your card.
Bad News for SSL VPN Admins
This type of attack could be particularly bad for corporations, because Corporate SSL VPN solutions are also vulnerable to this type of attack. Corporate SSL VPN solutions will often authenticate against Active Directory, the NT Domain, LDAP, or some other centralized credentials data store. Sniffing the SSL VPN login then gives an attacker valid credentials to the corporate network and other systems.
What an End-User Needs To Know
There's a big step an end-user can take to prevent this from taking place. When the MITM Hacker uses the 'bad' certificate instead of the 'good,' valid certificate, the end-user is actually alerted to this. The problem is that most end-users don't understand what this means and will unknowingly agree to use the fake certificate. Below is an example of the Security Alert an end-user would receive. Most uneducated end-users would simply click 'Yes'… and this is the fatal flaw:
By clicking 'Yes,' they have set themselves up to be hacked. By clicking the 'View Certificate' button, the end-user would easily see that there is a problem. Below are examples of the various certificate views/tabs that show a good certificate compared to the bad certificate:
| Left One Good Certificate and right one fake certificate |
How an End-User Can Prevent This
Premium Tax Credit Irc
- Again, the simple act of viewing the certificate and clicking 'No' would have prevented this from happening.
- Education is the key for an end-user. If you see this message, take the time to view the certificate. As you can see from the examples above, you can tell when something doesn't look right. If you can't tell, err on the side of caution and call your online bank or the online store.
- Take the time to read and understand all security messages you receive. Don't just randomly click yes out of convenience.
How a Corporation Can Prevent This
- Educate the end-user on the Security Alert and how to react to it.
- Utilize One Time Passwords, such as RSA Tokens, to prevent the reuse of sniffed credentials.
- When using SSL VPN, utilize mature products with advanced features, such as Juniper's Secure Application Manager or Network Connect functionality.
To get our free books emailed to you and more detailed information on these credit and debit card hacking concepts on an ongoing basis you can join our list. Please remember that this is all for educational purposes only and you should never hack someones debit or bank cards. This wrong morally and illegal as well.
