Scribd
Upload
174 views22 pages

Carding Blackzero

This document discusses the philosophy of carding, which involves using someone else's credit cards without permission to purchase things online. It explains that credit card theft is a serious crime with possible legal consequences. It also includes a glossary that defines various terms related to carding and credit card fraud.

Uploaded by

ScribdTranslations
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
174 views22 pages

Carding Blackzero

This document discusses the philosophy of carding, which involves using someone else's credit cards without permission to purchase things online. It explains that credit card theft is a serious crime with possible legal consequences. It also includes a glossary that defines various terms related to carding and credit card fraud.

Uploaded by

ScribdTranslations
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 22

The philosophy of the carders is based on the fact that there are many people who have great

amountsofmoneythatwouldbenicetousesomeofthatmoneytobuy
some little things for each of them, since the card owner may not even
realize this purchase that he did not make for her. If you are thinking of buying for
Internet programs or subscriptions and they think that using carding will be very easy.
Well, they are absolutely right, it's very simple. They have to know that the theft of a
Credit card fraud is a universal crime, which can lead to serious criminal charges.
graves
belongs exactly to its owner.

BIN - Bank identification number. The first 6 digits of the CC. It is used
to identify the bank and the issuing card type.

Blockchain - The 'nucleus' of bitcoin; it usually refers to blockchain.info, where


All Bitcoin transactions are publicly registered.

BTC–Bitcoin.Anonymousdigitalcurrency.

BTC Wallet - a unique identifier that allows you to receive bitcoins.

Chargeback - the cardholder's bank reverses the withdrawal


of money from the card.

CC–Credit card

CID–Card Number Identification. 4-digit verification code on the back


front of the card [Amex].

CVC / CVC2 - card verification code. The same as the CVV, but for
Mastercard.

CVV / CVV2 - Card Verification Value. A 3-digit code on the back of the card.

DC - Debit Card. Card that resembles the credit card by the method of
E-shop–online store.

Exp–ExpirationDate.

ewallet – The external provider where bitcoins can be stored.

Fullz - credit card data that includes additional information, such as the date
date of birth, social security number, MMN, banking information, etc. Clarify with
Each provider what their fulls include.

GSM - Global System for Mobile Communication. A communication standard.


for mobile phones.

Hologram - A unique form of photographic printing that is an optical image


plane that at first glance looks like and provides a three-dimensional effect on a
flat surface. Holograms cannot be easily copied and are used for purposes of
security and aesthetics in the cards.

ICQ – a very popular instant messaging service among carders.

Issuing Bank - Financial institution that issued the card.

LR–LibertyReserve.Anonymousdigitalcurrency[nowobsolete].

MC–Mastercard.
Pidgin - Instant messaging client supports AOL, Yahoo, MSN networks,
ICQandJabber.

PIN–PersonalIdentificationNumber.Asecretcodeof4-12charactersthatallowsfor
an issuer to positively authenticate the cardholder in order to approve a
Automated teller machine or transaction terminal occurs in a point-of-sale device.
interaction.

Plastic – physical card. Generally, it refers to blank or cloned cards.

POS-PointofSale.Termcommonlyusedtodescribecashregistersystems.
registers the checkout transactions in a store
for less.

Reader–Undevice that reads the magnetic stripe of a credit card for


obtain account information for automatic processing for a
transaction. A credit card reader is well integrated into a record, which is
attachedtoarecordasaseparatecomponentorisitpartofaterminal
autonomousdedicatedtothesolefunctionofcreditcardtransactions
processing.

Rip-off Artist (Seller)

RFID – Radio Frequency Identification. Technology that allows an object to


person to identify at a distance, without physical contact, using radio waves to
activate and communicate with some form of label or card.
Track 2–The information about the credit card that has a field of 40
characters for the information. Normally a credit card number and expiration date
Expiration is contained in track 2.

Track 3 - It is normally not used. The information about the credit card that
it has 107 fields of alphanumeric information. Normally, a number
credit card, expiration date and space for additional information are
available on highway 3.

VBV–Verified by Visa–Visa's Secure 3-D protocol application.

VPN - Virtual Private Network.

What is carding?

Cardingisthe'art'ofpurchasinggoodsand/orservicesusingCCs(creditcards).
credit and debit) of third parties (victims) for our benefit. Those which
they can be obtained through hacking, phishing, social engineering and buying them from
reputable vendors throughout the deep web.

How many types of Carding exist?

Physical Carding: It consists of obtaining information from the magnetic stripes (dumps)
of credit or debit cards, through the use of skimmers, infected POS systems, etc. It is
to say by using a fake reader, to steal the information to later mount it
web pages.

(quotes): search exact phrase

and or not: logical operators 'and' or 'not'

Include and exclude. E.g. jaguar -cars: search for the word 'jaguar', but leave out the cars.
webs with the word 'cars'

(asterisk): wildcard, any word, but only one word

. (dot): wildcard, any word, one or many

intitle or allintitle: the searched expression is in the title

inurl or allinurl: the searched expression is in the URL

site: only searches for results within the web that follows 'site:'

filetype: only search for files of a type (doc, xls, txt…)

link: only search on pages that have a link to a certain website

only search on pages that have the searched expression in the link text

cache: shows the result in Google's cache of a web page


It's clear that what you want is to find vulnerable sales pages.
I recommend using .PHP as an extension.

Adding locality
Once we have our DORK set up, we can add a specific location to it.
for example PE (Peru) EC (Ecuador)...

This was achieved with the extension +site:(Places We Will Search) at the end of our
DORK,insuchawaythatitwouldenduplikethis.

inurl:'.php?cat=' + intext:'Buy' + site:PE


2L
. ets'gototheTabel.

3L
. uegoVamosAGetDBs

4T
. heegoofReversusLosDatos"UsingGetTables"

5F.olowmetogeC
t olumns.
There are different languages for encryption, such as: MD5, BINARY, BASE 64,
octal. For example a code
Encrypted in MD5 looks like this:
e2a318c07550893c9c9ebac094b0e875
decrypted looks like this: blackzero123

How to decrypt?

Therearemanyways,butthistimewewilluseourtools,inthiscasein
HAVJI.
We go to MD5 and in MD5 hash we paste our code to decrypt and give it
Start and we will have our password.

There are many, many collectible websites where we can buy.


There are websites where we can buy without needing the CVV. However, there are
shoppingwebsiteswhere
It is necessary to have an IP address from the same city as the card for it to work.
purchase made. That is where we use

the SOCK5 to obtain an IP from the city.

Where can I get SOCK5?

TherearemanypagesthatcanofferSOCKS5forfree.
The VPN connection over the Internet is technically a wide area network connection.
(WAN) between the sites but to the user it seems like a private link—of
there the designation 'virtual private network'

What is a BIN?

Thebiniswhatisknownasthe6digitsormoreofacredit/debitcard.
real, that is, with a physical owner.
For obvious reasons, the cards generated from it are not of real people, only
they are algorithms

PARTS OF A BIN:

A BIN mainly consists of 5 parts.


VPN, activate the corresponding country location of the BIN to increase the
possibilities that our bin works correctly.

This, almost varies in its requirement, usually the pages


they use it to send the billing of the purchase you made. Normally they are
5 digits

How to use a BIN?

As you may already know, a BIN is composed of 6 numbers.


Example:
522772xxxxxxxxxx
Generating:
To be able to generate, we will need a bin-based generator.
Well, let's assume we already have it.
Andwegeneratedafew.

5227721555440756
5227725207386317
5227720100707420
5227723132046650
5227723688203663
Now to do it we need a checker
Services are usually paid.

Live | 5227721555440756|05|2018|210| [Charge :$57.3] [BIN: - - - ] Check in


Blackzero500.onion at 12:20 am -June 06; 2017 Checker Blackzero

We can easily identify a BIN with different websites, I recommend using


https://www.binlist.net/ (optional, there are many websites with the same functions)
Identifying a BIN is highly useful as it allows us to filter which
Banks and countries are functional for our victim web.

Finding BINs is not difficult at all, it could even be said that it's the easiest part.
The complicated thing is knowing where our BIN works.

WellAfterHavingEverythingItWouldBeLeftToUsAsFollows:

These cards are pseudo-real, they are cards that respect the logic (algorithm) of the
credit cards, however, do not have an owner, at least not for the most part.

Example :
5227723688203663
CCV: 806
11/22
Angel Leon

And of course this last part is what we will use for our website.
Elscamorfakeisthefakesitewherevictimswillenter,forexample,wesetupa
fake Banamex, we cloned the Banamex website and when someone enters their data in
it's fake and we still receive it on a control panel or in our email, in summary it's a fake site
ofabankingentityoranother.

What is a mailer?

ItisaPHPcodethatisuploadedtoahostingandsendsemailsinbulk,the
The time and total number of emails I send will depend on the letter, hosting, and the PHP code.
Card number: 5180 2345 3942 8765
The odd positions are:
5
8
2
4
3
4
8
6
After this, the first 2 digits are multiplied together, then the next ones, and so on.
subsequently, to make it clearer, it would be as follows:
5*8=40
2*4=8
3*4=12
8*6=48
If we have numbers greater than 9, we add the numbers, that is, the reduced digits 8+5=13
then
1+3=4
Intheexampleitwouldlooklikethis:

5*8=40, 4+0=4
2*4=8 8
3*4=12 1+2=3
8*6=48 4+8=12 1+2=3
Insummary,thenumberswehaveleftare:
4
How to Obtain a Card

To obtain cards, the famous Social Engineering could come into play, what if
we call our victim and say something like the following:

Good afternoon, I amAngel Leon from the fraud section of MasterCard, we have detected
a possible fraudulent use of your card, so we need you to indicate all
the data from it, to perform a verification

This type of call is good to make during working hours since people are
finds herself worried with her mind focused only on her work for what she can.
to find a good moment for our victim to fall into this trap.
Is the card primary or an additional one? If it is for national or global use, what is the limit?
thathasthesame,etc.
The purchases that carders usually make are through the Internet or by phone, not from
very high amounts so that confirmation from the cardholder is not required and to not
raise suspicions.
Thecarderisverycareful;hecan'tgoaroundshoutinghisfeatstotheworldbecauseheis
athiefisstealing,ifheplacesanorderforanitemhecannotorderanotherandanother
The item at the same address needs to be rotated in places.
Generally, if the package is at the post office, the recipient won't be there if
there were many people who would prefer not to take risks and not even get any closer to the place anymore
thatcouldbedangerousforhim
A carder never asks for something huge.

SCAMS

In this topic we will discuss the platform that the carder works with and how we
Once uploaded as we see in the image, we will edit the file 'Email.php'.
and this code will come out for us:

<?
youemail@hotmail.comCHANGE YOUR EMAIL OK.
?>

We will put our email in the part of the email so that it arrives.
the data of the people, and that's it

We already have our 100% stable Scam:


electronics that are linked to PayPal accounts / can be obtained by dumping a website
thathasthePayPaltablesandtheemailsorusinganextractorof
emails to a 'Shop' website linked with PayPal, but for that we need the
next :

Mailer to send spam to emails


2- Letter in this case from PayPal to send the message via HTML

I recommend that you upload the Mailer on a separate server, not on the same one.
server scam since the mailer can be easily burned.

Well, once the mailer is uploaded, we will have it like this:


-------------------------------------------------

Source Edit :

<html>
<body>
<p>
<a href="http://domain-of-the-scam"><img alt=""
src=" http://s15.post img.or g/pfih678h7/222222.png" /></a></p>

</html>

Once modified correctly, we will fill in the data to spam the emails.
electronics
Emboster

It is the device that gives relief to the cards. (the little numbers of the card number)
andthenameoftheholder).

Cardprinter:

small machine that prints on plastic cards.


And the last thing is a little machine that attaches the magnetic strips to the plastic.

Prefabricated cards (White card).

Well, once we have all of this, we get a dump, we make a few.


cards
And to conclude, some Dork, a topic we were discussing.
previously

Index of /chat/logs
ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-"
Users and admin passwords to access and modify a website

# dumping data for table `PASSWORD` varchar


Complete dumped SQL databases contain user data and passwords.

intitle:"index of" "Index of /"password.txt


Servers with a file called password.txt.

You might also like