Carding is one of the branches of hacking with a specific specialization consisting in fraud with bank cards. There is strict specialization in carding. Someone gets pin codes and card numbers, someone makes so-called “white plastic” - credit cards on which the data of a real card is recorded, but which do not look like real ones, someone puts drawings and emblems on this plastic and holograms to make it look like a real card. And someone, mostly young children and homeless people, go and cash out these cards or buy something with them. Be that as it may, in any case, the essence of carding is the use of someone else’s credit card or bank account data to carry out fraudulent transactions and deprive you of your funds.
Network carding is precisely a web fraud, because... Credit card details are usually taken from hacked servers of online stores, payment and settlement systems, as well as from personal computers (often with the help of Trojans and worms).
The most common method of stealing electronic credit card details today is phishing - the creation by scammers of a website that will be trusted by the user. For example, a site similar to the site of the bank of the credit card user, through which, in fact, the credit card is stolen.
Also, today there are many services where you can purchase stolen details from the hands of other carders who sell them in bulk, usually for $1-2 per piece. One of the largest carder communities for a long time was carderplanet.net. Web scammers gathered there, shared news and technologies, and at the same time carried out transactions for the purchase/sale of various “accessories” for carding. However, the resource was discovered and closed by the authorities. But of course, this did not bring significant success in the fight against carding. Currently, insurance and banking services are losing millions of dollars every year thanks to carding.
Many admins leave the following directories open:
Directories of this kind contain files like:
You also need to look at the *.cfg, *.pw and *.olf files.
It is worth typing in the search line, for example, “Index of /orders.log”, then simply searching through the necessary links, and then checking the received credit cards. This is how attackers gain access to your cards.
Visitors are offered various products at prices below market prices. How it's done? It’s very simple: ransomware just offers, but doesn’t sell anything. For example: a website is being created to sell super-sophisticated computers at a ridiculous price. After some advertising about super-low prices, a visitor comes to the site and wants to buy these computers. He buys them using a bank card, the data of which is sent to the e-mail of the hackers, and after a couple of days the buyer receives a letter with the following content: The company apologizes, but the service is impossible, or something similar...
Now there is almost an analogue of Cart32, the so-called VP-ASP. Oddly enough, it is also full of holes. All actions described below are carried out through an anonymous proxy. For example, by typing shopadmin.asp on Altavista, any site that prompts you to enter a password and login is selected. By default, the login password is: admin/admin, vpasp/vpasp or 'or''='. If you manage to log in, the hacker can view/delete/change various data: product lists, product categories, as well as information about bank cards. But if the system administrator is competent, then he changes the password.
In this case, hackers can again gain access by default to the user database in unencrypted form, which is located in the file shopping300.mdb/shopping400.mdb. Again, a competent admin can change the file name. In this case, scammers can view the file shopdbtest.asp, which is publicly accessible and reveals the location of the database inside the xDatabase value. The file name is copied and the .mdb extension is added, since the file name is written without an extension.
If the fraudster is lucky and everything works out for him, then he has in his hands a database of melon credit cards, which he may not use himself, but will sell.
The main idea and task of skimming is to read the necessary data (contents of the track/track) of the magnetic stripe of the card for its subsequent reproduction on a fake one. Thus, when conducting a transaction using a counterfeit card, the authorization request and debiting funds for the fraudulent transaction will be carried out from the account of the original, “skimmed” card. Together with the skimmer, a miniature video camera can be used installed on the ATM and aimed at the input keyboard in the form of an ATM visor or extraneous overlays, for example, advertising materials, so you can obtain the holder's PIN, and then receive cash at ATMs using a fake card (having track data and PIN original).
These devices are powered by autonomous energy sources - miniature power batteries, and to make them more difficult to detect, they are manufactured and disguised to match the color and shape of an ATM.
Skimmers can both accumulate stolen information about plastic cards and remotely transmit it via radio to attackers located nearby. The copied information makes it possible to make a duplicate card and, knowing the PIN, withdraw all the money within the issuance limit, both in Russia and abroad. In addition, fraudsters, using the received bank card information, can make purchases at retail outlets.
(c) https://pro-spo.ru/informaczionnaya...aking-skrimming-metody-i-sovety-?device=xhtml
Carding can be divided into two categories:
- real carding – creating physical duplicates of credit cards and cashing them out at ATMs or stores;
- network carding – cashing out funds by making purchases in online stores and making other online payments using stolen details of someone else’s credit card without making a physical duplicate of it.
Network carding is precisely a web fraud, because... Credit card details are usually taken from hacked servers of online stores, payment and settlement systems, as well as from personal computers (often with the help of Trojans and worms).
The most common method of stealing electronic credit card details today is phishing - the creation by scammers of a website that will be trusted by the user. For example, a site similar to the site of the bank of the credit card user, through which, in fact, the credit card is stolen.
Also, today there are many services where you can purchase stolen details from the hands of other carders who sell them in bulk, usually for $1-2 per piece. One of the largest carder communities for a long time was carderplanet.net. Web scammers gathered there, shared news and technologies, and at the same time carried out transactions for the purchase/sale of various “accessories” for carding. However, the resource was discovered and closed by the authorities. But of course, this did not bring significant success in the fight against carding. Currently, insurance and banking services are losing millions of dollars every year thanks to carding.
How do they steal?
Method 1.
This method is based on the vulnerability of OnLine stores. Just go to some well-known search engine (for example, http://www.altavista.com/ or http://www.yahoo.com/) and enter a couple of words. Which ones?!Many admins leave the following directories open:
Code:
/orders
/Order
/Orders
/order
/config
/Admin_files
/mall_log_files
/PDG_Cart
PDG_Cart/order.log
PDG_Cart/shopper.conf
/pw
/store/customers
/store/temp_customers
/WebShop
/webshop
/WebShop/ templates
/WebShop/logs
/cgi/PDG_Cart/order.log
/PDG_Cart/authorizenets.txt
/cgi-bin/PDG_Cart/mc.txt
/PDG/order.txt
/cgi-bin/PDG_cart/card.txt
/PDG_Cart/shopper. conf
/php/mlog.phtml
/php/mylog.phtml
/webcart/carts
/cgi-bin/orders.txt
/WebShop/logs
/cgi-bin/AnyForm2
/cgi-bin/mc.txt
/ccbill/secure/ccbill. log
/cgi-bin/orders/mc.txt
/WebCart/orders.txt
/cgi-bin/orders/cc.txt
/cvv2.txt
/cgi-bin/orderlog.txt
/WebShop/logs
/orderb/shop.mdb
/ _private/shopping_cart.mdb
/scripts/iisadmin/tools/mkilog.exe
/cool-logs/mylog.html
/cool-logs/mlog.html
/easylog/easylog.html
/HyperStat/stat_what.log
/mall_log_files/
/scripts/weblog
/super_stats/access_logs
/trafficlog
/wwwlog
/Admin_files/order.log
/bin/orders/orders.txt
/cgi/orders/orders.txt
/cgi-bin/orders/orders.txt
/cgi-sys/orders/orders.txt
/cgi-local/orders/orders.txt
/htbin/orders/orders.txt
/cgibin/orders/orders.txt
/cgis/orders/orders.txt
/scripts/orders/orders.txt
/cgi-win/orders/orders .txt
/bin/pagelog.cgi
/cgi/pagelog.cgi
/cgi-bin/pagelog.cgi
/cgi-sys/pagelog.cgi
/cgi-local/pagelog.cgi
/cgibin/pagelog.cgi
/cgis/pagelog.cgi
/scripts/pagelog.cgi
/cgi-win/pagelog.cgi
/bin/DCShop/auth_data/auth_user_file.txt
/cgi/DCShop/auth_data/auth_user_file.txt
/cgi-bin/DCShop/auth_data/auth_user_file.txt
/cgi-sys /Dcshop/auth_data/auth_user_file.txt
/cgi-local/dcshop/auth_data/auth_file.txtbin/dcshop/auth_data/auth_user_file.txt/cgibin/dcshop /Auth_data/auth_user_file.txt /cgis/dcshop/auth_data/auth_user_file.txt
/scripts/DCShop/auth_data/auth_user_file.txt /cgi-win/DCShop/auth_data/auth_user_file.txt
/bin/DCShop/orders/orders.txt
/cgi/DCShop/orders/orders.txt
/cgi-bin/DCShop/orders/orders.txt
/cgi-sys/DCShop/orders/orders.txt
/cgi-local/DCShop /orders/orders.txt
/htbin/DCShop/orders/orders.txt
/cgibin/DCShop/orders/orders.txt
/cgis/DCShop/orders/orders.txt
/scripts/DCShop/orders/orders.txt
/cgi-win /DCShop/orders/orders.txt
/dc/auth_data/auth_user_file.txt
/dcshop/orders/orders.txt
/dcshop/auth_data/auth_user_file.txt
/dc/orders/orders.txt
/orders/checks.txt
/orders/mountain .cfg
/cgi-bin/shopper.cgi&TEMPLATE=ORDER.LOG
/webcart/carts
/webcart-lite/orders/import.txt
/webcart/config
/webcart/config/clients.txt
/webcart/orders
/webcart/orders/import .txt
/WebShop/logs/cc.txt
/WebShop/templates/cc.txt
/bin/shop/auth_data/auth_user_file.txt
/cgi/shop/auth_data/auth_user_file.txt
/cgi-bin/shop/auth_data/auth_user_file.txt
/cgi-sys/shop/auth_data/auth_user_file.txt
/cgi-local/shop/auth_data/auth_user_file.txt
/htbin/shop/auth_data/auth_user_file.txt
/cgibin/shop/auth_data/auth_user_file.txt
/cgis/shop/auth_data /auth_user_file.txt
/scripts/shop/auth_data/auth_user_file.txt
/cgi-win/shop/auth_data/auth_user_file.txt
/bin/shop/orders/orders.txt
/cgi/shop/orders/orders.txt
/cgi-bin /shop/orders/orders.txt
/cgi-sys/shop/orders/orders.txt
/cgi-local/shop/orders/orders.txt
/htbin/shop/orders/orders.txt
/cgibin/shop/orders/orders .txt
/cgis/shop/orders/orders.txt
/scripts/shop/orders/orders.txt
/cgi-win/shop/orders/orders.txt
/bin/shop.pl/page=;cat%20shop.pl
/ cgi/shop.pl/page=;cat%20shop.pl
/cgi-bin/shop.pl/page=;cat%20shop.pl
/cgi-sys/shop.pl/page=;cat%20shop.pl
/cgi -local/shop.pl/page=;cat%20shop.pl
/htbin/shop.pl/page=;cat%20shop.pl
/cgibin/shop.pl/page=;cat%20shop.pl
/cgis/shop. pl/page=;cat%20shop.pl
/scripts/shop.pl/page=;cat%20shop.pl
/cgi-win/shop.pl/page=;cat%20shop.pl
/bin/cart.pl
/cgi /cart.pl
/cgi-bin/cart.pl
/cgi-sys/cart.pl
/cgi-local/cart.pl
/htbin/cart.pl
/cgibin/cart.pl
/scripts/cart.pl
/cgi-win /cart.pl
/cgis/cart.pl
/bin/cart.pl
/cgi/cart.pl
/cgi-bin/cart.pl
/cgi-sys/cart.pl
/cgi-local/cart.pl
/htbin/cart .pl
/cgibin/cart.pl
/cgis/cart.pl
/scripts/cart.pl
/cgi-win/cart.pl
/bin/cart32.exe
/cgi/cart32.exe
/cgi-bin/cart32.exe
/cgi-sys/cart32.exe
/cgi-local/cart32.exe
/htbin/cart32.exe
/cgibin/cart32.exe
/cgis/cart32.exe
/scripts/cart32.exe
/cgi-win/cart32.exe
/cgi-bin/www-sql;;;
/server%20logfile;;;
/cgi-bin/pdg_cart/order.log
/cgi-bin/shopper.exe?search
/orders/order.log
/orders/import.txt
/orders/checks.txt
/orders/orders.txt
/Orders/order.log
/order/order.log
/WebShop/logs/ck.log
/WebShop/logs/cc.txt
/WebShop/templates/cc.txt
/_private/orders.txtDirectories of this kind contain files like:
Code:
orders.txt
order.txt
import.txt
checks.txt
order_log
order.log
orders.log
orders_log
log_order
log_orders
temp_order
temp_orders
order_temp
orders_temp
quikstore.cfg
quikstore.cgi
order_log_v12.dat
also order_log.dat
web_store.cgi
storemgr.pw
admin.pw
cc.txt
ck.log
shopper. confYou also need to look at the *.cfg, *.pw and *.olf files.
It is worth typing in the search line, for example, “Index of /orders.log”, then simply searching through the necessary links, and then checking the received credit cards. This is how attackers gain access to your cards.
Method 2.
Creation of a porn site. They are almost always willing to pay for this. A cool home page is created, preferably in flash and without frames (that’s what users like), and a page for free access (free trial) with a dozen high-quality photos on it. Registration is done to receive from lamers/users their credit card numbers and the data necessary to remove data from the card. All work for 2 hours! At the same time, the registered person is promised that the password for access will be sent in 2 hours, and thus the mailbox will also be recognized - a double benefit. It is clear that no one will send you the password, but you will receive a notification that the site is temporarily down. The main trick: don’t go overboard on prices. And credit cards are checked by fraudsters to see if they are owned by minors. This method gives access to a minimum number of cards. Those. creating such a site becomes not very profitable for scammers. That's why theyMethod 3.
I have a better idea: opening an online store.Visitors are offered various products at prices below market prices. How it's done? It’s very simple: ransomware just offers, but doesn’t sell anything. For example: a website is being created to sell super-sophisticated computers at a ridiculous price. After some advertising about super-low prices, a visitor comes to the site and wants to buy these computers. He buys them using a bank card, the data of which is sent to the e-mail of the hackers, and after a couple of days the buyer receives a letter with the following content: The company apologizes, but the service is impossible, or something similar...
Method 4.
MetaCart2.sql is a shopping system based on ASP + MS SQL. A discovered vulnerability in the program allows an attacker to gain access to the database where sensitive data is stored (credit card numbers, addresses, E-mail, etc.). A vulnerability was discovered in MetaLinks MetaCart2.sql. This system was installed on many online stores. Cart32 itself was very full of holes; it was possible to view databases with credit cards. Fortunately, the system administrators closed the holes.Now there is almost an analogue of Cart32, the so-called VP-ASP. Oddly enough, it is also full of holes. All actions described below are carried out through an anonymous proxy. For example, by typing shopadmin.asp on Altavista, any site that prompts you to enter a password and login is selected. By default, the login password is: admin/admin, vpasp/vpasp or 'or''='. If you manage to log in, the hacker can view/delete/change various data: product lists, product categories, as well as information about bank cards. But if the system administrator is competent, then he changes the password.
In this case, hackers can again gain access by default to the user database in unencrypted form, which is located in the file shopping300.mdb/shopping400.mdb. Again, a competent admin can change the file name. In this case, scammers can view the file shopdbtest.asp, which is publicly accessible and reveals the location of the database inside the xDatabase value. The file name is copied and the .mdb extension is added, since the file name is written without an extension.
If the fraudster is lucky and everything works out for him, then he has in his hands a database of melon credit cards, which he may not use himself, but will sell.
Method 5.
Large supermarkets accept credit cards. After such payment, the buyer remains with a receipt and a “Slip”. And many simply throw it in the trash. You should not do this, since the carder receives an almost real card. Only Visa, MasterCard and AmericanExpress (aka Amex) are suitable here. (This is usually written on the slip.)Method 6.
The carder can ask a waiter friend to quietly copy down the card number and give/sell it, so you shouldn’t even give your cards to strangers for a while.Method 7.
A major hacker is able to hack some web-shop and copy a file or log with card data.Skimming
A special case of carding is skimming (from the English skim - skim the cream), which uses a skimmer - a tool for reading, for example, the magnetic track of a payment card. The device is installed in the card capture reader and card reader on the front door of the customer service area in the bank premises and is a device with a magnetic reading head, an amplifier-converter, memory and an adapter for connecting to a computer. Skimmers can be portable or miniature.The main idea and task of skimming is to read the necessary data (contents of the track/track) of the magnetic stripe of the card for its subsequent reproduction on a fake one. Thus, when conducting a transaction using a counterfeit card, the authorization request and debiting funds for the fraudulent transaction will be carried out from the account of the original, “skimmed” card. Together with the skimmer, a miniature video camera can be used installed on the ATM and aimed at the input keyboard in the form of an ATM visor or extraneous overlays, for example, advertising materials, so you can obtain the holder's PIN, and then receive cash at ATMs using a fake card (having track data and PIN original).
These devices are powered by autonomous energy sources - miniature power batteries, and to make them more difficult to detect, they are manufactured and disguised to match the color and shape of an ATM.
Skimmers can both accumulate stolen information about plastic cards and remotely transmit it via radio to attackers located nearby. The copied information makes it possible to make a duplicate card and, knowing the PIN, withdraw all the money within the issuance limit, both in Russia and abroad. In addition, fraudsters, using the received bank card information, can make purchases at retail outlets.
(c) https://pro-spo.ru/informaczionnaya...aking-skrimming-metody-i-sovety-?device=xhtml
