While not all individuals involved in cracking (often referred to as "hackers") are spammers, it is true that skilled spammers are likely to possess knowledge about cracking techniques. This is because some of the tools required for spamming can be easily obtained through cracking rather than purchasing them.
For newcomers interested in gaining unauthorized access to banks, it is advisable to first familiarize yourself with the basics of cracking. Assuming you have no funds at all and are starting from scratch, there is a workaround available. You will need certain tools to acquire others, given that you lack the financial means to make purchases. Here's how:
First and foremost, to begin cracking, you will require a dedicated workspace such as an RDP (Remote Desktop Protocol) or VPS (Virtual Private Server). This is crucial for two reasons: to prevent potential virus infections on your personal computer in case the tool happens to be disguised as malware, and to ensure uninterrupted workflow even while you are asleep. Although such workspaces are available for sale on darknet markets and websites like Olux and Xleet, it is unnecessary to buy them. Personally, I have never purchased one, yet I possess more than enough. There are Indian hackers on Telegram willing to exchange tools with you, provided you possess a tool they can benefit from. When I started, I convinced a few individuals that I could crack as many SMTP (Simple Mail Transfer Protocol) servers as they desired if they would provide me with an RDP to perform the cracking on. Surprisingly, it worked!
Secondly, you will need crackers or checkers. Numerous clearnet fraud and hacking forums offer these tools for free, and a simple Google search can lead you to them. However, be aware that 99% of these tools may contain backdoors (allowing the tool's owner to access your results) and/or malware. Since you will be working on an RDP, this shouldn't pose a problem. Nevertheless, instead of obtaining these tools from such sources, it is better to acquire them directly from the original sources, which are often found on GitHub. Please note that using most of these tools requires some knowledge of Python or PHP, depending on the programming language they are written in. The coders usually provide installation instructions on GitHub.
Thirdly, it is important for you to understand what you intend to crack, as this will depend on your specific needs. Here are a few examples:
- SMTPs (combination lists in the form of email
assword or IP lists, depending on the tool)
- cPanels (vulnerable website lists or IP lists, then reverse the domain)
- Shells (vulnerable website lists or IP lists, then reverse the domain)
- AWS (Amazon Web Services) (emailassword combination lists)
- Azure (Microsoft Azure) (emailassword combination lists)
...and so on.
While these can be purchased, considering the assumption I made at the beginning of this post, it is safe to say you have no funds available.
Combo lists: You can usually find them somewhere, but trust me, most of those are useless. If you are looking for high-quality ones that are not already compromised, you have two options:
1. Purchase them from a trusted source.
2. Familiarize yourself with Dorking databases and dehashing techniques to create your own private lists.
Website lists: You can scan a range of IP addresses, check for valid ones, and then reverse the IP to find the associated domain.
Crackers/checkers come in various forms:
- Python scripts, which may require the installation of both Python 2 and 3, depending on the tool's requirements.
- PHP scripts, which require the installation of XAMP to run.
- Bullet tools (such as Open Bullet, Silver Bullet, etc.), which require the use of proxies. You can obtain free proxies from GitHub or sites like ProxyScrape. Additionally, configuration files for these tools can often be found on forums, but it's advisable to use the latest versions, preferably no more than a year old.
- Some tools may require reversing the domain to obtain the IP addresses for cracking.
With enough dedication, perseverance, and determination, you can embark on your journey into bank spamming without spending any money. justt like me, I started from scratch and didn't spend a single dime. However, it is important to remember that "nothing comes free," and in this case, what you are investing is your time. Trust me when I say, 'Never underestimate the determination and potential of someone who lacks financial resources but possesses an abundance of time.'
Furthermore, if you are interested in obtaining a free RDP, you can acquire an edu email and sign up for Microsoft Azure. Visit the student credit section and apply to receive a $100 credit, which you can use to create virtual machines and perform your tasks. By setting the right parameters, this credit can last you for months. Best of all, it's completely free!
SCAMA:
Now, with all that being said, it's time to discuss spamming! Public scam pages can often be found on Telegram, but they are unreliable, compromised, and mostly outdated. However, you can exchange a private tool for something you already have, like an RDP (Remote Desktop Protocol), which will grant you the ability to create as many RDPs as you need. This can be useful for those who are always in need of RDPs on Telegram. It's essential to obtain a reliable tool like "scama" that delivers to the Telegram bot and always check for any potential backdoors!
LEADS:
When it comes to acquiring leads, I recommend focusing on SMS spamming, as it is my preferred method (I won't be discussing email spamming in this context). To spam mobile numbers, you can utilize the SMTP (Simple Mail Transfer Protocol) you have cracked and use a technique called SMTP to SMS. There are various ways to collect number leads, but one common approach is using paid tools to generate random numbers and then validate them. However, if you don't have the means to purchase such tools, the best option is to obtain leaked databases country-wise. You can obtain the database in CSV/XLS format, open it in PowerPoint, extract only the phone number columns, and save them in a TXT file. If you're fortunate, your database may already have the numbers sorted by carriers. However, if not, you'll need a carrier validator/separator tool. While most of these tools are paid, there is one called 'spider validator' that you can find for free on clearnet forums. It does a good job of sorting carriers, as I have personally confirmed the validity of the carriers it identifies. Once you have sorted the carriers into different TXT files, you need to know the carriers' email-to-SMS domains/gateways. You can easily find this information by conducting a simple Google search. Then, you can add the appropriate carrier email domain to the end of each number using a text editor like Notepad++. For example, if "+1 (xxx) xxx xxxx" is a T-Mobile number, it would become "XXXXXXXXXX[at]tmomail[dot]com". Finally, merge all the other leads into a single TXT file, with each lead on a separate line. This is why it is crucial to sort the carriers of your leads.
DOMAIN & HOSTING:
Always use cracked panels/hosting. Fresh ones are easily detected and blocked. Fresh domains can be purchased from server providers, and they will provide you with a panel link to host it with. However, cracked cPanel already comes with domains. You can crack cPanels using checkers mentioned in Part 1, but it is more difficult and complicated than cracking SMTPs. Alternatively, you can exchange cracked WHM (WebHost Manager) with another spammer who needs what you have and has more than enough panels. Once you have gained access to your cracked cPanel (some may allow you to change the password, while others may not), create a subdomain that includes a slight variation of the bank's name you intend to spam. Link this subdomain to a folder in the root directory where you will store your scama files. It is important to force the subdomain to redirect to HTTPS and obtain a free SSL certificate to ensure it is certified secure (you can find instructions on how to do this by conducting a Google search). Alternatively, you can obtain a cracked WordPress admin panel and follow the same steps. Then, go to the file manager section and upload your scama to the folder where you directed your subdomain link. Don't forget to include your details in the scama to receive the results.
SENDOUT:
Now, let's discuss the most important part of this process. Any email sender can be used for this SMTP-to-SMS sendout since you are essentially sending to an email domain. However, it is recommended to use a sender that rotates SMTPs, as you will need numerous SMTPs and it can be challenging to figure out the sending limits for each one individually. Additionally, if one SMTP fails, it should be automatically replaced with a functioning one. I recommend senders like Gammadyne and Heartsender v3, but make sure to acquire cracked versions from forums. Set the sending rate to one email every 30-45 seconds. Before proceeding, it is crucial to test your sendout on a number to ensure it delivers successfully.
LETTER:
At this point, your creativity is required. In the world of SMS spamming, many spammers face challenges with sendout issues. Those using SIMs and GSM to sendout often encounter SIMs that become inactive after sending a few hundred messages. Moreover, there are now numerous banned words that prevent your messages from being delivered. To overcome these obstacles, you must be creative, use proper English, and avoid the banned words (which I cannot specify as I do not know all of them). One effective approach is to use a letter that has previously been proven successful. Additionally, ensure that any links included in your letter are as short as possible. If the link is too long, consider using a URL shortener.
- Instead of cracking or obtaining a cracked cPanel, you can acquire a cracked WHM and create unlimited cPanels from it. However, this method is more challenging to crack or obtain.
- Creating a subdomain is necessary to avoid disrupting the activities of the legitimate panel owner on their main domain. Fortunately, the owner may not notice that you have created a subdomain.
- To avoid acquiring numerous low-limit SMTPs, consider cracking a few high-limit SMTPs and using justt one or two. For example, AWS SES (Amazon Web Services Simple Email Service) has a daily limit of up to 50,000 emails and boasts a good inbox rating. Japanese SMTPs are also worth considering.
By now, you should have a clear understanding of all the stages involved in obtaining your logs. With practice, you can improve your skills and discover better methods. However, it's important to note that spamming logs also involves cashing them out. A skilled spammer should know how to cash out their logs, depending on the banks they are targeting. There are various methods for cashing out, depending on the type of log (bank name and features) and the type of drop
So by now I believe know all stages involved in how to get your logs, by practising you improve your skills and know better ways. but spamming logs also got a thing to do w cashing it out, a good spammer should know how to cashout his logs (what banks to spam).
There are different ways to go bout that but it's a two way thing, first it depends on your type of log (bank name and features) and your type of drop (bank type and features).
Cashout methods range from:
ACH (most common) (Pull or push)
Wire transfer
Member to Member transfer (M2M common for credit unions)
DD
DDA
Bill Pay
Check
All these requires different types of logs and different types of drops as well as different types of access (email access or sim swap). You gon need quite an amt of research to know em all.
Wire transfers got a very high rate of success and almost instant reflection but you need lotta cash for sim swap (this post still assumes you ain't got a dime for that) and it's done from inside the log.
ACH on the other hand these days is a 50-50 kinda thing, but mostly credit unions are use as drops for ACH now. ACH pull is done from inside the drop while ACH push is done from inside the log, mostly takes 3-5 days reflection.
You send a check from inside the log to the bank address of your your drop w the details of your drop. Yea, almost like Bill Pay. So far folks recorded almost a 100% hit rate with no charge backs, it's a bank to bank thing (check goes from the bank physical address of your log, to the bank physical address of your drop then the bank of your drop makes the deposit for you). Not all logs got this feature though, just Wells and Huntington to mention a few.
Now there's check which requires sum lil skills:
+You get the log
+You get the check paper w the security features
+Get a check printer w the ink
+You need a premium check writer to fill details of log and drop in the check
+Send through dispatch to your head to deposit at the ATM (WC should be deposited at the ATM best, but you can MD also)
Aged drop best for a WC play, and it got a 90% hit rate, infact most spammers I know are diverting to this now.
Actual cost:
RDP ~$10
Private page (that delivers to telegram bot) ~$300
Domain ~$20
1mo Hosting ~$50
Leads generator and validator tool ~$100
Sendout Service ~$30/k minimum 5k
Although, there quite a number of spamming services that allows you to pay for subscription and they cover up some stages of spamming for you. For example there's strox, robin, nkp. Some host your page for you (meaning you don't gotta buy any page from anywhere just get a domain, leads and sendout) while some just let you use their page for a timeframe.
This is just to make you know what's what. And these are popular services on clearnet forums. but I do not guarantee or vouch for any of them.
For newcomers interested in gaining unauthorized access to banks, it is advisable to first familiarize yourself with the basics of cracking. Assuming you have no funds at all and are starting from scratch, there is a workaround available. You will need certain tools to acquire others, given that you lack the financial means to make purchases. Here's how:
First and foremost, to begin cracking, you will require a dedicated workspace such as an RDP (Remote Desktop Protocol) or VPS (Virtual Private Server). This is crucial for two reasons: to prevent potential virus infections on your personal computer in case the tool happens to be disguised as malware, and to ensure uninterrupted workflow even while you are asleep. Although such workspaces are available for sale on darknet markets and websites like Olux and Xleet, it is unnecessary to buy them. Personally, I have never purchased one, yet I possess more than enough. There are Indian hackers on Telegram willing to exchange tools with you, provided you possess a tool they can benefit from. When I started, I convinced a few individuals that I could crack as many SMTP (Simple Mail Transfer Protocol) servers as they desired if they would provide me with an RDP to perform the cracking on. Surprisingly, it worked!
Secondly, you will need crackers or checkers. Numerous clearnet fraud and hacking forums offer these tools for free, and a simple Google search can lead you to them. However, be aware that 99% of these tools may contain backdoors (allowing the tool's owner to access your results) and/or malware. Since you will be working on an RDP, this shouldn't pose a problem. Nevertheless, instead of obtaining these tools from such sources, it is better to acquire them directly from the original sources, which are often found on GitHub. Please note that using most of these tools requires some knowledge of Python or PHP, depending on the programming language they are written in. The coders usually provide installation instructions on GitHub.
Thirdly, it is important for you to understand what you intend to crack, as this will depend on your specific needs. Here are a few examples:
- SMTPs (combination lists in the form of email
assword or IP lists, depending on the tool)- cPanels (vulnerable website lists or IP lists, then reverse the domain)
- Shells (vulnerable website lists or IP lists, then reverse the domain)
- AWS (Amazon Web Services) (email
assword combination lists)- Azure (Microsoft Azure) (email
assword combination lists)...and so on.
While these can be purchased, considering the assumption I made at the beginning of this post, it is safe to say you have no funds available.
Combo lists: You can usually find them somewhere, but trust me, most of those are useless. If you are looking for high-quality ones that are not already compromised, you have two options:
1. Purchase them from a trusted source.
2. Familiarize yourself with Dorking databases and dehashing techniques to create your own private lists.
Website lists: You can scan a range of IP addresses, check for valid ones, and then reverse the IP to find the associated domain.
Crackers/checkers come in various forms:
- Python scripts, which may require the installation of both Python 2 and 3, depending on the tool's requirements.
- PHP scripts, which require the installation of XAMP to run.
- Bullet tools (such as Open Bullet, Silver Bullet, etc.), which require the use of proxies. You can obtain free proxies from GitHub or sites like ProxyScrape. Additionally, configuration files for these tools can often be found on forums, but it's advisable to use the latest versions, preferably no more than a year old.
- Some tools may require reversing the domain to obtain the IP addresses for cracking.
With enough dedication, perseverance, and determination, you can embark on your journey into bank spamming without spending any money. justt like me, I started from scratch and didn't spend a single dime. However, it is important to remember that "nothing comes free," and in this case, what you are investing is your time. Trust me when I say, 'Never underestimate the determination and potential of someone who lacks financial resources but possesses an abundance of time.'
Furthermore, if you are interested in obtaining a free RDP, you can acquire an edu email and sign up for Microsoft Azure. Visit the student credit section and apply to receive a $100 credit, which you can use to create virtual machines and perform your tasks. By setting the right parameters, this credit can last you for months. Best of all, it's completely free!
SCAMA:
Now, with all that being said, it's time to discuss spamming! Public scam pages can often be found on Telegram, but they are unreliable, compromised, and mostly outdated. However, you can exchange a private tool for something you already have, like an RDP (Remote Desktop Protocol), which will grant you the ability to create as many RDPs as you need. This can be useful for those who are always in need of RDPs on Telegram. It's essential to obtain a reliable tool like "scama" that delivers to the Telegram bot and always check for any potential backdoors!
LEADS:
When it comes to acquiring leads, I recommend focusing on SMS spamming, as it is my preferred method (I won't be discussing email spamming in this context). To spam mobile numbers, you can utilize the SMTP (Simple Mail Transfer Protocol) you have cracked and use a technique called SMTP to SMS. There are various ways to collect number leads, but one common approach is using paid tools to generate random numbers and then validate them. However, if you don't have the means to purchase such tools, the best option is to obtain leaked databases country-wise. You can obtain the database in CSV/XLS format, open it in PowerPoint, extract only the phone number columns, and save them in a TXT file. If you're fortunate, your database may already have the numbers sorted by carriers. However, if not, you'll need a carrier validator/separator tool. While most of these tools are paid, there is one called 'spider validator' that you can find for free on clearnet forums. It does a good job of sorting carriers, as I have personally confirmed the validity of the carriers it identifies. Once you have sorted the carriers into different TXT files, you need to know the carriers' email-to-SMS domains/gateways. You can easily find this information by conducting a simple Google search. Then, you can add the appropriate carrier email domain to the end of each number using a text editor like Notepad++. For example, if "+1 (xxx) xxx xxxx" is a T-Mobile number, it would become "XXXXXXXXXX[at]tmomail[dot]com". Finally, merge all the other leads into a single TXT file, with each lead on a separate line. This is why it is crucial to sort the carriers of your leads.
DOMAIN & HOSTING:
Always use cracked panels/hosting. Fresh ones are easily detected and blocked. Fresh domains can be purchased from server providers, and they will provide you with a panel link to host it with. However, cracked cPanel already comes with domains. You can crack cPanels using checkers mentioned in Part 1, but it is more difficult and complicated than cracking SMTPs. Alternatively, you can exchange cracked WHM (WebHost Manager) with another spammer who needs what you have and has more than enough panels. Once you have gained access to your cracked cPanel (some may allow you to change the password, while others may not), create a subdomain that includes a slight variation of the bank's name you intend to spam. Link this subdomain to a folder in the root directory where you will store your scama files. It is important to force the subdomain to redirect to HTTPS and obtain a free SSL certificate to ensure it is certified secure (you can find instructions on how to do this by conducting a Google search). Alternatively, you can obtain a cracked WordPress admin panel and follow the same steps. Then, go to the file manager section and upload your scama to the folder where you directed your subdomain link. Don't forget to include your details in the scama to receive the results.
SENDOUT:
Now, let's discuss the most important part of this process. Any email sender can be used for this SMTP-to-SMS sendout since you are essentially sending to an email domain. However, it is recommended to use a sender that rotates SMTPs, as you will need numerous SMTPs and it can be challenging to figure out the sending limits for each one individually. Additionally, if one SMTP fails, it should be automatically replaced with a functioning one. I recommend senders like Gammadyne and Heartsender v3, but make sure to acquire cracked versions from forums. Set the sending rate to one email every 30-45 seconds. Before proceeding, it is crucial to test your sendout on a number to ensure it delivers successfully.
LETTER:
At this point, your creativity is required. In the world of SMS spamming, many spammers face challenges with sendout issues. Those using SIMs and GSM to sendout often encounter SIMs that become inactive after sending a few hundred messages. Moreover, there are now numerous banned words that prevent your messages from being delivered. To overcome these obstacles, you must be creative, use proper English, and avoid the banned words (which I cannot specify as I do not know all of them). One effective approach is to use a letter that has previously been proven successful. Additionally, ensure that any links included in your letter are as short as possible. If the link is too long, consider using a URL shortener.
- Instead of cracking or obtaining a cracked cPanel, you can acquire a cracked WHM and create unlimited cPanels from it. However, this method is more challenging to crack or obtain.
- Creating a subdomain is necessary to avoid disrupting the activities of the legitimate panel owner on their main domain. Fortunately, the owner may not notice that you have created a subdomain.
- To avoid acquiring numerous low-limit SMTPs, consider cracking a few high-limit SMTPs and using justt one or two. For example, AWS SES (Amazon Web Services Simple Email Service) has a daily limit of up to 50,000 emails and boasts a good inbox rating. Japanese SMTPs are also worth considering.
By now, you should have a clear understanding of all the stages involved in obtaining your logs. With practice, you can improve your skills and discover better methods. However, it's important to note that spamming logs also involves cashing them out. A skilled spammer should know how to cash out their logs, depending on the banks they are targeting. There are various methods for cashing out, depending on the type of log (bank name and features) and the type of drop
So by now I believe know all stages involved in how to get your logs, by practising you improve your skills and know better ways. but spamming logs also got a thing to do w cashing it out, a good spammer should know how to cashout his logs (what banks to spam).
There are different ways to go bout that but it's a two way thing, first it depends on your type of log (bank name and features) and your type of drop (bank type and features).
Cashout methods range from:
ACH (most common) (Pull or push)
Wire transfer
Member to Member transfer (M2M common for credit unions)
DD
DDA
Bill Pay
Check
All these requires different types of logs and different types of drops as well as different types of access (email access or sim swap). You gon need quite an amt of research to know em all.
Wire transfers got a very high rate of success and almost instant reflection but you need lotta cash for sim swap (this post still assumes you ain't got a dime for that) and it's done from inside the log.
ACH on the other hand these days is a 50-50 kinda thing, but mostly credit unions are use as drops for ACH now. ACH pull is done from inside the drop while ACH push is done from inside the log, mostly takes 3-5 days reflection.
You send a check from inside the log to the bank address of your your drop w the details of your drop. Yea, almost like Bill Pay. So far folks recorded almost a 100% hit rate with no charge backs, it's a bank to bank thing (check goes from the bank physical address of your log, to the bank physical address of your drop then the bank of your drop makes the deposit for you). Not all logs got this feature though, just Wells and Huntington to mention a few.
Now there's check which requires sum lil skills:
+You get the log
+You get the check paper w the security features
+Get a check printer w the ink
+You need a premium check writer to fill details of log and drop in the check
+Send through dispatch to your head to deposit at the ATM (WC should be deposited at the ATM best, but you can MD also)
Aged drop best for a WC play, and it got a 90% hit rate, infact most spammers I know are diverting to this now.
Actual cost:
RDP ~$10
Private page (that delivers to telegram bot) ~$300
Domain ~$20
1mo Hosting ~$50
Leads generator and validator tool ~$100
Sendout Service ~$30/k minimum 5k
Although, there quite a number of spamming services that allows you to pay for subscription and they cover up some stages of spamming for you. For example there's strox, robin, nkp. Some host your page for you (meaning you don't gotta buy any page from anywhere just get a domain, leads and sendout) while some just let you use their page for a timeframe.
This is just to make you know what's what. And these are popular services on clearnet forums. but I do not guarantee or vouch for any of them.
