Lecturer BirdHorrible
[18:54:33] All beavers. We are waiting until 19: 05-19: 10 and start. Today we'll talk about brute
[19:09:20] Well, latecomers will get acquainted with the logs in the conference, well, we'll start
[19:09:40] Today we'll talk about brute. If someone doesn’t know, or has forgotten, let us remember what it is
[19:10:24] Brutus as a process is an enumeration of log pairs: a pass for validity to a certain service
[19:11:24] This process itself is quite primitive, for him we we need a login database: password, software for enumerating these lines, a proxy and a server on which we will do this
[19:11:34] Now a little more detail
[19:13:01] 1. Software. The script itself that iterates over your log: pass. It is bought at EXP, and anywhere. When buying, look at the reviews and, in general, the popularity of the coder. If they rarely buy from him, then most likely, with the first update of the authorization form in your shop / service, you will not see the update and the software will stop working
[19:16:07] 2. Proxy. Proxies are needed in order to brute-force multithreaded and get high-quality checkmate. The fact is that when going through a dozen invalid combinations, the antifraud of the shop will throw this ip into the stop list, usually for a couple of days. Therefore, it will not be possible to brute force on one ip. Buys a proxy for his service, choosing individually. For some kind of shop from the ass of the Google index, an ordinary "proxy list" bought for $ 1 or assembled by yourself will do. Services like eBay, Amazon, PayPal need high-quality, expensive proxies. The less they are heard, the better. Never ask potmow on what proxies who works, and don't give your services to anyone. More people - worse quality
[19:18:24] 3. Base. Databases are merged combinations of login: password from the database of sites, forums, shops. According to the criteria, there is a difference only in their geographic location, validity (the percentage of combinations that can be sent to the holder's mail) and privacy (how often combinations from your name have come across in others)
[19:21:34] 4. Server. In this case, this is not some super-complicated tool, but an ordinary rdp with server Windows, which can plow for days. It is bought for specific needs, like a proxy. If you brute through a proxy, then you can take in relatively white places, where they are usually taken for hosting sites, etc. If you are going to brute force directly, such as brute Dedicated Server, then it is better to take on such hosting services that do not care about complaints from various organizations
[19:21:52] Now, according to the work itself
[19:23:11] Brutus accounts are sold all over the darknet, you can also get them yourself by harnessing them. But the juice itself, if you yourself found a service friendly with brutus, ordered software for it and swing it into one person.
[19:25:51] For a check, everything is extremely simple, we go to the shop, taking with us the data from any CC, you can even from the generator, register the account to the left mail, make a "purchase" by clicking the "remember card" checkbox. Next, we clean the history, cookies, change the ip and go with our username and password to this site for the second time. We are trying to buy something with only a login with a password. If the shop does not ask you for CVV, and the second order falls into processing, you can order brute for this site
[19:27:07] You can beat from a brute in several main ways - directly to the middle / drop or to the holder, followed by a pickup / redirect
[19:28:14] In the first case, the chances that the shop will send something, less, but the costs are also reduced
[19:28:55] In the second, the costs are higher, but many send to the cardholder address from a good account. True, then it will not be possible to stop everything, but these are nuances
[19:29:14] In order for our chances to increase, we can:
[19:30:39] 1. Beat without changing the name of cardholder. The long-suffering eBay was on fire for almost a year. Just put the drop address, leave the name the same and try to beat. Drops are almost always accepted for fake ID and they do not care what name will be on the package. Use this, the palette will be less
[19:32:10] 2. Hit the living drop as close as possible. Shops trust orders that go to addresses located near the holder's billing address. But the chance that along with the pack the holder will come to the drop along with the cops also increases
[19:32:31] 3. Beat a small order, and after sending the first one, sizzle a large
[19:33:13] In this case, for the first time, the shop can skip a trifle, and the second time it will see that the staff has already left for this address and there have been no problems yet
[19:33:51] But due to due to the fact that there are a lot of all sorts of notifications, by the second order the account may already die, or the holder will block the means of payment
[19:37:30] 4. Trying to keep an account with a changed address. In this case, you will have a better chance of getting your pack if an inexperienced manager looks at the order and account. Usually, the addresses are changed immediately and this is suspicious, and the change a week ago may not be noticed. And as a bonus, often even before you appear on such accounts, holders enter them and hiss something to you without looking at their address. In the middle, from which the necessary staff left a long time ago, for another 3 months, any junk usually comes from inattentive account owners :-D
[19:38:50] 5. If you hit in the middle, distort the addresses as much as possible, shorten, write a suite instead of the box number, break it (instead 1234566, write 12/23/566), in the middle it will understand who exactly, and the shop may not make out the addresses
[19:39:39] Also, look at the "chips" of the shops. For example, one popular shop did not send staff from
[19:39:43] blah)
[19:40:34] One popular shop did not send staff from brut, but the order itself passed. It was possible to place a ref on such orders, on the balance of the account, and from this balance it was already possible to buy Gift in the shop
[19:40:58] In another, the balance could be transferred and spent in the partner store
[19:41: 19] They were unhappy in one shop, and the second shop did not quite know about the origin of money
[19:42:47] Also, when sending the staff to another address, you can try to leave the name of the holder, so that in case of anything, write to the support that you sent it for your son / daughter / mother
[19:44:29] And also, in some shops there is insurance in case you entered the wrong address. Until the moment the pack is sent, the address can be changed. Use this if the shop processes your order right away. Then the processing will not look so fraudulent and may not be processed manually by the manager.
[19:45:20] Now for the accounts themselves. There are actually 2 main types of them, accounts with cards (acc + CC) and with a PayPal (acc + PP)
[19:46:23] The difference between them is big. If on an account with CC you can be hindered mainly by antifraud shop, validity and balance with a card, then in the case of a linked PP account, in addition to the above, your PayPal antifraud will have to be defeated
[19:47:35] when paying with a PP, it does not ask to log in, orders fly like clockwork. Well, if the shop is heard, there you need to be able to work with the PP, because its brutal problems will constantly come up
[19:48:19] Well, briefly about what to do if the order has passed and you need to get the staff
[19:48 : 54] We need to limit the holder as much as possible from the information that someone bought something at his expense
[19:51:40] For this, we change all the data on automatic communication, mail, phones in the brute account, unlink Facebook accounts, etc. There is an interesting trick with mail, it works in few places, but there is still room. Try changing it twice in a row as a test. On eBay, this rolled. When you change the cardholder mail for the first time to your own, a link is sent to his mail, by which you can roll back the changes and return access. If you change twice, then the same link arrives at your first mail, and the link on the mail at cardholder stops working
[19:52:23] See the contact details not only in the shipping info, but also in the billing, which is usually forgotten, there is almost always the cardholder number and often his mail
[19:53:44] By spam mail I will say my IMHO - a useless thing. If cardholder is "modern", then he will already receive a bunch of push notifications to his iPhone, and if the old grandmother, then she will have several thousand advertising spam in her mail without us, against the background of which she will not see your messages anyway
[19: 54:10] This concludes the lecture block itself, smoke break for 5 minutes and go through the block of questions.
[19:59:26] Any questions?)
[19:59:50] <kkkkk> The question is rather to the rest of the participants.
What do you need to get access to the sphere? It seems to be how to contact the mans, but I did not find any information on this in the conference. can be in PM))
[20:00:55] Yes, rather to the others, because I don't know. Now I’ll ask the lecturers, can they tell
me [20:01:34] <Lektor186> And in the stick, will it be possible to change the data? Phone, mail, etc.
[20:02:38] Lektor186: no, now we were talking about brute shops and various services. There will be a separate lecture on brute PP, everything is more complicated there
[20:03:32] <Camo> will or was there?
[20:04:13] <Camo> we already had a lecture on how to work with logs and brute nn
[20:04:20] <prt> Ie now we mainly considered eBay + CC / nn?
[20:04:26] It may have already been,
[20:05:06] It's better not to consider eBay at all, he is rather dead than alive. There are a lot of shops with gear, electronics, accounts of which are sold in shops
[20:08:18] <prt> Are you dead everywhere? gb? eu?
[20:10:28] Well, not so much that his mortal body has completely decayed, but it is already rotting. Themes on eBay do not last long, there is no stability at all, there are no "givers" and "no givers" in the countries either. In some places, something works, someone drags a trifle, but I haven't seen guys with large orders and normal topics for a long time
[20:12:25] How profitable is it to brute yourself? or is it easier at the first stages not to do it (for a beginner)
[20:14:26] It's easier not to study. Independent brute is relevant if you brute private service, or you need a lot of accounts to work
[20:15:57] <Compass> Is it difficult to get high-quality Dedicated servers? How is this activity different?
[20:17:11] Differs. Brutus is a whole industry. The software is expensive, the servers are even more expensive, you need to have a good password database, which is very expensive.
[20:17:39] Well, that's if we talk about quality. Someone is brutalizing on his knees, but there is neither quality nor quantity
[20:24:24] I think that he will answer all the current questions, since they are not asked any more. If anything, write on the forum, I will answer there ;-)
Lecturer:
Hello everyone
Today I will have a lecturer
lecture we have to work with brute accounts of different shops
for those who have no idea what Brutus:
Brutus - The process of sorting login combinations: the password to gain access to any or service (shopping, bank, toy, etc.) A brute account is actually a successful result of brute force work (programs for brute force) in the form of a valid login: password combination for a specific resource
What do we need to start brute force?
The software itself, databases of the form login: password, proxy and server on which the whole thing will stand
Now I will dwell on each of the points and tell you what is what
Software for brutus, aka Brutus, aka Checker - software that searches through combinations of login : a password for a specific service, there are also those that check for several services at once, but now you are unlikely to find
such software Such software can be bought or ordered on any shadow forum, the cost starts from a couple of hundred rubles and can end in an amount of several thousand dollars, depending on on the complexity (availability of protections, captcha, etc.) of the site that you want to brute.
Next, in order, we have the Bases.
Bases - a set of combinations login: password. Extracted by leaking Databases from vulnerable sites using SQL injection or some other means.
After extraction, the databases look like a set of incomprehensible symbols (hashes), which are then run through decryptors and are already sold to us. When buying or selling databases, there are several criteria by which their quality is assessed and whether they suit us or not.
Among these criteria are the following:
Valid , it is also Validity - the percentage of login: password combinations with which you can get to the cardholder mail.
Private or Privacy -% indicator of unique combinations of login: password that have not been previously seen in public access. Determined by a special software, so called AntiPablic
Geo - defines belonging to a particular region / country. It happens, for example, Asia, USA, MUR (CIS), MIX (All in a row), etc.
Bases, like software, can be purchased on shadow platforms / forums. There are a huge number of bases and the price for them varies greatly depending on the criteria and not only.
Next we have Proxies - this is a combination of ip: port, used in brute to replace ip when connecting to sites and not only. This is a very important thing, as they help us bypass IP blocking. Many sites block IPs after several unsuccessful attempts to log into one or another account. For example, I use stormproxies for brute and other tasks. There is also a huge number of different services with different quality and prices, for example proxyrack, bestproxies, topproxies, awmproxy and many others. Prices can also start from several hundred rubles a month, up to several hundred dollars.
We came to the last moment necessary for a brutus:
The server is actually a remote computer, basically Windows servers are used, to which you connect via RDP, we need it firstly for the smooth operation of the software, and secondly to increase our anonymity. Servers for brute are needed not entirely weak, but at least from 2 dedicated cores and 4 RAM, which makes them more powerful in general
. We finished with the first block.
I hope I have clearly explained what brute is and what is needed for it.
In the next block, we will consider in more detail how to work with brute shop accounts, i.e. in general, we will touch on this topic in the context of clothing carding, and brute BA and services with cryptocurrency, etc. this is a completely different story and a different level
Mainly for hammering with Brutus used accounts with attachment to them cards or accounts on which there is an internal balance of a shop
There are certainly accounts with attachment of AD or PP, but with them you have a probability of 99% did not fuck, I do not advise to even look at their side.
First of all, we will consider working with linked cards.
Conventionally, there are two options for working:
Driving directly onto the drop or in the middle
Driving into the address of the cardholder, followed by a reroute or pickup
Driving directly into the drop - very rarely ends with success when working with brute accounts, often asks for CVV or the full card number, which of course we will not have. There are shops in which this information is not requested when changing, if you find one, then we are happy and try to work on it. By the way, there are quite a few of them. But this does not negate the fact that your purchase may be freaked out. After all, the account was entered from 3 different IPs, i.e. cardholder itself, software for brute and us personally + the address changes to everything, which also adds fraud points.
Driving cardholder to the address followed by re-rooting - with such a carding, we are less fraudulent, since we do not change the cardholder address to our own, respectively, the chance of canceling the order is several times less. But before driving in, you should definitely pay attention to which postal service the shop is sending, if, of course, such information is indicated. Since the shop can be corny, it can be sent by the service that is impossible to return or with which it will be very difficult to pick up our pack. I think you don't need to explain what a pick-up is and a pickup at the last lecture)
By the way, speaking of Gift, forget it. The chance that you will add a gift with a brute account tends to 0.
It is also worth mentioning that when working with brute accounts, orders are often canceled not so much by the shops as by the CHs themselves.
Because they receive notifications by mail or in the applications of the shop / bank. Therefore, do not get very upset about failures, checkmate (brute accounts) is quite a cheap thing, especially if you get them yourself.
Purchased accounts with linked DCs usually cost 1-2 dollars, you must agree, this is much cheaper than buying a DC separately for driving.
But I still recommend that you get the mate yourself.
About warming up when working with linked CCs - you should not especially warm up the shop when working with brut, you will only waste your time.
Since the material is cheap and there is a lot of it, you can safely go through accounts and some of them will 100% go
Of course, walking around the shop at least 1-3 minutes before driving in, looking at some kind of product and adding it to the basket - nothing without it
I told about working with attached cards, there is absolutely nothing complicated about it.
No more system settings, etc. also not needed. Sphere + sock for the country of KX, and if you parsed ZIP, then closer to ZIP and drove
Now I'll tell you about a sweeter one, which I personally prefer)
This is work with accounts that have a balance in the shop
There are 2 huge advantages when working with such accounts :
95% of shops absolutely do not fraud orders made from balances
It comes out of the first plus - we can safely change the address for a drop or even in the middle and are not afraid that the shop will cancel it, since again 95% of shops do not fraud and do not check such orders.
There is one more small plus - in fact, you can beat even without socks, using a regular VPN for the country of cardholder. I'm not kidding
You can do without a sphere) Turn on incognito in any browser, turn on vpn and drive it)
Of course, some shops can burn this, but the chance of this is minimal. Nevertheless, I still recommend using socks, at least the same 911 and the sphere, so as not to repeat the iron and prints from hammer to hammer.
Of the small cons:
you can not beat Gift from the balance, never did not see such an opportunity,
there are much fewer such shops than shops in which there are linked cts, but nevertheless there are not a few of them, so look for it.
I personally prefer the option of working with balances.
I find a shop (google -> register an account -> see if there is a balance system in the shop)
I turn to coders and order software
Bases for such shops I even take a public one because very few people are engaged in brutal balances - why
I fuck it until
I'm blue in the face) So, well, like I told all you wanted
You can ask questions
The only request, if you saw that I have already answered a question similar to yours - do not ask it again
goodman
Share a couple of shops with the ability to keep
money on the balance sheet) For shops, it is of course to give your bread, but I can say 1-2
zalando of
different countries
and john lewis, for example,
this is a
UK shop user80
And coders are also possible
On coders, I can not advise anyone, unfortunately
With this there is always a bit of a problem - they are amateurs swell op step narcotrip that even more often
so I will not someone to recommend
can find coders as well as on our forums and on bhfili Experi-
temporary
validity of the database - as a percentage of how much can be considered, what is normal? how much do bases usually cost? coder services? under each shop it turns out it is necessary to order the brutal software?
When buying valid databases 80 +% this is already good validity
The cost of databases varies greatly
From a few dollars for a conditional Mix not coined for valid to several hundred dollars (maybe even thousands) for some specific country with high validity,
and yes, for each shop you need brute software, it is true that the
services of coders also depend on the shop
from 1,500 rubles conditionally and ad infinitum
temporary
cost of software? on average,
well, on average, if not a complicated shop, then $ 50-100
izolenta
How can you avoid fraudulent orders? Do not understand a little bit. We have to eat cookies and all that. Then how will such orders be bypassed? Do not understand a little bit
temporary
I think, since the acc has been secured, it means that everything has been registered for a long time and KX walked for us on the site, and af is not looking at him that way, maybe?
Are you talking about driving off the balance sheet?
Even amazon to drive in from the balance is much easier
We do not use a card for driving in
And the address should not be the same as the rest The
money is already on the account of the shop
and it is, in principle, purple
You can search for sale brute accounts of the same zelando,
for example, the German one,
take 2- 3 accounts
enter them using a regular browser + vpn
and try to drive in you
will be very surprised)
izolenta
None of the lecturers finally said where to start.
Didn't I?
In my personal opinion, brute is one of the cheapest options for starting
and at the same time one of the most effective of
course you will not immediately rake in huge amounts,
but even a couple of driving in a month for small amounts, this will be a good result for a start
yarah
will the anti fraud find it a problem that we change the address to the drop instead of the normal card holder's address?
if you mean when you work with cracked accounts + cc = yes, but if you mean cracked accounts with balance, for ex. Zalando = no
temporary is
not entirely clear about the general progress of work. what do you find first, point by point, you can from and to, albeit briefly?
We find a shop. To do this, we use corny Google for any request you are interested in.
Registering an account in the shop
We examine the entire personal account and try to find signs that there is a balance in the shop. Of course, on self-registration it will be 0. A small hint: often if a shop has its own Gifts, then it also has an internal balance.
If there is a balance, we order a brute. We select a base for the country. And we start work. If there is no balance, we are looking for another shop and repeat the steps.
if, of course, we are talking about working with balance (which I prefer)
well, then it's up to little
yarah
so what I understand:
get brutus software
buy database
use program to find the valid accounts
buy socks
login inside accounts
warm up for couple of minutes
enter shipping, send item to drop
yes something like that
user80
Question by country for work. Is it USA or Europe?
I prefer Europe
Since we have our own drops, etc.
But it may well be USA and even conditional Asia
goldenbaum
you can hypothetically compare the extraction of a log from the desired shop by a stealer or go the same way and get the password from the same accounts
No, these are different things.
Logs will still be better
They have cookies, access to mail, respectively, etc.
Brutus this is a little different. Here we select a conditionally correct combination of login and password to the shop and get into it while we do not have any other access by mail type and there are no cookies in general.
yarah
do you prefer this way more than the normal: VM + socks + CC from CC shop + warmup 30 minutes + re route? especially forus beginners?
Is the success rate higher?
yes i can recommend it for beginners
and from my experience success rate higher, right
temporary
if Europe, then a lot of drops?
in us I think it's better with it in us with drops it is much better, but I have my own business, so I have my own drops. But in general, there are enough drop services in EU.
[18:54:33] All beavers. We are waiting until 19: 05-19: 10 and start. Today we'll talk about brute
[19:09:20] Well, latecomers will get acquainted with the logs in the conference, well, we'll start
[19:09:40] Today we'll talk about brute. If someone doesn’t know, or has forgotten, let us remember what it is
[19:10:24] Brutus as a process is an enumeration of log pairs: a pass for validity to a certain service
[19:11:24] This process itself is quite primitive, for him we we need a login database: password, software for enumerating these lines, a proxy and a server on which we will do this
[19:11:34] Now a little more detail
[19:13:01] 1. Software. The script itself that iterates over your log: pass. It is bought at EXP, and anywhere. When buying, look at the reviews and, in general, the popularity of the coder. If they rarely buy from him, then most likely, with the first update of the authorization form in your shop / service, you will not see the update and the software will stop working
[19:16:07] 2. Proxy. Proxies are needed in order to brute-force multithreaded and get high-quality checkmate. The fact is that when going through a dozen invalid combinations, the antifraud of the shop will throw this ip into the stop list, usually for a couple of days. Therefore, it will not be possible to brute force on one ip. Buys a proxy for his service, choosing individually. For some kind of shop from the ass of the Google index, an ordinary "proxy list" bought for $ 1 or assembled by yourself will do. Services like eBay, Amazon, PayPal need high-quality, expensive proxies. The less they are heard, the better. Never ask potmow on what proxies who works, and don't give your services to anyone. More people - worse quality
[19:18:24] 3. Base. Databases are merged combinations of login: password from the database of sites, forums, shops. According to the criteria, there is a difference only in their geographic location, validity (the percentage of combinations that can be sent to the holder's mail) and privacy (how often combinations from your name have come across in others)
[19:21:34] 4. Server. In this case, this is not some super-complicated tool, but an ordinary rdp with server Windows, which can plow for days. It is bought for specific needs, like a proxy. If you brute through a proxy, then you can take in relatively white places, where they are usually taken for hosting sites, etc. If you are going to brute force directly, such as brute Dedicated Server, then it is better to take on such hosting services that do not care about complaints from various organizations
[19:21:52] Now, according to the work itself
[19:23:11] Brutus accounts are sold all over the darknet, you can also get them yourself by harnessing them. But the juice itself, if you yourself found a service friendly with brutus, ordered software for it and swing it into one person.
[19:25:51] For a check, everything is extremely simple, we go to the shop, taking with us the data from any CC, you can even from the generator, register the account to the left mail, make a "purchase" by clicking the "remember card" checkbox. Next, we clean the history, cookies, change the ip and go with our username and password to this site for the second time. We are trying to buy something with only a login with a password. If the shop does not ask you for CVV, and the second order falls into processing, you can order brute for this site
[19:27:07] You can beat from a brute in several main ways - directly to the middle / drop or to the holder, followed by a pickup / redirect
[19:28:14] In the first case, the chances that the shop will send something, less, but the costs are also reduced
[19:28:55] In the second, the costs are higher, but many send to the cardholder address from a good account. True, then it will not be possible to stop everything, but these are nuances
[19:29:14] In order for our chances to increase, we can:
[19:30:39] 1. Beat without changing the name of cardholder. The long-suffering eBay was on fire for almost a year. Just put the drop address, leave the name the same and try to beat. Drops are almost always accepted for fake ID and they do not care what name will be on the package. Use this, the palette will be less
[19:32:10] 2. Hit the living drop as close as possible. Shops trust orders that go to addresses located near the holder's billing address. But the chance that along with the pack the holder will come to the drop along with the cops also increases
[19:32:31] 3. Beat a small order, and after sending the first one, sizzle a large
[19:33:13] In this case, for the first time, the shop can skip a trifle, and the second time it will see that the staff has already left for this address and there have been no problems yet
[19:33:51] But due to due to the fact that there are a lot of all sorts of notifications, by the second order the account may already die, or the holder will block the means of payment
[19:37:30] 4. Trying to keep an account with a changed address. In this case, you will have a better chance of getting your pack if an inexperienced manager looks at the order and account. Usually, the addresses are changed immediately and this is suspicious, and the change a week ago may not be noticed. And as a bonus, often even before you appear on such accounts, holders enter them and hiss something to you without looking at their address. In the middle, from which the necessary staff left a long time ago, for another 3 months, any junk usually comes from inattentive account owners :-D
[19:38:50] 5. If you hit in the middle, distort the addresses as much as possible, shorten, write a suite instead of the box number, break it (instead 1234566, write 12/23/566), in the middle it will understand who exactly, and the shop may not make out the addresses
[19:39:39] Also, look at the "chips" of the shops. For example, one popular shop did not send staff from
[19:39:43] blah)
[19:40:34] One popular shop did not send staff from brut, but the order itself passed. It was possible to place a ref on such orders, on the balance of the account, and from this balance it was already possible to buy Gift in the shop
[19:40:58] In another, the balance could be transferred and spent in the partner store
[19:41: 19] They were unhappy in one shop, and the second shop did not quite know about the origin of money
[19:42:47] Also, when sending the staff to another address, you can try to leave the name of the holder, so that in case of anything, write to the support that you sent it for your son / daughter / mother
[19:44:29] And also, in some shops there is insurance in case you entered the wrong address. Until the moment the pack is sent, the address can be changed. Use this if the shop processes your order right away. Then the processing will not look so fraudulent and may not be processed manually by the manager.
[19:45:20] Now for the accounts themselves. There are actually 2 main types of them, accounts with cards (acc + CC) and with a PayPal (acc + PP)
[19:46:23] The difference between them is big. If on an account with CC you can be hindered mainly by antifraud shop, validity and balance with a card, then in the case of a linked PP account, in addition to the above, your PayPal antifraud will have to be defeated
[19:47:35] when paying with a PP, it does not ask to log in, orders fly like clockwork. Well, if the shop is heard, there you need to be able to work with the PP, because its brutal problems will constantly come up
[19:48:19] Well, briefly about what to do if the order has passed and you need to get the staff
[19:48 : 54] We need to limit the holder as much as possible from the information that someone bought something at his expense
[19:51:40] For this, we change all the data on automatic communication, mail, phones in the brute account, unlink Facebook accounts, etc. There is an interesting trick with mail, it works in few places, but there is still room. Try changing it twice in a row as a test. On eBay, this rolled. When you change the cardholder mail for the first time to your own, a link is sent to his mail, by which you can roll back the changes and return access. If you change twice, then the same link arrives at your first mail, and the link on the mail at cardholder stops working
[19:52:23] See the contact details not only in the shipping info, but also in the billing, which is usually forgotten, there is almost always the cardholder number and often his mail
[19:53:44] By spam mail I will say my IMHO - a useless thing. If cardholder is "modern", then he will already receive a bunch of push notifications to his iPhone, and if the old grandmother, then she will have several thousand advertising spam in her mail without us, against the background of which she will not see your messages anyway
[19: 54:10] This concludes the lecture block itself, smoke break for 5 minutes and go through the block of questions.
[19:59:26] Any questions?)
[19:59:50] <kkkkk> The question is rather to the rest of the participants.
What do you need to get access to the sphere? It seems to be how to contact the mans, but I did not find any information on this in the conference. can be in PM))
[20:00:55] Yes, rather to the others, because I don't know. Now I’ll ask the lecturers, can they tell
me [20:01:34] <Lektor186> And in the stick, will it be possible to change the data? Phone, mail, etc.
[20:02:38] Lektor186: no, now we were talking about brute shops and various services. There will be a separate lecture on brute PP, everything is more complicated there
[20:03:32] <Camo> will or was there?
[20:04:13] <Camo> we already had a lecture on how to work with logs and brute nn
[20:04:20] <prt> Ie now we mainly considered eBay + CC / nn?
[20:04:26] It may have already been,
[20:05:06] It's better not to consider eBay at all, he is rather dead than alive. There are a lot of shops with gear, electronics, accounts of which are sold in shops
[20:08:18] <prt> Are you dead everywhere? gb? eu?
[20:10:28] Well, not so much that his mortal body has completely decayed, but it is already rotting. Themes on eBay do not last long, there is no stability at all, there are no "givers" and "no givers" in the countries either. In some places, something works, someone drags a trifle, but I haven't seen guys with large orders and normal topics for a long time
[20:12:25] How profitable is it to brute yourself? or is it easier at the first stages not to do it (for a beginner)
[20:14:26] It's easier not to study. Independent brute is relevant if you brute private service, or you need a lot of accounts to work
[20:15:57] <Compass> Is it difficult to get high-quality Dedicated servers? How is this activity different?
[20:17:11] Differs. Brutus is a whole industry. The software is expensive, the servers are even more expensive, you need to have a good password database, which is very expensive.
[20:17:39] Well, that's if we talk about quality. Someone is brutalizing on his knees, but there is neither quality nor quantity
[20:24:24] I think that he will answer all the current questions, since they are not asked any more. If anything, write on the forum, I will answer there ;-)
Lecturer:
Hello everyone
Today I will have a lecturer
lecture we have to work with brute accounts of different shops
for those who have no idea what Brutus:
Brutus - The process of sorting login combinations: the password to gain access to any or service (shopping, bank, toy, etc.) A brute account is actually a successful result of brute force work (programs for brute force) in the form of a valid login: password combination for a specific resource
What do we need to start brute force?
The software itself, databases of the form login: password, proxy and server on which the whole thing will stand
Now I will dwell on each of the points and tell you what is what
Software for brutus, aka Brutus, aka Checker - software that searches through combinations of login : a password for a specific service, there are also those that check for several services at once, but now you are unlikely to find
such software Such software can be bought or ordered on any shadow forum, the cost starts from a couple of hundred rubles and can end in an amount of several thousand dollars, depending on on the complexity (availability of protections, captcha, etc.) of the site that you want to brute.
Next, in order, we have the Bases.
Bases - a set of combinations login: password. Extracted by leaking Databases from vulnerable sites using SQL injection or some other means.
After extraction, the databases look like a set of incomprehensible symbols (hashes), which are then run through decryptors and are already sold to us. When buying or selling databases, there are several criteria by which their quality is assessed and whether they suit us or not.
Among these criteria are the following:
Valid , it is also Validity - the percentage of login: password combinations with which you can get to the cardholder mail.
Private or Privacy -% indicator of unique combinations of login: password that have not been previously seen in public access. Determined by a special software, so called AntiPablic
Geo - defines belonging to a particular region / country. It happens, for example, Asia, USA, MUR (CIS), MIX (All in a row), etc.
Bases, like software, can be purchased on shadow platforms / forums. There are a huge number of bases and the price for them varies greatly depending on the criteria and not only.
Next we have Proxies - this is a combination of ip: port, used in brute to replace ip when connecting to sites and not only. This is a very important thing, as they help us bypass IP blocking. Many sites block IPs after several unsuccessful attempts to log into one or another account. For example, I use stormproxies for brute and other tasks. There is also a huge number of different services with different quality and prices, for example proxyrack, bestproxies, topproxies, awmproxy and many others. Prices can also start from several hundred rubles a month, up to several hundred dollars.
We came to the last moment necessary for a brutus:
The server is actually a remote computer, basically Windows servers are used, to which you connect via RDP, we need it firstly for the smooth operation of the software, and secondly to increase our anonymity. Servers for brute are needed not entirely weak, but at least from 2 dedicated cores and 4 RAM, which makes them more powerful in general
. We finished with the first block.
I hope I have clearly explained what brute is and what is needed for it.
In the next block, we will consider in more detail how to work with brute shop accounts, i.e. in general, we will touch on this topic in the context of clothing carding, and brute BA and services with cryptocurrency, etc. this is a completely different story and a different level
Mainly for hammering with Brutus used accounts with attachment to them cards or accounts on which there is an internal balance of a shop
There are certainly accounts with attachment of AD or PP, but with them you have a probability of 99% did not fuck, I do not advise to even look at their side.
First of all, we will consider working with linked cards.
Conventionally, there are two options for working:
Driving directly onto the drop or in the middle
Driving into the address of the cardholder, followed by a reroute or pickup
Driving directly into the drop - very rarely ends with success when working with brute accounts, often asks for CVV or the full card number, which of course we will not have. There are shops in which this information is not requested when changing, if you find one, then we are happy and try to work on it. By the way, there are quite a few of them. But this does not negate the fact that your purchase may be freaked out. After all, the account was entered from 3 different IPs, i.e. cardholder itself, software for brute and us personally + the address changes to everything, which also adds fraud points.
Driving cardholder to the address followed by re-rooting - with such a carding, we are less fraudulent, since we do not change the cardholder address to our own, respectively, the chance of canceling the order is several times less. But before driving in, you should definitely pay attention to which postal service the shop is sending, if, of course, such information is indicated. Since the shop can be corny, it can be sent by the service that is impossible to return or with which it will be very difficult to pick up our pack. I think you don't need to explain what a pick-up is and a pickup at the last lecture)
By the way, speaking of Gift, forget it. The chance that you will add a gift with a brute account tends to 0.
It is also worth mentioning that when working with brute accounts, orders are often canceled not so much by the shops as by the CHs themselves.
Because they receive notifications by mail or in the applications of the shop / bank. Therefore, do not get very upset about failures, checkmate (brute accounts) is quite a cheap thing, especially if you get them yourself.
Purchased accounts with linked DCs usually cost 1-2 dollars, you must agree, this is much cheaper than buying a DC separately for driving.
But I still recommend that you get the mate yourself.
About warming up when working with linked CCs - you should not especially warm up the shop when working with brut, you will only waste your time.
Since the material is cheap and there is a lot of it, you can safely go through accounts and some of them will 100% go
Of course, walking around the shop at least 1-3 minutes before driving in, looking at some kind of product and adding it to the basket - nothing without it
I told about working with attached cards, there is absolutely nothing complicated about it.
No more system settings, etc. also not needed. Sphere + sock for the country of KX, and if you parsed ZIP, then closer to ZIP and drove
Now I'll tell you about a sweeter one, which I personally prefer)
This is work with accounts that have a balance in the shop
There are 2 huge advantages when working with such accounts :
95% of shops absolutely do not fraud orders made from balances
It comes out of the first plus - we can safely change the address for a drop or even in the middle and are not afraid that the shop will cancel it, since again 95% of shops do not fraud and do not check such orders.
There is one more small plus - in fact, you can beat even without socks, using a regular VPN for the country of cardholder. I'm not kidding
You can do without a sphere) Turn on incognito in any browser, turn on vpn and drive it)
Of course, some shops can burn this, but the chance of this is minimal. Nevertheless, I still recommend using socks, at least the same 911 and the sphere, so as not to repeat the iron and prints from hammer to hammer.
Of the small cons:
you can not beat Gift from the balance, never did not see such an opportunity,
there are much fewer such shops than shops in which there are linked cts, but nevertheless there are not a few of them, so look for it.
I personally prefer the option of working with balances.
I find a shop (google -> register an account -> see if there is a balance system in the shop)
I turn to coders and order software
Bases for such shops I even take a public one because very few people are engaged in brutal balances - why
I fuck it until
I'm blue in the face) So, well, like I told all you wanted
You can ask questions
The only request, if you saw that I have already answered a question similar to yours - do not ask it again
goodman
Share a couple of shops with the ability to keep
money on the balance sheet) For shops, it is of course to give your bread, but I can say 1-2
zalando of
different countries
and john lewis, for example,
this is a
UK shop user80
And coders are also possible
On coders, I can not advise anyone, unfortunately
With this there is always a bit of a problem - they are amateurs swell op step narcotrip that even more often
so I will not someone to recommend
can find coders as well as on our forums and on bhfili Experi-
temporary
validity of the database - as a percentage of how much can be considered, what is normal? how much do bases usually cost? coder services? under each shop it turns out it is necessary to order the brutal software?
When buying valid databases 80 +% this is already good validity
The cost of databases varies greatly
From a few dollars for a conditional Mix not coined for valid to several hundred dollars (maybe even thousands) for some specific country with high validity,
and yes, for each shop you need brute software, it is true that the
services of coders also depend on the shop
from 1,500 rubles conditionally and ad infinitum
temporary
cost of software? on average,
well, on average, if not a complicated shop, then $ 50-100
izolenta
How can you avoid fraudulent orders? Do not understand a little bit. We have to eat cookies and all that. Then how will such orders be bypassed? Do not understand a little bit
temporary
I think, since the acc has been secured, it means that everything has been registered for a long time and KX walked for us on the site, and af is not looking at him that way, maybe?
Are you talking about driving off the balance sheet?
Even amazon to drive in from the balance is much easier
We do not use a card for driving in
And the address should not be the same as the rest The
money is already on the account of the shop
and it is, in principle, purple
You can search for sale brute accounts of the same zelando,
for example, the German one,
take 2- 3 accounts
enter them using a regular browser + vpn
and try to drive in you
will be very surprised)
izolenta
None of the lecturers finally said where to start.
Didn't I?
In my personal opinion, brute is one of the cheapest options for starting
and at the same time one of the most effective of
course you will not immediately rake in huge amounts,
but even a couple of driving in a month for small amounts, this will be a good result for a start
yarah
will the anti fraud find it a problem that we change the address to the drop instead of the normal card holder's address?
if you mean when you work with cracked accounts + cc = yes, but if you mean cracked accounts with balance, for ex. Zalando = no
temporary is
not entirely clear about the general progress of work. what do you find first, point by point, you can from and to, albeit briefly?
We find a shop. To do this, we use corny Google for any request you are interested in.
Registering an account in the shop
We examine the entire personal account and try to find signs that there is a balance in the shop. Of course, on self-registration it will be 0. A small hint: often if a shop has its own Gifts, then it also has an internal balance.
If there is a balance, we order a brute. We select a base for the country. And we start work. If there is no balance, we are looking for another shop and repeat the steps.
if, of course, we are talking about working with balance (which I prefer)
well, then it's up to little
yarah
so what I understand:
get brutus software
buy database
use program to find the valid accounts
buy socks
login inside accounts
warm up for couple of minutes
enter shipping, send item to drop
yes something like that
user80
Question by country for work. Is it USA or Europe?
I prefer Europe
Since we have our own drops, etc.
But it may well be USA and even conditional Asia
goldenbaum
you can hypothetically compare the extraction of a log from the desired shop by a stealer or go the same way and get the password from the same accounts
No, these are different things.
Logs will still be better
They have cookies, access to mail, respectively, etc.
Brutus this is a little different. Here we select a conditionally correct combination of login and password to the shop and get into it while we do not have any other access by mail type and there are no cookies in general.
yarah
do you prefer this way more than the normal: VM + socks + CC from CC shop + warmup 30 minutes + re route? especially forus beginners?
Is the success rate higher?
yes i can recommend it for beginners
and from my experience success rate higher, right
temporary
if Europe, then a lot of drops?
in us I think it's better with it in us with drops it is much better, but I have my own business, so I have my own drops. But in general, there are enough drop services in EU.