Leaderboard

View Advert EMV SKIMMER EMV SKIMMER IS A DEVICE THAT’S PLACED INSIDE THE ATM OR POS. EMV SKIMMER INTERCEPT COMMUNICATIONS BETWEEN THE CHIP CARD AND THE CHIP CARD READER FROM ATM OR POS. EMV SKIMMER WILL RECORD THE CREDIT CARD INFORMATION, IN THAT WAY THE CREDIT CARD INFORMATION WILL BE STOLEN. EMV SKIMMER IS A DEVICE THAT’S PLACED INSIDE THE ATM OR POS TO INTERCEPT COMMUNICATIONS BETWEEN THE CHIP CARD AND THE CHIP CARD READER FROM ATM OR POS AND RECORD THE CREDIT CARD INFORMATION, IN THAT WAY THE CREDIT CARD INFORMATION WILL BE STOLEN. Emv Skimmer is a device that’s placed inside the ATM or POS to intercept communications and record the credit card between the the chip card and the chip reader from ATM or POS, in that way all the credit card information are stolen. You will have fast and easy track 1, track 2 and the pin from all the credit card’s that use those ATM or POS. You can download the information from the Emv Skimmer by connecting your phone or laptop by bluetooth to the Emv Skimmer. EMV SKIMMER DEVICE like this can not only read the cardholder data from the chip, but it can also intercept the PIN. EMV SKIMMER DEVICE creates a copy of the original card, including all standard authentication SDA-Static Data Authentication, DDA- Dynamic Data Authentication, the CDA-Combined Data Authentication. With our EMV SKIMMER DEVICE you can get all credit card information very easy from any ATM or POS. With EMV SKIMMER DEVICE you can get track 1 + 2 + Pin. Advertiser MenSkim Date 11/17/2021 Price $1,600.00 Category Carding equipment  

View Advert DEFENSOR ID a stealthy Android banking Trojan - Source Code ☢️ Dissecting DEFENSOR: a stealthy Android banking malware #android#apps#malware#mobile Android malware apps are nothing new, but this one is of particular interest in how it implements no such functionality that can be readily detected by security products. The apps named DEFENSOR ID and Defensor Digital rely mainly on Android's Accessibility Service to conduct malicious activities, and go undetected. In fact, a blog post released May 22nd 2020 by malware researcher Lukas Stefanko of ESET states, "the banking trojan was available on Google Play at the time of the analysis. The app is fitted with standard information-stealing capabilities; however, this banker is exceptionally insidious in that after installation it requires a single action from the victim – enable Android’s Accessibility Service – to fully unleash the app’s malicious functionality." The blog post also demonstrates at the time of its inception, no antivirus engine detected this malware sample. Even today, only 5-6 detection engines are flagging these two apps, according to VirusTotal. This raises concern for the next iteration of malware that may be nothing but a slight modification of these apps. Android Accessibility Service To make smartphones more accessible to users with special needs, the Accessibility Service allows for the device to extend permissions to an app to read screen content (e.g. for providing text to speech synthesis capability). You can imagine how useful would such a functionality be to a malicious app. Existing detection models can reliably predict when certain combinations of permissions requested by an app may pose problems. But because the Defensor apps mainly relied on obtaining Accessibility Service permissions from the user, along with some other minimalistic ones, no red flags were raised anywhere. The permissions requested by the app include the following, of which the critical ones are highlighted: android.permission.INTERNET android.permission.SYSTEM_ALERT_WINDOW android.permission.BIND_ACCESSIBILITY_SERVICE com.secure.protect.world.permission.C2D_MESSAGE android.permission.ACCESS_NETWORK_STATE android.permission.FOREGROUND_SERVICE android.permission.REQUEST_DELETE_PACKAGES android.permission.SYSTEM_OVERLAY_WINDOW android.permission.WAKE_LOCK android.permission.WRITE_SETTINGS com.google.android.c2dm.permission.RECEIVE In practice, this means the app can capture credentials entered by the user on mobile banking apps, read or generate SMS messages, read emails, read Two-Factor Authentication (2FA) codes generated by authenticator apps — thereby bypassing 2FA, steal cryptocurrency private keys, and so on, and upload all of this vital information to an attacker-controlled server! The app also requests the WAKE_LOCK permission, letting it override the default screen timeout setting, and keeping the device turned on persistently. This would give malware an extended opportunity to launch other apps and to continuously capturing sensitive information. The screenshots provided by ESET demonstrate this behaviour: Indicators of Compromise (IOCs) To make things easy for the security community, malware researchers at ESET have thankfully provided two useful IOCs identifying the malicious apps that have now been yanked from the Google Play store. Package Name SHA-1 Hash SHA-256 Hash ESET detection name com.secure.protect.world F17AEBC741957AA21CFE7C7D7BAEC0900E863F61 BBFB6DEDC01492CA3AC0C4F77343A22162518B306660E9CE958F2A6369FFAF13 Android/Spy.BanBra.A com.brazil.android.free EA069A5C96DC1DB0715923EB68192FD325F3D3CE B5A64791728AA641838D2A478375F5D46F91C91B8DF0CDE34B21DDA2D4D7D8A1 Android/Spy.BanBra.A New information and my analysis ESET researchers have done a brilliant job of presenting their comprehensive analysis of these apps and their documented behaviour. Further to their report however, I'd like to add a bit of my own findings. Command & Control (C&C) domains The attacker controlled C&C domains are still up — well at least one of them, and that's problematic. Domain IP address Task empresasenegocios.online 132.148.42.16 Command & Control (C&C) atendimentoempresarial.digital 184.168.221.46 Command & Control (C&C) The URLs specifically used by the app to establish communication between the attacker-controlled server include: https://empresasenegocios.online/remoteControl/ https://empresasenegocios.online/remoteControl/api/main/index/ http://atendimentoempresarial.digital/remoteControl/api/main/index http://atendimentoempresarial.digital/remoteControl/ Interestingly, VirusTotal reports most antivirus engines are still not flagging these URLs, except for FortiNet which flags just one of the empresasenegocios.online URLs as phishing: Nevermind the fact, the empresasenegocios.online domain still has a fancy admin panel for the attackers to log into and glance over the juicy details of their victims 🍿: Here's also a preview of the API: And the domain continues to be hosted on GoDaddy's shared hosting, with its beautiful cPanel and WebMail interfaces accessible: empresasenegocios.online/cpanel: empresasenegocios.online/webmail: At least, atendimentoempresarial.digital domain has its GoDaddy parking page showing up for now. While that's no guarantee that the domain's malicious ownership or activities have ceased, so far there are no strong signs indicating ongoing activity either. The WHOIS records of these domains didn't reveal anything particularly interesting other than Sãu Paulo, Brazil addresses and phone numbers, which could very likely be fakes, along with two email addresses belonging to the anonymous ProtonMail service: appdados@protonmail.com and notificador@protonmail.com. The Takeaways Enforcing BYOD policies Because prominent antivirus engines are not detecting apps like these — even now, advice to "scan your mobile device" is futile. SOC analysts and Security Ops professionals are strongly advised to enforce a corporate mobile device policy which restricts employee access to Google Play app store on their work devices. Apps like these pose significant threats to an organization's secrets especially when an organization has a relaxed Bring Your Own Device (BYOD) policy, allowing for corporate email accounts to be accessible on an employee's personal mobile device (e.g. Gmail's Android app managing both personal and work accounts of a user would not be immune to attacks like these, and could easily infiltrate corporate trade secrets to malicious actors). Network monitoring and blocks Additionally, extensive network monitoring in your SIEM/EDR products should be setup for these servers, with network blocks implemented, given at least one of these domains is still active. That way, any device on your corporate network would be prevented from inadvertently making calls to these domains. Note: The IP addresses appear to belong to GoDaddy's shared hosting, therefore blocking these could potentially block legitimate websites. It is best to block the malicious domains for the time being. DEFENSOR ID and Defensor Digital were just two of the apps which have been identified and removed from the Play store, but given their stealthy behaviour, we do not know as of yet how many other apps might be using these servers or leveraging the Accessibility Service weakness. Advertiser xXGalvinPlaysXx Date 09/27/2022 Price $299.00 Category Carding equipment  

Hi! Nice to meet you all! :cool:

i need it thank you so much

Like for more! [hide]> Download <[/hide] > Virustotal < RAR Password: Isaac

Looking for this but hope its work. Thank you for sharing.

[hide] Combo: davidf76@cox.net:Sandiego1 Date: 6/29/2018 8:58:47 AM Total Charge: USD 15.00 Date: 6/27/2018 9:37:54 AM Total Charge: USD 10.00 Combo: gmcrocker@dcwisp.net:mel5rose Date: 1/5/2016 4:41:03 AM Total Charge: USD 0.01 [/hide]

Here is kind of a tutorial on how to write google dorks. With these dorks you get tons of GOOGLE HQ URLS! Vulnerable sites roll down easy with this tutorial. Don't waste time if you don't know what dorks are and how they work. Don't waste time if you don't have any experience with cracking. [hide] Okay, so if you are reading this I'm assuming you already know what are dorks and how they work. The dorks we are going to write programmers, web designers and other crackers call "GOOGLE DORKS", other people call them Complex or Deluxe dorks. Basically google dorks are dorks that abuse the power of google to get websites. Google dorks (Complex/deluxe dorks) are a bit different than the regular dorks we all know. Here is a regular dork: crackers.php?site= Here are a few examples of google dorks: Inurl: "crackesr" + ".to" allinurl: "crackers" + "kostrikov" related: "cracking" + "crackers" inurl: index.php?site= intext: "games" + site:com There is no easy way of making these than writing them. I recommend using Notepad++ to write them on. Download notepad++ : https://notepad-plus-plus.org/download/ First of all you need to know what you are looking for. Google dorks are a bit precise so you need to have a clear target. Let's say steam accounts. So now keywords. You don't use random bullshit that get to your mind, or use online keyword scrappers. You need to go on the site that mostly has what you are looking for (atm we will be writing dorks for steam so we will go on steampowered.com, steamcommunity.com, store.steamcommunity.com, some games on steam e.t.c.) You need to look around for some keywords in the URLs when you click around and also you need to look for some common keywords around the site. Write them down or something. Now let's start writing the dorks. Open up Notepad++ and start writing them. I won't go into detail on how to use the keyboard and shit (if u dont know that just shut down ur pc). Here are the commands u need: Inurl: Google will restrict the results to documents containing that word in the url. For instance, inurl: steamcommunity will return documents that mention the word “steamcommunity” in their url, anywhere in the document (url or no). Note there can be no space between if you put more words. (You can use + and "" to put more words, but if u need more just use allinurl) [align=center] allinurl: Same as inurl but here you can write more words, eg. allinurl: "steampowered" + ".com" .[/align] allintitle: Here you tell google to look for the word provided in the title. allintitle: steam site: Google will look for URLS containing specific site, eg. site:com --> will look only for sites containing .com related: Google will look for URLs related to the keyword you put in, eg. related: steam ---> will look for urls related to steam Here are some dorks I wrote for this tutorial: Inurl: steampowered allinurl: "steam" + "call of duty" index.php?game= intext: "wrong password" e.t.c. Good Luck Cracking BOIZ. [/hide] All suspected leecher messages will be reported. Don't leech.

Yo i'm Arkzyy, been in the cracking community since 2015 but took a break til this August so yea. Hope i'll learn more here cuz this looks good af lmao.

Thanks young man

Thank you.

Dope post.

Thank you for sharing

Nice Tools

thanks for it mate

very hot , thanks a lot

:heart: :heart: Thanks you

thank you for posting such a greateful and useful post as it is much appriciated also quick grab that socks boyy!!!!!!!11!!!1!

thanks :)

tHANKS YOU

Thank you sir!

Download Link [hide] here[/hide]

Thanks for your share ;)

huprape xd nice tool

working?

Looking forward to something cool for fortnite

let me check

merci

Thanks for config

who tf is florain

thanks

lol thanks wtf

Thanks Man

i will check it out

Thanks

Works fine for me, just you're pc don't blame it on the tool.

Thanks Sir <3

[hide] 18rujohax62:48wafevo61 Captured Keys: <------------> Subscriptions: College Rules <------------> ivanhoeshark:Orange187 Captured Keys: <------------> Subscriptions: BangBros <------------> beeri0max:p00pp00p Captured Keys: <------------> Subscriptions: Brandi Belle <------------> jojogreta1:bobby1 Captured Keys: <------------> Subscriptions: BangBros <------------> briguy1985:Brighton1 Captured Keys: <------------> Subscriptions: XXX Pawn <------------> xxfevergue:zzGFV9520 Captured Keys: <------------> Subscriptions #1: BangBros Subscriptions #2: Girls Gone Wild <------------> mikestro:fusion07 Captured Keys: <------------> Subscriptions: XXX Pawn <------------> marko9984:cooper99 Captured Keys: <------------> Subscriptions #1: BangBros Subscriptions #2: Busty Adventures Subscriptions #3: Brandi Belle Subscriptions #4: CFNM Show Subscriptions #5: College Rules Subscriptions #6: Culioneros Subscriptions #7: Dancing Bear Subscriptions #8: Haze Her Subscriptions #9: MyGF Subscriptions #10: Public Invasion <------------> 6rizukyz12:32nachot7 Captured Keys: <------------> Subscriptions: College Rules <------------> gerrysge2:medicus2 Captured Keys: <------------> Subscriptions: BangBros <------------> [/hide]

thanks

I dont know that App lets see if its known

thanks bro thanks

I am guessing you can't read.

thx

Mailflow, MailRefresher or MailRanger?

hasones@hotmail.com:SkylineR34 | Subscribed to = No Commercials,Live TV,"21" | sonandtorres@yahoo.com:1345andjj | Subscribed to = Live TV,"21" | genshuku@live.com:Gundam123 | Subscribed to = No Commercials,ShowTime,Live TV,"21",HBO,Cinemax | samanthaswatman1@yahoo.com:jeremiah | Subscribed to = Live TV,"21" | mr.geddon@yahoo.com:GeddoN123 | Subscribed to = Live TV,"21" | usgr13@msn.com:mirian86 | Subscribed to = Live TV,"21" | airvick@gmail.com:lrohvtmt | Subscribed to = No Commercials,Live TV,"21" | fuzzz56@aol.com:beantown | Subscribed to = Live TV,"21" | woody8806@yahoo.com:555655 | Subscribed to = Live TV,"21",HBO | sobeinthecity@hotmail.com:snare3 | Subscribed to = No Commercials,Live TV,"21" | pkemper54@aol.com:369afton | Subscribed to = Live TV,"21" | vshl@hotmail.com:nwo4life | Subscribed to = Live TV,"21" | drwoodoc@aol.com:wlm1717 | Subscribed to = Live TV,"21" | nwagner3@gmail.com:arakis | Subscribed to = No Commercials,Live TV,"21" | dave.c.jackson@gmail.com:jacks507 | Subscribed to = Live TV,"21" | scorn15@gmail.com:cutter68 | Subscribed to = Live TV,"21" | jwhite1959@cox.net:QUEEG54 | Subscribed to = No Commercials,ShowTime,Live TV,"21",HBO | kevin.prussia@gmail.com:howard | Subscribed to = No Commercials,Live TV,"21" | chadtr5@yahoo.com:gizmo5 | Subscribed to = Live TV,"21" |

Saw you have a "BurgerKing" config? What does it capture?

Thanks man

Thanks for this man!

begging to the lord this isnt made in selenium