Hi guys, let’s start with some easy terms that “Hacking credit cards is an illegal act, this is only informational post and I am not responsible for any actions done by you after reading this carding with kali linux tutorial. This post is for educational purposes only”, I don’t recommend to start carding after just reading this tutorial. Please guys first read all the basic of the carding, here is the full tutorial of what is carding? Next please understand post and cons of the carding as well as the laws applicable related to cybercrime in your country. If you have basic idea about carding we can start. Let’s begin with basic terminology. What is credit card? A credit card is a card issued by a financial company which enables the cardholder to borrow funds. The funds may be used as payment for goods and services. Issuance of credit cards has the condition that the cardholder will pay back the original, borrowed amount plus any additional agreed-upon charges. There are two types of Credit cards: Debit Card: Debit means you have a sum of amount in it and you can use them. Credit Card: Credit means you have a credit line limit like of $5000 and you can use them and by the end of month you have to pay it to bank. To use a credit card on internet you just not need cc number and expiry date but you also need many information such as: First name Last name Address City State Zip Country Phone CC number Expiry date CVV2 BINS = first 6 digit of every credit card is called BIN (for example cc number is: 4121638430101157 then its bin is 412163, I hope this is easy to understand. If you get that information you can use that to buy any good and services on internet, like software license, porn site membership, proxy membership, or anything (online services like webhosting, domains). If you want to make money through hacking then you also need to be very lucky. You need to have an exact bank and bin to get the cash. Now the question is how to make money through credit cards. It’s strange, well you can’t do that, but there is specific persons in world who can do that. They call themselves cashiers. You can take some time to find a reliable cashiers. Be sure cashiers are legit, because many cashiers are there which take your credit card and rip you off and don’t send your 50% share back. You can also find some cashiers on mIRC *( /server irc.unixirc.net:6667 ) channel : #cashout, #ccpower Well, check the website where you have list of bins and banks mostly 101% cashable. If you get the credit card of the same bank with same bin, then you can cashout otherwise not. Remember for using credit card on internet you don’t need ATM PIN. First method of sql injection and shopadmin hacking don’t provide with pins, it only give cc numb cvv2 and other info which usually need for shopping not for cashing. How to carding with kali linux Credit card CC can be carded by two ways: Credit Card Scams (usually used for earning money, some times for shopping) Credit Card Shopadmin Hacking (just for fun, knowledge, shopping on internet) Shopadmin Hacking This method is used for testing the knowledge or for getting the credit card for shopping on internet, or for fun, or any way but not for cashing ( because this method don’t give PIN – 4 digit passcode ) only gives cc numb , cvv2 and other basic info. Shopadmins are of different companies, like: VP-ASP , X CART, etc. This tutorial is for hacking VP-ASP SHOP. I hope you seen whenever you try to buy something on internet with cc, they show you a well programmed form, very secure. They are carts, like vp-asp xcarts. Specific sites are not cardable, but carts are cardable. Below I’m posting tutorial to hack VP ASP cart. Now every site which use that cart can be hacked, and through their *mdb file you can get their clients ‘credit card details’, and also login name and password of their admin area, and all other info of clients and company secrets. Let’ss start: Type: VP-ASP Shopping Cart Version: 5.00 How to find VP-ASP 5.00 sites? Finding VP-ASP 5.00 sites is so simple… Go to Google and search for VP-ASP Shopping Cart 5.00 You will find many websites with VP-ASP 5.00 cart software installed. Now let’s go to the exploit. The page will be like this: ****://***.victim.com/shop/shopdisplaycategories.asp The exploit is: diag_dbtest.asp Now you need to do this: ****://***.victim.com/shop/diag_dbtest.asp A page will appear contain those: xDatabase shopping140 xDblocation resx xdatabasetypexEmailxEmail NamexEmailSubjectxEmailSy stemxEmailTypexOrdernumbe r Example: The most important thing here is xDatabase xDatabase: shopping140 Ok, now the URL will be like this: ****://***.victim.com/shop/shopping140.mdb If you didn’t download the Database, try this while there is dblocation: xDblocation resx The url will be: ****://***.victim.com/shop/resx/shopping140.mdb If you see the error message you have to try this: ****://***.victim.com/shop/shopping500.mdb Download the mdb file and you should be able to open it with any mdb file viewer, you should be able to find mdb file viewer at download.com, or use MS Office Access. Inside this file you should be able to find credit card information, and you should even be able to find the admin username and password for the website. The admin login page is usually located here: ****://***.victim.com/shop/shopadmin.asp If you cannot find the admin username and password in the mdb file or you can but it is incorrect, or you cannot find the mdb file at all, then try to find the admin login page and enter the default passwords which are: Username: admin password: admin OR Username: vpasp password: vpasp Hacking Through Scams This method is usually used to hack for earning money, in this method you create a clone page. Here your target is eBay.com or paypal.com for general credit cards, or if you want to target any specific cashable bank like regionbank.com then you have to create a clone page for that bank. Anyway we will keep it simple and start with eBay.com. How to get the emails of their users? Go to google.com and type “Email Harvestor” or any Email Spider and search for eBay Buyers and eBay Sellers and you will get long lists. That lists are not accurate but out of 1000 atleast 1 email would be valid. Hard work needed af. Well you create a clone page of ebay, and mail the list you create from spider with message, like “Your account has been hacked, please response” or any reason that looks legit, professional and ask them to visit the link below and enter your information billing and the scam page have programming when they enter their info it comes directly to your email. In the form page you have PIN required so you also get the PIN number through which you can cash through ATM. Now if you run ebay scam or paypal scam, it’s up to your luck who’s your victim. A client of bank of america or of citibank or of region, it’s about luck, maybe you get cashable, may be you don’t it’s just luck, nothing else. Search on google to download a scam site and study it! t After you create your scam site, just find some email harvestor or spider from internet (download good one at Bulk Email Software Superstore – Email Marketing Internet Advertising) and create a good email list. And you need to find a mailer (mass sending mailer) which send mass – emails to all emails with the message of updating their account on your scam page). In from to, use email [email protected] and in subject use: eBay – Update your eBay Account and in Name use eBay Some Instructions: Make sure your hosting remains up or the link in the email you will send, and when your victim emails visit it, it will show page cannot be displayed, and your plan will be failed. Hardest point is to find hosting which remains up in scam. Even I don’t find it easily, it’s very hard part. Maybe you have contacts with someone who own hosting company and co locations or dedicated he can hide your scam in some of dedicated without restrictions. Finding a good email list (good means = actually users) Your mass mailing software land the emails in inbox of users. Hope you will find this tutorial (using kali linux for carding) useful.