WWH education 20-21. Part 22. “Working with brut”
Lecture#20 Working with brut 12.15.2020
Lecturer:
Hello everybody
Today I will be your lecturer
A lecture on working with brute accounts of various shops
For those who have no idea what brute is:
Brutus - The process of sorting through combinations of login: password to gain access to any service (shop, bank, toy, etc.)
A brute account is actually a successful result of a brute force (brute force program) in the form of a valid login: password combination for a specific resource
What do we need to start brutal?
The software itself, databases of the form login: password, proxy and server on which the whole thing will stand
Now I will focus on each of the points and tell you what is what
Software for brutus, aka Brutus, aka Checker - software that searches for combinations of login: password for a particular service, there are also those that check for several services at once, but now you are unlikely to find such
Such software can be bought or ordered on any shadow forum, the cost starts from a couple of hundred rubles and can end up in the amount of several thousand dollars, depending on the complexity (availability of protections, captcha, etc.) of the site that you want to brute
Further in order we have Bases.
Bases - a set of combinations login: password. Extracted by leaking Databases from vulnerable sites using SQL injection or some other means.
After mining, the databases look like a set of incomprehensible symbols (hashes), which are then run through decryptors and are already sold to us
When buying or selling bases, there are several criteria by which their quality is assessed and whether they suit us or not
Among these criteria are the following:
Valid, aka Validity, is the percentage of login: password combinations with which you can get to the KX mail.
Private or Privacy -% indicator of unique combinations of username: password that have not been previously seen in public access. It is determined by special software, so called AntiPablikami.
Geo - defines belonging to a particular region / country. It happens, for example, Asia, USA, MUR (CIS), MIX (All in a row), etc.
The bases, like software, can be purchased on shadow platforms / forums. There are a huge number of bases and the price for them varies greatly depending on the criteria and not only.
Next we have Proxies - this is a combination of ip: port, used in brute to replace ip when connecting to sites and not only. This is a very important thing, as they help us bypass IP blocking. Many sites block the IP after several unsuccessful attempts to log into one or another account. For example I use stormproxiesfor brute and other tasks. There is also a huge number of different services with different quality and prices, for example proxyrack, bestproxies, topproxies, awmproxy and many others. Prices can also start from a few hundred rubles a month to several hundred dollars.
Come to the last moment necessary for a brutus:
The server is actually a remote computer, basically Windows servers are used, to which you connect via RDP, we need it firstly for the smooth operation of the software, and secondly to increase our anonymity. Servers for brute are needed not entirely weak, but at least from 2 dedicated cores and 4 RAM, the more powerful the better in general
We are finished with the first block.
I hope I have clearly explained what brute is and what is needed for it.
In the next block, we will consider in more detail how to work with brute shop accounts, i.e. in general, we will touch on this topic in the context of clothing carding, and brute BA and services with cryptocurrency, etc. this is a completely different story and a different level
Basically, accounts with cards attached to them or accounts that have an internal balance of a particular shop are used for driving from brutus.
Of course, there are accounts with associated BA or PP, but with a 99% probability you won't get anything from them, I don't even advise you to look in their direction.
First of all, let's look at working with linked maps.
Conventionally, there are two options for working:
Driving directly onto the drop or in the middle
Driving into the address of the KX, followed by a reut or pickup
Driving directly onto the drop - very rarely ends with success when working with brute accounts, often asks for CVV or the full card number, which of course we will not have. There are shops in which this information is not requested when changing, if you find one, then we are happy and try to work on it. By the way, there are quite a lot of them. But this does not change the point that your purchase may be freaked out. After all, the account was logged in from 3 different ip, i.e. KX itself, software for brute and us personally + the address changes to everything, which also adds fraud points.
Driving KX to the address with the subsequent re-rooting - with such a drive we are less fraudulent, since we do not change the KX address to our own, respectively, the chance of canceling the order is several times less. But before driving in, you should definitely pay attention to which postal service the shop is sending, if of course such information is indicated. Since the shop can be corny, it can be sent by the service that it is impossible to return or with which it will be very difficult to pick up our pack. What is a pickup and a pickup I think at the last lecture you don't need to explain)
Speaking of gift, forget it. The chance that you will insert Gift with a brute account tends to 0.
It is also worth mentioning that when working with brute accounts, orders are often canceled not so much by shops as by KX themselves.
For they receive notifications by mail or in the applications of the shop / bank
Therefore, you should not be very upset about failures, checkmate (brute accounts) is quite a cheap thing, especially if you mine them yourself.
Purchased accounts with linked DCs usually cost $ 1-2, you must agree, this is much cheaper than buying a DC separately for driving.
But I still recommend to get the mate yourself.
About warming up when working with linked CCs - you should not especially warm up the shop when working with brut, you will only waste your time.
Since the material is cheap and there is a lot of it, you can safely go through the accounts and some of them will 100% go
Of course, walk around the shop at least 1-3 minutes before driving in, look at some kind of product and add it to the basket - you can't do without it
I told about working with attached cards, there is absolutely nothing complicated about it.
No more system settings, etc. also not needed. Sphere + sock for the country of KX, and if ZIP was parsed, then closer to ZIP and drove
Now I'll tell you about the sweeter one, which I personally prefer)
This is work with accounts that have a balance in the shop
There are 2 huge advantages when working with such accounts:
95% of shops absolutely do not fraud orders made from balances
It comes out of the first plus - we can safely change the address to a drop or even to the middle and are not afraid that the shop will cancel it, since again 95% of shops do not fraud and do not check such orders.
There is one more small plus - in fact, you can beat even without socks, using a regular VPN for the country of KX. I am not kidding :)
You can do without a sphere) Turn on incognito in any browser, turn on vpn and drive)
Of course, some shops can burn this, but the chance of this is minimal. Nevertheless, I still recommend using socks, at least the same 911 and the sphere, so as not to repeat the iron and prints from hammer in to hammer.
Of the small cons:
you can not beat Gift from the balance, nirazu did not see such an opportunity
there are much fewer such shops than those that have linked CCs, but nevertheless there are quite a few of them, so look
I personally prefer the option of working with balances.
I find a shop (google -> register an account -> see if there is a balance system in the shop)
I contact coders and order software
I even take the bases for such shops because very few people are engaged in the brut of balances - xs why
And fuck to blue in the face)
So, well, like I told everything I wanted
You can ask questions
The only request, if you saw that I have already answered a question similar to yours, do not ask it again
goodman
Share a couple of shops with the ability to keep the grandmother on the balance sheet)
In shops, of course, it's to give your bread, but I can say 1-2
zalando
different countries
and john lewis for example
this is yuk shop
user80
And coders are also possible
I cannot advise anyone on coders, unfortunately
There is always a small problem with this - they like to swell or go to the drug trip, which even happens more often
Therefore, I will not recommend anyone.
You can find coders both on our forum, and on bhf or ex
temporary
the validity of bases - in percentage how much can be considered, which is normal? how much do bases usually cost? coders services? under each shop it turns out it is necessary to order brutal software?
When buying valid databases 80 +%, this is already good validity
The cost of bases varies greatly
From a few dollars for a conditional Mix not minted for valid to several hundred dollars (maybe even thousands) for some specific country with high validity
and yes, for every shop it turns out you need brutal software, right
coders' services also depend on the shop
from 1500 rubles conditionally and up to infinity
temporary
the cost of the software? average
well, on average, if not a complex shop, then 50-100 bakosv
izolenta
How can you avoid fraudulent orders? Do not understand a little bit. We have to eat cookies and all that. Then how will such orders be bypassed? Do not understand a little bit
temporary
I think, since the acc is secured, it means that everything has been registered for a long time and KX walked for us on the site, and af is not looking at him that way, maybe?
Are you talking about driving off the balance sheet?
Even Amazon is much easier to treat with balance
We don't use the card for driving
And the address should not be the same as the rest
The money is already in the shop's account
and they are basically purple
You can search for sale brute accounts of the same zalando
for example German
take 2-3 accounts
enter them using a regular browser + vpn
and try to drive
be surprised)
izolenta
As a result, none of the lecturers said where to start.
Didn't I say?
In my personal opinion, brutus is one of the cheapest options to start
and at the same time one of the most effective
of course you will not immediately rake in huge amounts
but even a couple of drives a month for small amounts, this will be a good result for a start
yarah
will the anti fraud find it a problem that we change the address to the drop instead of the normal card holder's address?
if you mean when you work with cracked accounts + cc = yes, but if you mean cracked accounts with balance, for ex. Zalando= no
temporary
the progress of work is not entirely clear. what do you find first, point by point, you can from and to, albeit briefly?
We find a shop. To do this, we use corny Google for any request you are interested in.
Registering an account in the shop
We examine the entire personal account and try to find signs that there is a balance in the shop. Of course, on self-registration it will be 0. Small hint: often if a shop has its own Gifts, then it also has an internal balance.
If there is a balance, we order a brute. We select a base for the country. And we start work. If there is no balance, we are looking for another shop and repeat the steps.
if, of course, we are talking about working with balance (which I prefer)
Well, then it's up to little
yarah
so what I understand:
get brutus software
buy database
use program to find the valid accounts
buy socks
login inside accounts
warm up for couple of minutes
enter shipping, send item to drop
yes something like that
user80
Question by country for work. Is it yusa or europe?
I prefer Europe
Since there are drops, etc.
But it may well be yusa and even conditional Asia
goldenbaum
you can hypothetically compare the extraction of the log from the desired shop by a stealer, or go the same way and recover the password from the same accounts
No, they are different things
Logs will still be better
They have cookies, access to mail, respectively, etc. etc.
Brutus this is a little different. Here we select a conditionally correct combination of login and password for the shop and enter it while we do not have any other access by mail type and there are no cookies in general.
yarah
do you prefer this way more than the normal: VM + socks + CC from CC shop + warmup 30 minutes + re route ?? especially for us beginners?
Is the success rate higher?
yes i can reccommend it for beginners
and from my experience success rate higher, right
temporary
if Europe, then a lot of drops?
in yus I think with it better
in yus with drops it is much better
but I have my own business, so I have my own drops
But in general, there are enough drop services in eu
Don't forget that we have a private channel with the most up-to-date information and material, please contact our support team @ouhom2 to enter