Best Carding World

INTRODUCTION
This tutorial is designed for individuals seeking to explore and elucidate the procedures for accumulating these resources for the practice of crypto-mining activities or distributed denial of service (DDoS) attacks, alongside other applications requiring a considerable number of compromised personal computers and virtual private servers (PCs / VPS).

REQUISITES
1. Shodan account having membership, membership fee for Shodan at £35 GBP or obtainable free in case of ".edu" email.
2. VPN (e.g. Mullvad).
3. Basic scripting aptitude.

WARNING
- DO NOT employ this technique without improperly concealing oneself.
- DO NOT endeavour in this without being fully aware of the consequences.
- DO NOT establish a connection via 'Secure Shell' to any compromised device from your local Computer.
- DO NOT engage in mining to your Bitcoin wallet (Monero only).
This is a fundamental process, not advanced.

TUTORIAL
1. First and foremost, secure your Shodan membership and VPN configuration.

2. Conduct a search for newly discovered CVEs (RCE only) and familiarise yourself with their workings. Thoroughly study each to increase your understanding.We shall utilise two CVEs for this thread:
- CVE-2022-26134 [X-Confluence]
- CVE-2022-1388 [BIG-IP Firewall]
Review both CVEs and the corresponding Proof of Concept available on GitHub.

3. Once comprehension is achieved, construct a Shodan dork using unique identifiers for these targeted services:
- Dork for CVE-2022-26134 [ X-Confluence]
- Dork for CVE-2022-1388 [ http.title:"BIG-IP®-+Redirect"]
Utilise these dorks to execute a Shodan search.

4. We shall utilise Shodan CLI to obtain IPs related to this service:

At this point, you should perceive a list of IPs along with their corresponding ports.

5. We shall employ "httprobe" or "httpx" to discern live hosts:


6. We shall employ Nucli to automatise testing for potential vulnerabilities extant. As we are currently engaging with the inaugural CVE, namely "Confluence", we shall utilise this template:

Save it under the designation "attack.yaml".

7. We shall now pass live hosts to this templates:

At this point, one should patiently anticipate observing the emergence of one's zombies before their very gaze.

Hi, this is very educational and interesting. Thanks!

But how do I use these in case of wanting to?

kirisute.g0m3n wrote:Hi, this is very educational and interesting. Thanks!

But how do I use these in case of wanting to?

After executing the command "cat live_hosts.txt | nucli -bs 50 -c 50 -t attack.yaml", you have successfully exploited the vulnerable devices and acquired control over them, transforming them into zombies.

For utilise the zombies, you can:
1. Establish a command and control server to manage and communicate with the compromised devices. This server will function as the central hub for dispatching instructions and receiving commands from the zombies.

2. Develop a script to automate the process of connecting to the zombies and issuing commands. This script should encompass functions for initiating and terminating attacks, overseeing the zombies' resources, and updating their configurations.

3. Configure the script to connect to the C&C server and obtain a list of the available zombies. This list should incorporate their IP addresses and ports, as well as any other pertinent information requisite for communication.

4. Traverse the list of zombies and employ the script to dispatch commands to each one, instructing them to execute the desired malicious activity.

5. Supervise the advancement of the assault and the performance of the zombies. Ensure that they are functioning correctly and that they are not being detected or blacklisted by the target.

6. As required, revise the script and the configurations of the zombies to enhance their performance and maximise the impact.

Note: This practice is of high risk. I recommend that if you're a novice, learn / practice a lot before attempting a real attack, in real attacks you must take great care of your OPSEC.