jeana
Newbie
- Joined
- 10.10.24
- Messages
- 23
- Reaction score
- 4
- Points
- 3
This guide isn’t for people with the intent to become a seller but rather be able to capture CCs for yourself, not even to obtain thousands of CCs at once. As all you need is a couple of CCs that are good. Compared to buying such data through marketplaces in bulk, stressing through the cards credibility you’ll have a better success at following my guide. It’s simple and free just follow along.
What do I mean by “Network-Based Phishing” in the title?
This method targets individuals (possibly you in the past) going to a mall, connecting to a Wi-Fi network that looks legitimate (like "Mall-Free-WiFi" or "Starbucks-WiFi"), and when they try to access the Internet, you're redirected to a phishing website that looks like the real one trying to get you to add Personal Information.
You’ll need to do a little local research on where people might frequent the most to operate on their laptops in your town or maybe the next town over. You’ll need to know this because it’s the area you’ll be targeting. So, search for public areas where people gather such as Malls, Libraries, Airports, Hotels, Restaurants, and Shops/Outlets.
For starters you’ll have to perform a DoS attack. You might be wondering what the hell is a DoS attack? And to save you from searching what it is on your own time, a Denial‑of‑Service (DoS) attack is someone trying to make a computer, website, or online service unavailable by overwhelming it with traffic or requests. The goal is to disrupt normal operations so legitimate users can’t access it.
Now the main part, the part that’s in the title, you’ll have to capture their credit card details. Now how the hell are you going to do that? Well since i’m super nice i’ll give you some ideas but we are also in a world where Ai models can help you formulate ideas beyond mine so keep that also in mind.
Also to further expand on how you are going to do this, it’ll all be added in the part where victim checks if there is any available wifi in their Wi-Fi settings on their device, when they click your “Wi-Fi” it’ll prompt the page you have created which is where they’ll input their credentials.
Method #1 (Recommended)
Offer to provide unlimited Wi-Fi availability for their entire duration there for a low cost. This is done as said earlier by setting up a fake Wi-Fi network with a name that mimics a legitimate one (e.g., "Mall-Free-WiFi" or "Starbucks-WiFi"). Once users connect to your network, they are redirected to a phishing page where they are prompted to enter their personal information, including credit card details.
Method #2 (Advanced)
Keep the Wi-Fi free but advertise either on the same page or redirect them to it that they can upgrade to faster speeds for a small fee. Emphasize that it’s a trial that can be easily canceled later on (Harder to have victims climb this ladder).
Tips: Make your page as believable as possible, mimic websites, apps, and storefronts that gets them to not think twice on why they could possible need to enter their credit card details.
e.g.,
Moving forward.
1. Install Ubuntu within a VM on your laptop/computer
a) https://www.virtualbox.org/
b) https://www.vmware.com/
c) https://proxmox.com/en/
d) https://www.qemu.org/
Ubuntu Installation (Oracle VirtualBox)
Download the Ubuntu ISO: Grab the latest LTS from ubuntu.com (e.g., ubuntu-20.04.6-desktop-amd64.iso).
Allocate resources: 2GB RAM, 20GB disk space, 1-2 CPU cores (minimum for smooth Nginx operation).
After setup, install updates: sudo apt update && sudo apt upgrade.
https://pastebin.com/7xxvG5TW (follow link to see all commands for terminal)
2. Open the settings within your Ubuntu VM and configure your connection to “Bridged Adapter.” Once done restart your VM.
How to configure?
If using Oracle VirtualBox:
3. Boot up your Ubuntu VM again and go to “Terminal” and enter the lines that’s inside the file that is attached to this message (above) line by line unless clustered together.
Step 4
Paste this into the file:
When done save the file and close it.
Step 5
Paste this into the file:
Phishing templates are usually ZIP files packed with HTML, CSS, and PHP/JavaScript crap to fake legit payment pages.
Download one, save it in your host's Downloads as phish.zip or whatever.
For VirtualBox transfer:
Power off the VM, go to Settings > Shared Folders > Add (host path like C:\Users\YourName\Downloads, name it "Shared").
Boot the VM back up, then in Terminal run:
sudo mkdir /mnt/shared && sudo mount -t vboxsf Shared /mnt/shared.
Inside the VM: cd /mnt/shared, and you'll see phish.zip. Copy it locally with cp phish.zip ~ (dumps it to your home dir).
It'll get relocated to /var/www/html.
8. In Terminal, navigate to the Phishing Template .zip file you downloaded and run these commands:
(Assuming it's named Phish.zip) Open Terminal in the VM, go to where the file is (like cd ~/ if you copied it there, or cd /mnt/shared if still shared), then punch in these lines that’s below line by line unless clustered together:
Take note of the IP adress of your Ubuntu VM.
9. Put your Ubuntu VM IP in the URL bar of your web browser, coupled with /index.html.
10. When done you should see a basic CC capturing webpage. You can modify it according to your preferences that’s why I kept it very basic. The goal, however, is to create an appearance as professional and persuasive as possible;
11. Once the victim enters their credentials, all credit card information will be saved in "log. txt," located within the /var/www/html directory, for you to exploit later.
12. After capturing the data start a new Terminal session in your Ubuntu VM and enter the following command:
And that will conclude this guide on “Capturing Your Own CCs (Network-Based Phishing)”
What do I mean by “Network-Based Phishing” in the title?
This method targets individuals (possibly you in the past) going to a mall, connecting to a Wi-Fi network that looks legitimate (like "Mall-Free-WiFi" or "Starbucks-WiFi"), and when they try to access the Internet, you're redirected to a phishing website that looks like the real one trying to get you to add Personal Information.
You’ll need to do a little local research on where people might frequent the most to operate on their laptops in your town or maybe the next town over. You’ll need to know this because it’s the area you’ll be targeting. So, search for public areas where people gather such as Malls, Libraries, Airports, Hotels, Restaurants, and Shops/Outlets.
For starters you’ll have to perform a DoS attack. You might be wondering what the hell is a DoS attack? And to save you from searching what it is on your own time, a Denial‑of‑Service (DoS) attack is someone trying to make a computer, website, or online service unavailable by overwhelming it with traffic or requests. The goal is to disrupt normal operations so legitimate users can’t access it.
Now the main part, the part that’s in the title, you’ll have to capture their credit card details. Now how the hell are you going to do that? Well since i’m super nice i’ll give you some ideas but we are also in a world where Ai models can help you formulate ideas beyond mine so keep that also in mind.
Also to further expand on how you are going to do this, it’ll all be added in the part where victim checks if there is any available wifi in their Wi-Fi settings on their device, when they click your “Wi-Fi” it’ll prompt the page you have created which is where they’ll input their credentials.
Method #1 (Recommended)
Offer to provide unlimited Wi-Fi availability for their entire duration there for a low cost. This is done as said earlier by setting up a fake Wi-Fi network with a name that mimics a legitimate one (e.g., "Mall-Free-WiFi" or "Starbucks-WiFi"). Once users connect to your network, they are redirected to a phishing page where they are prompted to enter their personal information, including credit card details.
Method #2 (Advanced)
Keep the Wi-Fi free but advertise either on the same page or redirect them to it that they can upgrade to faster speeds for a small fee. Emphasize that it’s a trial that can be easily canceled later on (Harder to have victims climb this ladder).
Tips: Make your page as believable as possible, mimic websites, apps, and storefronts that gets them to not think twice on why they could possible need to enter their credit card details.
e.g.,
- Clean and minmal checkout page
- SSL Secured
- Secure Checkout
- Norton / McAfee logos
- 256-bit Encryption
- Similar layouts to family sites
- Powered by PayPal (logos)
- Powered by Shopify (logos)
- Apple Pay / Google Pay logos
- Verified by Visa
- Mastercard SecureCode
- Masked card inputs:
- Hidden CVV
- Autofill
Moving forward.
1. Install Ubuntu within a VM on your laptop/computer
a) https://www.virtualbox.org/
b) https://www.vmware.com/
c) https://proxmox.com/en/
d) https://www.qemu.org/
Ubuntu Installation (Oracle VirtualBox)
Download the Ubuntu ISO: Grab the latest LTS from ubuntu.com (e.g., ubuntu-20.04.6-desktop-amd64.iso).
Allocate resources: 2GB RAM, 20GB disk space, 1-2 CPU cores (minimum for smooth Nginx operation).
After setup, install updates: sudo apt update && sudo apt upgrade.
https://pastebin.com/7xxvG5TW (follow link to see all commands for terminal)
2. Open the settings within your Ubuntu VM and configure your connection to “Bridged Adapter.” Once done restart your VM.
How to configure?
If using Oracle VirtualBox:
- Shut down the Ubuntu VM
- In VirtualBox, right‑click the VM → Settings
- Go to Network
- Change Attached to: NAT → Bridged Adapter
- Save
- Start the VM again
3. Boot up your Ubuntu VM again and go to “Terminal” and enter the lines that’s inside the file that is attached to this message (above) line by line unless clustered together.
Step 4
Paste this into the file:
When done save the file and close it.
Step 5
Paste this into the file:
7. Find a Phishing Template (or grab one you already have) and transfer it to your Ubuntu VM
Phishing templates are usually ZIP files packed with HTML, CSS, and PHP/JavaScript crap to fake legit payment pages.
Download one, save it in your host's Downloads as phish.zip or whatever.
For VirtualBox transfer:
Power off the VM, go to Settings > Shared Folders > Add (host path like C:\Users\YourName\Downloads, name it "Shared").
Boot the VM back up, then in Terminal run:
sudo mkdir /mnt/shared && sudo mount -t vboxsf Shared /mnt/shared.
Inside the VM: cd /mnt/shared, and you'll see phish.zip. Copy it locally with cp phish.zip ~ (dumps it to your home dir).
It'll get relocated to /var/www/html.
8. In Terminal, navigate to the Phishing Template .zip file you downloaded and run these commands:
(Assuming it's named Phish.zip) Open Terminal in the VM, go to where the file is (like cd ~/ if you copied it there, or cd /mnt/shared if still shared), then punch in these lines that’s below line by line unless clustered together:
Take note of the IP adress of your Ubuntu VM.
9. Put your Ubuntu VM IP in the URL bar of your web browser, coupled with /index.html.
10. When done you should see a basic CC capturing webpage. You can modify it according to your preferences that’s why I kept it very basic. The goal, however, is to create an appearance as professional and persuasive as possible;
11. Once the victim enters their credentials, all credit card information will be saved in "log. txt," located within the /var/www/html directory, for you to exploit later.
12. After capturing the data start a new Terminal session in your Ubuntu VM and enter the following command:
And that will conclude this guide on “Capturing Your Own CCs (Network-Based Phishing)”
