CARDING

Now were onto the juicy bit lol. To

begin with we need to set up a new
user account for the full you have.
So for each full, we will setup an
individual user account on our VM.
Don't worry, once you're done with
each car profile, you can delete the
account to keep your sign in page
clean. So, let's say your victims
name is Joe Bloggs, you need to
create a new user account with the
username Joe Bloggs or even Joe.
Make it an admin account. Also, if
you’re using Luxsocks or another
provider that gives you a simple
server IP and port number, I
suggest you purchase your SOCK.
Using Luxsocks, I can say they
help check if the IP is blacklisted
before you purchase. So go ahead
and find the SOCK you need and
click buy. Then a window will pop
up with further information. You'll
see t has a proxy score and above
that 4 DNS servers with either a
yes or no value. Yes, obviously
being it is blacklisted and no being
it isn't. Sometimes it will say yes
(low risk). When this comes up,
and you can find another SOCK
because the next one is too far
away and you have checked
another provider and you can't find
a viable SOCK then go for it.
Always buy out. I can't tell you if
other providers offer a similar
service of checking and IP if it is
blacklisted but I know VIP72
allows you to right click the IP
you’re looking to buy from the
SOCK client and then select BL
check. If you get all green
indicators, then your good to go.
Now go ahead and take note of the
server IP and port on a piece of
paper. Now log out of your main
account on your VM and go ahead
and sign into the newly created
account. On all the new accounts
you create, you'll find CCleaner,
MAC address, Proxifier and
Bleachbit are already available.
With Bleachbit it might not be
easily found via start menu. To get
around this you can go directly into
program files and create a desktop
shortcut for the application. So, you
would navigate to My computer >
Local disk (C > Program files >
Bleachbit > bleachbit.exe, right
click and send to desktop. The only
thing we need to always repeat at
this stage is the installation of the
Firefox add-ons above. So go
ahead and scroll up to refresh your
memory. Also remember to select
your user agent in the Firefox add-
on to correspond to that of your
fullz data. Once you have setup
Firefox, close it down. Now you
need to disconnect the internet
access to your VM. To do this on
the bottom right corner on VMware
you'll see an icon of 2 computers
next to a few other icons. Right
click it and click disconnect. We
need to make sure our users locale
is set to the United Kingdom. Also
remember to change the keyboard
language to the UK. Then on the
last tab titles administrative, click
on copy settings and then a window
should pop up. Check the 2 boxes
at the bottom and click Ok. This
will result in all future accounts
being changed to UK locale, but
always check on each new account
to confirm. Now go back and open
up your proxifier and set it up with
the server information you wrote
down earlier. You can't check if it
works because the internet
connection is disabled. Now close
the application down, make sure it
is actually closed and running in
the background. Next, we need to
open up our MAC address changer.
Towards the bottom make sure the
field "use '02' as first octet of MAC
address" is checked. Then click the
random MAC address button just
above that. Once that generates a
new address, just click change now.
After a few seconds a window
should pop up telling you the
change has been successful. Go
ahead and close the application
down. Then open up CCleaner and
check all the boxes under the
windows and application tabs in the
section marked cleaner. Click
analyze and then once its doe that
click run cleaner and wait for it to
finish up. Then do the same for the
registry section. Once you have
done that, just close it down.
Now open up Bleachbit, make sure
all the boxes are checked, just click
OK on all the warning boxes. Then
hit the preview button towards the
top, once that's scanned everything
hit the clean button. Let that finish
up. Now we should basically have
our locale set to the UK, proxifier
setup, our machine wiped, and our
MAC address changed. We should
also have Firefox set up in terms of
having those 2 add-ons installed
and also having the user agent to
match our profile already pre-
selected. Go ahead and re enable
the internet connection. As soon as
you do this open your VPN
software on your VM, and get it up
and running, select a UK server.
Your host machines VPN should
already be up and running from
before. Now open up the proxifier
application and test your SOCK.
Things should all be green. If you
have an issue with your SOCK,
then try diagnose the issue, if it
comes down to the fact that the
server is offline then you can wait
for a bit of get a new SOCK, but if
you do this then you will need to
repeat the whole wiping of the
account using CCleaner and
Bleachbit etc. If you find that you
didn't set the SOCK up correctly,
with a mistyped number or
whatever, then once you have fixed
the issue, disconnect the internet
connect and repeat the process
from wiping your system with
CCleaner and Bleachbit. Open up
Firefox and head over to this site
check2ip.com. When you’re on
their page, it should tell you that
the IP is not blacklisted to begin
with. Then confirm the locale is
indeed correct and the date and
time corresponds to the UK. Next
is the IP geolocation, now
sometimes SOCKs providers can
give you an incorrect location of
the IP, so confirm it using this site.
Finally, towards the bottom it will
show you that your internal IP is
visible, just click their link that
quickly shows you to stop this from
happening. - https://whatleaks.com/
- check this one first. Get ALL
green tickboxes. -
https://whoer.net/ - get 100%
anonymity I also check these ones
too but the above 2 are usually
enough: - http://check2ip.com/ -
https://whatismyipaddress.com/ -
https://ipleak.net/ -
https://www.dnsleaktest.com/ -
http://mybrowserinfo.com/ -
another check browser user agent -
f.vision - for even more detailed
info It is hitting at a 85% rate and
one of my team mate has been
playing around the paypal security
model and its a bit more radical and
does Paypal stuff with his set up.
he just wanted to improve opsec
overall and he has done that. hope
it works for you, too. So
understand you need a phone
powerful enough to run VMOS just
make sure it meets the basic
requirements.
https://www.vmos.com/ and add
virtual root to add the ability to
ROOT on the Virtual machine.
androidvmos.com How to root
VMOS, get VMOS root in 30
seconds - AndroidVMOS One of
the best functions in vmos is you
can get complete control, So you
can get Root as we always want.
After we get... androidvmos.com
VMOS is a Android VM machine
you can run on your phone. you
can YouTube how to do it. Alot of
the videos are Pokemon Go related
but just still follow the steps.
Install Xposed Framework the
following Mods. 1.Hijack Suite
Free. Allows you to get a random
IMEI, Serial number, and build
number. DO NOT CHANGE THE
WIFI MAC address setting It
messes up the Connection. 2. Serial
number changer. verifies the
number is changes from the app
above. >This is done in the VM.
This takes care of the OPSEC of
course every few days or after you
hit change the config. So as far as
the browser use CHROME
CANARY. No addons are needed.
I have found that this is the best
browser to do Carding on within
the VM.< download ANYMAIL as
a email client if needed. OUTSIDE
OF THE VM on the host PHONE:
Use APKPURE, APKMIRROR or
anything not Google Play and
download APK of the following.
1.Fake GPS. To spoof location of
the CH. You can download this
outside or inside of the VM.
2.BifrostV to add SOCKS5 Proxy
close to CH. I use Lux socks and I
am able to get Android Proxy's and
IP's and hit with them. I use Public
Wi-Fi and hit. Just throwing this
out there I have a peer who is more
advanced in this mobile shit that
says you only need mobile data and
your good. Doesn't matter where
the CH is located. Other tips: To
track packages do not use the
carrier sites use the following sites
or APPs: 17track-- Aftership--
Trackingmore-- Fake Camera App.
If you need to upload a picture for
verification or something using the
VM. Make sure you have good
CC's I only use a range World Card
Bins and AMEX cards. It depends
on the site I want to hit.