Friday, 10 May 2013

Cardingmaster.com carding shop

• dns: 1 ›› ip: 174.136.55.117 - adresse: CARDINGMASTER.COM

Mail:

Let's destroy another shop...
/home/cardingm/.lastlogin: 41.225.221.30
Admin IP used on shop: 41.227.48.25

Admin login:

Dashboard:

Edit news:

Ads manager:

Categories:

Edit category:

View cards:

Edit card:

Import card:

Export card:

Paypal:

Accounts:

Users:

Deposit history:

Order history:

Search card:

Send PM:

User edit:

Add user:

Send email to users:

Group manager:

Shop statistic:

Seller statistic:

Upgrade history:

Deposit history:

Order history:

Check history:

Shop settings:

Bonus manager:

Tools manager:

Spam tool:

The server was also used for phishing:

In 'normal' mode the shop look like this:
And yes it's déjà vu all over again, they use the Vampire.Vn Shop

Want a dump ? sure.
http://temari.fr/cardingmaster.com.zip
As this shop is new they have not alot of users, so i've included the php and shit to compensate.
credit card details are not included.

19 comments:

  1. I lol'd, you pwn every phishing/spam for carding shop you receive per mail

    ReplyDelete
  2. what's stupid password to open it ?

    ReplyDelete
    Replies
    1. a common password used by AV industries, if you don't know it maybe that mean it's not for you.
      /Xyl

      Delete
    2. ...tol =))

      Delete
  3. hardcore man, thanks for the shop script

    ReplyDelete
  4. will look for vulnerabilities inside

    ReplyDelete
  5. it is impossible to distinguish md5 hach as to make it

    ReplyDelete
  6. Did you upload data.php and bigdump.php to the server, or... or... did they come with the shop?
    *facepalm*

    ReplyDelete
    Replies
    1. they come with the shop, i've only noticed these files after doing tar -vcf

      Delete
    2. Will keep on looking for holes then :)

      Delete
  7. That type of hash is that?

    ReplyDelete
  8. So checker tires to buy "Fired Up, Ready to Go!"-Button from Obama store? lol

    ReplyDelete
  9. Cracked the password to login but looks like they are now 403'ing people. Admin password was pretty funny albeit easily crackable. Nice job :)

    ReplyDelete
    Replies
    1. Some password and account has been added by peoples with sql file ..look at bigdump ( User has now , no right to update or/and insert .. so .. )

      Delete
  10. "credit card details are not included." Curses, foiled again...

    ReplyDelete
  11. what program you use for make that

    ReplyDelete
  12. does everyone cracked admincp login page password.?

    ReplyDelete
  13. I cannot crack the archive password

    ReplyDelete
  14. I have The Full Vampire Script.

    ReplyDelete