WHAT IS DRAINER AND HOW ATTACKERS LAUNCH THEIR CAMPAIGNS TO GET TARGETS RESULTS A "crypto drainer" refers to a type of malicious software or technique used by cybercriminals to steal cryptocurrency from a user's wallet. There are several methods and tools that can be classified under this term, each exploiting different vulnerabilities or social engineering tactics. Here are some common forms of crypto drainers:
Phishing Scams: Fake websites or emails that mimic legitimate cryptocurrency services to trick users into revealing their private keys or passwords.Malware: Software that can infect a user's device, often via malicious downloads or compromised websites, to steal wallet credentials or intercept cryptocurrency transactions.Keyloggers: Programs that record keystrokes to capture sensitive information such as private keys or passwords when the user enters them.Clipboard Hijackers: Malware that monitors the clipboard for cryptocurrency addresses and replaces them with addresses controlled by the attacker.Fake Wallet Apps: Malicious applications posing as legitimate cryptocurrency wallets to steal funds when users transfer their assets into these fake wallets.Browser Extensions: Malicious or compromised browser extensions that can interfere with cryptocurrency transactions or steal private information.Here: We help some members with 1 targets methodology for email phishing campaign..
What We Need For This Two Methods Tutorial: ?
-A Crypto drainer script auto transactions user crypto wallet asset: "Script-page"-A Crypto Fake web3 script-page to gain full access with "private keys" to transactions all type of crypto assets in the user wallets: "Scam-page" -A Mailer Script that support spoof email campaign: "Sender-Mailer"-A Window 10 or 11 virtual RDP, Your rdp provider must support illegal activities.-A Smtps: you can use created self-host or hacked smtp portal. -A Open redirect handling url to hide your spoof target url.. there are many resources to find open redirect like "bing, google, awstrack"etc.
-A Anti-bot-apikey fake or Webroot blocker to make your link hide from bad bot or fake machine user's host:-A Crypto web3 page Template file to implement your target crypto steal link in web3 click button. and for target: Where you can get this? any cyberguys store or clone any web3 crypto html webpage and edit it yourself and add your drainer link in click bottom:1-A Bulletproof VPS to install hosting Panel: 2-A Fast Flux domain's DNS provider or buy domain from flokinet, etc..!3-A Content delivery network aka(CDN-DNS):4-A Contacts List from hacked database from newsletter website's talking about crypto related or school website's like usagov.edu or gov.edu.ca buy from legit seller then extract the phone number, email, name. and valid phone number with mobile carrier isp type and valid debounce mailbox bad email: -A html letter design for your need:-A Spam-words checker tool:-A Email write-AI to compose your html letter contents words:-A sms mailer that support spoof + email to sms smtp support server:-A WhatsApp bot source code can be found on GitHub and meta developer account: -A Business WhatsApp account created with esim number needed: <xss-root>$:
IN this Thread, i won't explain how to deploy all this tools in this thread and setup due to security researcher on darkweb. i will explain the main part of your success result and how to backend domain & IP vps to avoid flag page or domain suspend: in section
1-A to 4-A of our tools list above
...!Next: How to get our VPS and Configure and install best hosting Control-Panel
1-A: Get good bulletproof Linux-vps 8gb, 4cpu ubuntu-18.04, 20.04, 22.04, 24.04 or Debian: 9, 10, 11, 12. from trusted provider "BPH" after purchased and received your order example> user:root, pass:xssadmin2023jun24, IP:194.548.48.12.
download cmder is a Unix cmd tool is free online google it. i hate putty. sorry my bad to window putty user's
Here we login to our linux-vps as <admin-cmder>:$ ssh root@194.548.48.12 hit enter, then it will ask your key invisible copy and paste with right click. first thing to do is update your vps:$ apt-get update && apt-get upgrade -y. here -y will continue without proceed to request type yes or no. after update and upgrade packages file installed, then check UFW list rules.
For beginner is good to know what you are doing in command-line "What is ufw"
UFW (Uncomplicated Firewall) is a command-line interface tool for managing and configuring the firewall on Unix-like operating systems, particularly Linux. It is designed to simplify the process of setting up and managing a firewall, making it more accessible for users who may not be familiar with more complex firewall tools like iptables.
Here are some key features and functions of UFW:
Simplicity: UFW provides a straightforward way to manage firewall rules, focusing on ease of use without requiring deep technical knowledge of networking.
Basic Commands:
ufw enable: Activates the firewall.
ufw disable: Deactivates the firewall.
ufw status: Displays the current status of the firewall and active rules.
ufw allow [port/service]: Allows traffic on a specified port or service.
ufw deny [port/service]: Denies traffic on a specified port or service.
ufw delete [rule]: Deletes an existing rule.
Logging: UFW can be configured to log all blocked or allowed traffic for monitoring and troubleshooting purposes.
IPv6 Support: UFW supports both IPv4 and IPv6.
Profiles: UFW supports application profiles, making it easier to allow or deny traffic for common applications.
Integration: UFW integrates well with various Linux distributions and is often the default firewall management tool on distributions like Ubuntu.
Example Usage
Enable UFW:
Bash:
sudo ufw enable
Allow SSH Traffic:
sudo ufw allow ssh
Deny a Specific Port:
sudo ufw deny 8080
Check Firewall Status:
sudo ufw status
Delete a Rule:
sudo ufw delete allow 22
UFW is a powerful tool that makes firewall management more accessible, allowing users to protect their systems with minimal effort.
make sure you change vps password. with strong keys and Firewall Protection rules to backned your vps due security researcher attacker.
==
If you know what you are doing and all should go successfully. proceed to hostname configuration.
here we can use free domain as hostname or if you have money you can buy. never use dynamic domain like changeip.com or noip.com i notice some guys still using them for spamming setup
.Your hostname command-line-:$ hostnamectl set-hostname node.xsswebpanel.tls then hit enter and also go to your vps control dashboard to add your hostname-domain. after done install this free hosting control panel called fastpanel. only if you know what you are doing..
Here is our installing commandline-bash:$
bash:$ apt-get update; apt-get install wget
bash:$ wget http://repo.fastpanel.direct/install_fastpanel.sh -O - | bash -
After installation done you will see this messages on your screen:
Congratulations! FASTPANEL successfully installed and available for you at https:node.xsswebpanel.tls:8888
Login: fastuser
Password: password
First change your control-panel login key:
exit the session after install and use this command:
bash:$ passwd user_name >"fastuser" hit enter
Then it will require you to insert new password: yourkey2024june27 hit enter done then copy your hostname domain:8888 to browser and login with your user fastuser and passkey2024june27 boom logged...!
Next: What's DNS How to configure for our phishing Tutorial...!
2-A:DNS (Domain Name System) is a fundamental component of the internet that translates human-readable domain names (("like www.xss.is")) into IP addresses ((like 192.45.29.187)) that computers use to identify each other on the network. This system allows users to access websites and other resources using easy-to-remember names rather than numerical IP addresses.
Here: are some key points about DNS:
Hierarchical Structure: DNS operates in a hierarchical manner. At the top are the root name servers, followed by top-level domain (TLD) servers ((like .com, .org is. ru. is. icu)), and then authoritative name servers for specific domains.
DNS Records: DNS uses various types of records to provide information about a domain, including:
A Record: Maps a domain to an IPv4 address.
AAAA Record: Maps a domain to an IPv6 address.
CNAME Record: Alias record that maps one domain name to another.
MX Record: Mail exchange record that directs email to a mail server.
TXT Record: Allows the domain owner to store arbitrary text, often used for verification and security purposes.
Resolvers: DNS resolvers (often provided by ISPs) act as intermediaries that query the DNS hierarchy to resolve domain names for end users.
Caching: DNS responses are often cached by resolvers and clients to improve performance and reduce the load on DNS servers.
Security: DNS has vulnerabilities and can be targeted by attacks such as DNS spoofing and cache poisoning. DNSSEC (Domain Name System Security Extensions) is a set of protocols designed to secure information provided by DNS.
How DNS Works
DNS Query: When you type a URL into your browser, your computer sends a DNS query to a resolver.
Resolver Query: The resolver checks its cache. If the requested domain is not cached, it queries the root name servers.
Root Servers: The root name servers respond with the address of the TLD name servers.
TLD Servers: The resolver then queries the TLD name servers, which respond with the address of the authoritative name servers for the requested domain.
Authoritative Servers: The resolver queries the authoritative name servers, which respond with the IP address of the requested domain.
Response to Client: The resolver caches the response and returns the IP address to the client, which can then establish a connection to the desired website.
Here: we won't use our domain provider's DNS. we will use nameserver exchange DNS. what i mean we are going to use CDN-DNS to backend domain to avoid anti-spam flag red. So that our domain to remain active for a longer period of time before being detected by anti-spam bots or security researchers found our evil phishing link domain..! Many beginners or intermediate spammer's send phishing to professional IT expert or security researcher emails
and They expect their domain link to stay long period of time without domain flag red or domain suspended
..! Ok ok Next: Let's backend our domain with CDN-DNS..!
3-A: What's CDN
A content delivery network ((CDN)) or content distribution network is a geographically distributed network of proxy servers and their data centers. The goal is to provide high availability and performance by distributing the service spatially relative to end users.
How CDN DNS Works
DNS Resolution: When a user tries to access a website ((www.xss.is)), their device initiates a DNS query to resolve the domain name to an IP address.
CDN's Role:
The CDN is configured to handle the domain’s DNS resolution.
The DNS query is routed to the CDN’s DNS infrastructure, which uses sophisticated algorithms to determine the best edge server to handle the request.
Geographic and Performance-Based Routing: The CDN’s DNS server considers factors such as the user’s geographic location, current server loads, and network conditions to decide which edge server should respond to the request.
Edge Server Response: The CDN’s DNS server returns the IP address of the selected edge server to the user’s device.
Content Delivery: The user’s device connects to the edge server to fetch the requested content. This server is typically the closest or the one with the best performance characteristics for the user’s location.
How To set up CDN-DNS for our phishing website domain:
DNS Configuration: Update the domain’s DNS settings to use the CDN’s DNS servers. This usually involves changing the DNS records (such as CNAME or A records) to point to the CDN’s domain or IP addresses.
Let's start by heading to our domain provider to find the nameserver to swap with our CDN record. Next, we return to our CDN-DNS dashboard to set up the site, where we'll be prompted to input the IP of our VPS bulletproof hosting. Once we add it along with a record, we click proceed based on the type of CDN-DNS provider we've chosen. After pointing your domain and IP, a namerserver record will be generated for you, such as ((xssis.cloudflare.com & xssadmi.cloudflare.com)). Copy this record and paste it into your domain provider's nameserver settings, then save. Finally, return to your CDN-DNS dashboard, click continue to verify the DNS exchange, and once it's active, however make sure to check mark proxied.
CDN-DNS Settings: go to CDN-DNS Create rules for your domain, SSL/TLS settings, and performance optimizations, Bots security challenges, etc.
Security Policies: Set up security measures provided by the CDN, such as DDoS protection and WAF rules. xD
Next: How to hacked school website database like ((email, name, mobile number)).
4-A:Let's talk about sql-injection and google dork.
my favorite sql-injection is ((ghauri)) is an advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws:
How To Install:
Run the following commands in the terminal:
bash:$ git clone https://github.com/r0oth3x49/ghauri.git
bash:$ cd ghauri/
bash:$ python3 -m pip install — upgrade -r requirements.txt
bash:$ python3 setup.py install
You might face some module issue after run bash:>$ python3 setup.py install ..: Create virtual environment and Activate python venv.
Next: find sql-dork-scanner script to find vulnerable website url edu websites lists.txt.
If you don't have SQL-Website IT security skills then you can search online where to buy edu/crypto newsletter website hacked database file.
<------END------>
THANKS SO MUCH FOR READING
Happy Phishing My XSS.IS MEMBER'S WISH ALL GOOD LUCK BULK OF RESULTS:
I will write thread on how to crack companies host to get smtps with free open source tool
<-----sECURITY Note--------->
To protect against crypto drainers, users should:
Always verify the authenticity of websites and applications.
Use hardware wallets for better security.
Enable two-factor authentication (2FA) on their accounts.
Keep their software and antivirus programs up to date.
Be cautious of unsolicited emails and messages, especially those requesting sensitive information.
<-----sECURITY Note--------->