Spam
SMTP: Buy
SMTP Configuration: In general, to send via SMTP, you’ll need the following information, regardless of how your tools of choice are configured:
SMTP: Hack
Go grab some combos or leaked mail:pass from hacked DBs or go pwn some DBs, I mainly pwn some shit if I have free time or just use public leaks(those that are fresh)
Go buy a Linux vps, install python3 and download madcat mailtools and use its smtp-checker https://github.com/aels/mailtools
Load the list onto VPS then run madcat's smtp-checker with your combo and done!
Instead of buying smtps, you crack them yourself to be sure of the quality:
you could purchase a corp mail:pass and run it through IMAP on your SMTP checker to your inbox.
All SMTPs that inbox you are then able to export through thunderbird , then copy over to your sending tool.
Of course numerous tests will need to be put in place, example i recommend.
test without any letter just words to your email inbox from smtp checker, export all that inbox, then add letter without link , export results , then add letter + link. export.
If you notice a large difference inbetween each section . e.g. alot more inbox without link , then you need to get a new trusted link.
If you get alot more inbox without letter then play around , sometimes its best to not use encryption on your letters and just not include any blacklisted words, as most encryptions are detected these days.
Next, ssh into your phishing server and make sure you have a proper FQDN hostname listed in your /etc/hosts. Example "127.0.0.1 email.yourphishingserver.com email localhost"
Now, you're going to install the web front-end to phish from in just a few easy steps. Start by downloading the latest "BETA" version of iRedMail onto your phishing server.
LETTERS
Encrypting HTML letters:
Method 1: Portable/online HTML encryption
Method 2: New Method
1. Make the letter with HTML. 2. Break every word in letter with <span></span> tags.
NVU: Making professional letters using NVU 1.0 - FREE
Get an original paypal letter in your mailbox
Copy email pasting into NVU
Edit the letter as desired - Dear Customer ect
Add you link via the link location
Save and export HTML
MailChimp: HTML templates How to make Letter Inbox 100% - gx40sender.com
Dashboard - Templates - Create template - simple text - edit template
Export as HTML: open in browser and check then send to mailer
Inspect HTML: Responsive design mode to select device views
MAILERS
Bulk Email Software: AMS
GX40 / GX69: 1- Download And Install (xampp) 2- Download And Install (Git bash) How to start: 1- you should setup smtp - message settings in ./setting/Gx.settings.php 2- put your letter - mails in ./file 3- open git terminal in script path 4- write (C:\xampp\php\php.exe GX40.php) and start sending Format letter:
PHP Mailers: Cazmiler PHP Mailer Inbox PHP Sender Clay
Blacklist Checking Resources:
SCAMPAGES
When choosing a domain for C2 or data exfiltration, consider choosing a domain categorized as Finance or Healthcare. Many organizations will not perform SSL middling on those categories due to the possibility of legal or data sensitivity issues. It is also important to ensure your chosen domain is not associated with any previous malware or phishing campaigns.
Offshore Bulletproof Hosting Providers Use these hosting services to host your phishing sites.
LEADS
DORKS: Dork Searching is designed to help bug bounty hunters and penetration testers find sensitive information and vulnerabilities on web applications.
Simple Dorks: A simple dork is a dork that contains a keyword, a file type and a parameter. These dorks can be found in the URL of the sites
Google Dorks: These dorks are a command that will tell the browser you are using exactly what to look for
METHOD 1: Dork Maker
We will need keywords, file types and connectors
File types: File type like .html dosnt have SQL code and is useless. Use: .php? .asp? .aspx?
Parameters: URL to parameter extractors - url to dork converter parameter converter tool =
Consultation: time consuming method, low number or dork results
AUTO TOOLS: Malicious activity
Dork-Searcher EZ: https://github.com/noradlb1/Dork-Searcher-EZ-SRC-master
TSP Dork Generator v15
Dork Searcher V3: Dork Searcher is a tool that enables you automate searching google and other search engines using dorks for finding Vulnerable SQLi Website lists.
METHOD 2: Google Complex Dorks When writing google dorks as a keyword you can use part of the url when using the inurl or allinurl commands, could work with related as well.
Searching - Google: - Bing: - Yahoo: - GitHub: - Shodan:
Dorks: SQL injection
Related: Related: "jimmy" + "smith" site:com
Inurl: Will look for a specific keyword ex: index.asp
Allinurl: Same as Inurl but will go through the whole URL.
Intitle: Will look for the specific keyword in the titles of the sites.
Intext: Will go through the content of the site and look for the provide keyword.
Allintext: Same as intext, but will take more time and go through the whole content.
Site: Will target specific sites, eg: site:com will target com sites, site:nulled will target only nulled. Targeting countries, site:de = German - site:kr = Korea
Source: will locate the source of the site.
Sample Parameters:
SQLI:
DATABASE: Search database tables and columns for email:passwords:
SQLMAP:
COMBO EDITORS:
HOW TO FILTER EMAILS:
Tips for spamming:
Buy valid targeted & filtered leads for spamming
Don't include organization names like PayPal, Chase etc. on your domain name, from mail list or anywhere
Don't send mail to Gmail, Outlook to avoid killing your smtp
use fresh & clean letter, good smtp & mailer, if your mails keep getting onto spam folder then change subject, from mail list sections. Try to avoid spam words on your letter and remember your SMTP works on reputation so avoid spam mails.
Dont use real domains while spamming, as it wont belong to company so mail providers filters will consider it as genuine mail.
use clean self made scam pages, most of mail providers blacklist source of scam pages.
Use IP SMTP, high limits sending
Last updated
