Spam

SMTP: Buy

SMTP Configuration: In general, to send via SMTP, you’ll need the following information, regardless of how your tools of choice are configured:

- HOST / Address: smtp.mandrillapp.com
- PORT: 25, 587, 2525, or 465 (SSL)
- USERNAME: Any string
- PASSWORD: Any valid API key 

Your tools may also require the following information:
- Domain: Your sending domain, e.g., mail.example.com
- Authentication type: login or plain
- ENCRYPTION: tls

config.action_mailer.delivery_method = :smtp
config.action_mailer.smtp_settings = {
  address:              'smtp.postmarkapp.com',
  port:                 587,
  domain:               'yourdomain.com',
  user_name:            Rails.application.secrets.postmark_api_token,
  password:             Rails.application.secrets.postmark_api_token,
  authentication:       :plain,
  enable_starttls_auto: true
}

Brevo: https://www.brevo.com/free-smtp-server/

Amazon SES: https://aws.amazon.com/ses/

Sendgrid: https://sendgrid.com/en-us/blog/what-is-an-smtp-server https://docs.sendgrid.com/for-developers/sending-email/getting-started-smtp#before-you-begin

Mailgun: https://www.mailgun.com/products/send/smtp/

Mailchimp: smtp.mandrillapp.com https://mandrillapp.com/login/ https://mailchimp.com/developer/transactional/docs/smtp-integration/ https://help.prefinery.com/article/240-how-to-send-email-via-a-mailchimp-mandrill-smtp-server

SparkPost: smtp.sparkpostmail.com https://developers.sparkpost.com/api/smtp/

Postmark: https://postmarkapp.com/smtp-service

Mailjet: in-v3.mailjet.com https://dev.mailjet.com/smtp-relay/configuration/ https://www.mailjet.com/products/email-api/smtp-relay/

Moosend: smtp.mailendo.com https://moosend.com/email-marketing/ https://docs.moosend.com/users/moosend/en/use-smtp-to-send-transactional-emails.html

SMTP: Hack

SMTP Checker: https://github.com/aels/mailtools

IMAP Checker: https://github.com/SUP3RIA/Atlantr

  1. Go grab some combos or leaked mail:pass from hacked DBs or go pwn some DBs, I mainly pwn some shit if I have free time or just use public leaks(those that are fresh)

  2. Go buy a Linux vps, install python3 and download madcat mailtools and use its smtp-checker https://github.com/aels/mailtools

  3. Load the list onto VPS then run madcat's smtp-checker with your combo and done!

Instead of buying smtps, you crack them yourself to be sure of the quality:

  1. you could purchase a corp mail:pass and run it through IMAP on your SMTP checker to your inbox.

  2. All SMTPs that inbox you are then able to export through thunderbird , then copy over to your sending tool.

  3. Of course numerous tests will need to be put in place, example i recommend.

  4. test without any letter just words to your email inbox from smtp checker, export all that inbox, then add letter without link , export results , then add letter + link. export.

  5. If you notice a large difference inbetween each section . e.g. alot more inbox without link , then you need to get a new trusted link.

  6. If you get alot more inbox without letter then play around , sometimes its best to not use encryption on your letters and just not include any blacklisted words, as most encryptions are detected these days.

  7. Next, ssh into your phishing server and make sure you have a proper FQDN hostname listed in your /etc/hosts. Example "127.0.0.1 email.yourphishingserver.com email localhost"

  8. Now, you're going to install the web front-end to phish from in just a few easy steps. Start by downloading the latest "BETA" version of iRedMail onto your phishing server.

LETTERS

Encrypting HTML letters:

Method 1: Portable/online HTML encryption

Online HTML encryption: https://www.smartgb.com/free_encrypthtml.php - This method doesn't work on mailboxes which blocks Javascript. - Use Method 2 if it doesn't work.

Portable HTML encryption: https://www.softpedia.com/get/Internet/WEB-Design/Source-Site-Protectors/Portable-HTML-Encrypter.shtml 1. Select unencrypted HTML 2. Click encrypt to create a new encrypted HTML

Method 2: New Method

1. Make the letter with HTML. 2. Break every word in letter with <span></span> tags.

Example: Let's spam.
L<span>e</span>t's s<span>p</span>a<span>m.<span>

This will make the letter deliver to Gmail too! You only need to break the message text not the code. Use ChatGPT (https://chat.openai.com/) with following command to get words broken easily.

Command: Break every letter on this text with <span> </span> tags and send back.

Phishing Templates: https://github.com/criggs626/PhishingTemplates/tree/master/emails

NVU: Making professional letters using NVU 1.0 - FREE

  1. Download: http://www.nvu.com/

  2. Get an original paypal letter in your mailbox

  3. Copy email pasting into NVU

  4. Edit the letter as desired - Dear Customer ect

  5. Add you link via the link location

  6. Save and export HTML

MailChimp: HTML templates How to make Letter Inbox 100% - gx40sender.com

  1. Mailchimp: https://mailchimp.com/

  2. Dashboard - Templates - Create template - simple text - edit template

  3. Export as HTML: open in browser and check then send to mailer

  4. Inspect HTML: Responsive design mode to select device views

MAILERS

Bulk Email Software: AMS

AMS Enterprise 2.9: https://www.bspdev.com/

UltraMailer Pro: $25 https://en.ultramailer.org/

FastMail: $2.50 mo https://www.fastmail.com/ Use Help-Register item of the main menu to enter the code in the program. To avoid errors, It is recommended to use Windows Clipboard while entering the code. Serial Code - 21935119410111

GX40 / GX69: 1- Download And Install (xampp) 2- Download And Install (Git bash) How to start: 1- you should setup smtp - message settings in ./setting/Gx.settings.php 2- put your letter - mails in ./file 3- open git terminal in script path 4- write (C:\xampp\php\php.exe GX40.php) and start sending Format letter: 

##email## : replace the contents of the letter to show the recipient's email 
##subject## : Using random subject 
##frommail## : Using random From mail 
##fromname## : Using random From name 
##short## : Using random your URL 
##country## : Using random country around the world 
##date## : Using date time. (NOT RANDOM) 
##country## : Using random country around the world 
##date## : Using date time. (NOT RANDOM) 
##OS## : Using random Operating Systems 
##browser## : Using random Browsers 
Regards

SendBlaster: Ottavio56 To use the crack file first you have to download original offline installer of SendBlaster Software: https://www.sendblaster.com/services/download/downloadsendblasterfree.php After Downloaded install it and then execute the crack file given inside this zip !

iRedMail: https://www.iredmail.org/download.html

Thunderbird: https://www.thunderbird.net/fa/features/

Gophish: https://github.com/gophish/gophish

PHP Mailers: Cazmiler PHP Mailer Inbox PHP Sender Clay

How to use PHP Mailers: https://www.hostinger.com/tutorials/send-emails-using-php-mail 1. Upload PHP Mailer to Webhosting 2. Change permissions to 777 3. Add SMTP

Blacklist Checking Resources: 

McAfee
Fortiguard
Symantec + BlueCoat
Checkpoint (requires free account)
Palo Alto
Sophos (submission only; no checking) - Click Submit a Sample -> Web Address
TrendMicro
Brightcloud
Websense (Forcepoint)
Lightspeed Systems
Chameleon
SenderBase
MultiBL
MXToolBox - Blacklists

SCAMPAGES

Expireddomains is a search engine for recently expired or dropped domains. It provides search and advanced filtering, such as age of expiration, number of backlinks, number of Archive.org snapshots, SimilarWeb score. Using the site, we can register pre-used domains, which will come with domain age, that look similar to our target, look similar to our impersonation, or simply are likely to blend in on our target’s network. http://expireddomains.net/ https://www.similarweb.com/

When choosing a domain for C2 or data exfiltration, consider choosing a domain categorized as Finance or Healthcare. Many organizations will not perform SSL middling on those categories due to the possibility of legal or data sensitivity issues. It is also important to ensure your chosen domain is not associated with any previous malware or phishing campaigns.

Find Frontable Domains: Search for potential frontable domains https://github.com/rvrsh3ll/FindFrontableDomains

Domain Hunter: Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names https://github.com/threatexpress/domainhunter

Offshore Bulletproof Hosting Providers Use these hosting services to host your phishing sites.

Hosting: https://www.bulletpool.com Domain: (Don't get hosting) https://www.panamaserver.com http://www.offshoreracks.com

LEADS

DORKS: Dork Searching is designed to help bug bounty hunters and penetration testers find sensitive information and vulnerabilities on web applications.

  1. Simple Dorks: A simple dork is a dork that contains a keyword, a file type and a parameter. These dorks can be found in the URL of the sites

  2. Google Dorks: These dorks are a command that will tell the browser you are using exactly what to look for

METHOD 1: Dork Maker

  • We will need keywords, file types and connectors

  • Keywords: Online Keyword Generator https://keywordtool.io/

  • File types: File type like .html dosnt have SQL code and is useless. Use: .php? .asp? .aspx?

  • Parameters: URL to parameter extractors - url to dork converter parameter converter tool =

  • Consultation: time consuming method, low number or dork results

AUTO TOOLS: Malicious activity

  • Dork-Searcher EZ: https://github.com/noradlb1/Dork-Searcher-EZ-SRC-master

  • TSP Dork Generator v15

  • Dork Searcher V3: Dork Searcher is a tool that enables you automate searching google and other search engines using dorks for finding Vulnerable SQLi Website lists.

METHOD 2: Google Complex Dorks When writing google dorks as a keyword you can use part of the url when using the inurl or allinurl commands, could work with related as well.

Searching - Google: - Bing: - Yahoo: - GitHub: - Shodan:

Dorks: SQL injection

  • Related: Related: "jimmy" + "smith" site:com

  • Inurl: Will look for a specific keyword ex: index.asp

  • Allinurl: Same as Inurl but will go through the whole URL.

  • Intitle: Will look for the specific keyword in the titles of the sites.

  • Intext: Will go through the content of the site and look for the provide keyword.

  • Allintext: Same as intext, but will take more time and go through the whole content.

  • Site: Will target specific sites, eg: site:com will target com sites, site:nulled will target only nulled. Targeting countries, site:de = German - site:kr = Korea

  • Source: will locate the source of the site.

Example: 
Allinurl: index.php?app=intext: death site:com

OR:
Related: "nulled" + ".com"

Sample Parameters: 

products.php?id= 
production.php?id= 
newsdetail.php?id= 
viewoffer.php?id= 
news.php?category= 
inner.php?pageid= 
nview.php?id= 
newsitem.php?ItemId= 
order.php?id= 
photogal-detail.php?id= 
view-news.php?id= 
zboard.php?id= 
store.php?Screen= 
plugin.php?id= 
product.php?id= 
expo_detail.php?id= 
category.php?id= 
pages.php?id= 
productinfo.php?id=

SQLI:

INJECTABLE URLs: - MyWebSearch: - Yahoo: https://search.yahoo.com/ - Bing: https://www.bing.com/

AUTO TOOLS: - SQLMAP: https://github.com/sqlmapproject/sqlmap - SQL Dumper V8.3:

PARAMETERS: - ParamSpider: https://github.com/devanshbatham/ParamSpider

DATABASE: Search database tables and columns for email:passwords:

- URL: http://www.
- Method: MySQL UNION
- Search: email, password
- Rows: 
- Total Rows:

SQLMAP:

1. Injectable URL list 
2. Command: sqlmap -u "http://www"
3. -u = URL -D = database info is located -T = table -C colums

sqlmap -u "http://www." -D "aadisol_aca" -T "members" -C "emaol, password" --dump --eta --threads=10

COMBO EDITORS:

HOW TO FILTER EMAILS:

Combo Editor Pro: Malicious activity Combo Editor Pro v1 by Draghost is a powerful tool designed for editing combos. It provides advanced features to make the editing process easier and more efficient. https://any.run/report/8d57195c05bcc5d97872e8f17424bd9e69cf0ec4b3d1c688a2c1e41ebc16b8a5/a165c619-b949-42e2-bf4d-ad72042b40b5

FontAwesome: Font Awesome is the Internet's icon library and toolkit, used by millions of designers, developers, and content creators. https://fontawesome.com/ https://fontawesome.com/v4/cheatsheet/

Guna: https://gunaui.com/

Tips for spamming:

  1. Buy valid targeted & filtered leads for spamming

  2. Don't include organization names like PayPal, Chase etc. on your domain name, from mail list or anywhere

  3. Use noip.com to create DNS

  4. Don't send mail to Gmail, Outlook to avoid killing your smtp

  5. use https://s.id to shorten your scampage link.

  6. use fresh & clean letter, good smtp & mailer, if your mails keep getting onto spam folder then change subject, from mail list sections. Try to avoid spam words on your letter and remember your SMTP works on reputation so avoid spam mails.

  7. Dont use real domains while spamming, as it wont belong to company so mail providers filters will consider it as genuine mail.

  8. use clean self made scam pages, most of mail providers blacklist source of scam pages.

  9. Use IP SMTP, high limits sending

PreviousWifi CrackingNextMalware

Last updated