This site does not support carding, hacking or any Fraudulent activities. This article is for educational purposes only. It aims to point out why hackers and carders often go undetected and how you can hide your IP so as to access blocked content. Although the fraudulent steps discussed may work in real life, Security Cavern warns you against any fraudulent behavior as it is against the law.
Remote Desktop Protocols (RDP)
Remote Desktop Protocols are a bit easier to use than SSH and you don’t have to worry about spoofing your Firefox Browser (I will teach you later how to use Antidetect to spoof IP), changing timezone or other types of leaks because you are just logging in to someone’s hacked computer (or a rented one like this ). Anyways, all you need to do is log in to the RDP, patch it for a Ghost User account if you have Admin rights and then do your deeds. I’m going to cover how to find a good hacked RDP and how to patch it so you can have a separate ghost account. The worst things about using a hacked RDP is that they can be terribly slow and they are apt to shutdown on your at the most unexpected times.
Now I am going to teach you how to pick hacked RDPs, connect and patch with a Ghost User account. The first RDP source is Xdebic. You will need to register by mailing the support team or requesting a member to invite you. Note: this one Opens with TOR browser only. Don’t worry I will teach you how to setup TOR browser in the recommended reading below. The second RDP source is uas-shop. This one does not need a TOR browser.
For either of the sites, you will need to go ahead and load up a balance on either of the sites and expect to pay on average $15 to $20 for a good RDP. In this example, I will be using xDedic (same principles apply to uas-shop). I will assume that you have an account for the same if you mailed the support team or got an invite. Remember, you can use uas-shop instead.
Now that you are signed in to xDedic and you have a balance to check and purchases RDPs, let’s begin by clicking the Servers tab on xDedic’s homepage.
Once this page loads, you will see a search feature that lets you choose all kinds of different parameters to search with. For this example, lets search for an RDP for a fullz out of Orlando, Florida. I will select country United States and
state Florida. Additionally, I always start off searching for RDPs with no PayPal and Admin Rights. RDPs with no PayPal are almost always the most clean.
Here is a giant list of available Florida servers (RDPs). Damn, they are starting to get expensive now days, I guess the demand is high.
You see there are options for different Operating systems (OS) to choose from. Go for a Windows based OS, though servers are okay too. So now I’ve selected the Citrus Ridge RDP to pull more information as seen below. As you can see this RDP, has TWC as it’s ISP which is great. It has been used for suntrust bank so it is best not to use it for Suntrust (by the way suntrust is one of the banks we will be opening for bank drops in the next few tutorials).
You can also see I’ve done a blacklist check and it only has 3 out of 177 possibles. Additionally, you can see the risk
score check which I have obtained for 20 cents. It has a very low risk score and a 0 proxy score. This is a perfect RDP for the job. It is not always this easy to find the right RDP, sometimes you really have to search.
Once you have decided you’ve found the right RDP for the job scroll down on the info page and click buy! Once you buy it, you will get all the login credentials including IP, username and password. You will then need to save these credentials and open up the Remote Desktop Connection feature on Windows and enter the credentials to log on to your RDP. Where it says Computer enter the IP. Connection will begin and it may ask you something about accepting
certificates, just say yes.
Now that you are in the RDP and you have selected an RDP with Admin Rights, it is time to patch the RDP so you can create your own account to do your dirty work on. In order to do this open a browser (use incognito mode so it won’t track history) go to this link inside the RDP’s browser and download it. Important note, sometimes anti-virus will block this file from opening. You’re just going to have to play with it and try to unblock the file.
Here at this interface, you can change the username to whatever it doesn’t have to stay GhostUser and you can also change the Password too.
You need to check all three of the boxes, one will warn you that patching the RDP can kill your RDP, but I’ve had that happen like once in the past year so it’s fine. Once you click go it will show you the user and password for about 15 seconds then it will log out of the RDP and self delete the file. Wait about two to three minutes and you can try logging in to the same RDP with your new credentials. All should go well and you’ll be inside of your new account.
Once you are inside of your new account, I suggest just downloading a fresh copy of Firefox portable browser and using that as your main browser. You can download a plug in called Advanced Cookie Manager and with this tool you can make periodic back ups of your cookies in case the RDP dies on you so you can upload the cookies on a new Firefox Portable browser that way you won’t lose all of your aging cookies with PayPal if you use them.
Like I mentioned before you still have the option to use a pay per month datacenter IP, but NEVER use one of these to create ANY account on. Always use a residential IP address before migrating your account to one of these pay
per month RDPs. Also remember, NEVER use a pay per month RDP for Stripe. You will get shut down.
If you came to this blog through search engine, check the other option of using proxifier, Bitvise and SSH because you might want to use it. Just start with the blog below and at the end of it you will find a link to the next blog. I try to guide you step by step.
Another Option to Be Anonymous
Concluding IP Selection
If you are serious about making sure your IP is totally on point, I recommend you get a minFraud service ASAP. This kind of tool is priceless because it allows you to check all of your IPs with MaxMind anti-fraud system. This is incredible because MaxMind is the same anti-fraud detection system that Stripe uses. This is the most accurate IP checking tool on the web. You can see a true risk score based off a number of parameters such as email domain, email age, user agent string, ZIP code and a host of other options. To get this tool you need to look up the vendor vo0doo. You can buy a one month membership to this system for only $18.00 a month. Here are screen shots of the system so you can have an idea of what kind of parameters it checks and it’s user interface.
Please Follow Me:
Facebook: Security Cavern
YouTube: Mesh Tutors
Reddit: SecurityCavern (I will be posting most things here).
Linkedln: Meshach Koech
Quora: Engr. Meshach Koech