In-depth About Gift Cards Cracking

[Reneboss 37]

[hide]

1.Protections that sites use for balance check page

• User account
  
• Pin/cvv or security code
  
• Captcha
  
• Verification via e-mail
  
• Limiting page requests
  
• Doesn't show if the gift card number or pin is wrong
  
• Csrf tokens
  
• No protection :D
  

For what you can see there many options for the sites to protect their customers gift cards from being stolen.

Most popular shops like nike,puma and etc will have good protection measures so you can forget trying to rape them.

 

2. Identifying gift card numbers

 

2.1. Sequential numbers

 

 

As you can see 99700002 are sequential numbers and the other remaining are only 5 random numbers.

Since this site doesn't have any protection it's really easy to get valid gift cards with balance, but it's really rare to find a site like this.

 

2.2. Luhn algorithm

 

Some sites use luhn algorithm for gift cards you can identify luhn algorithms here.

 

 

2.3. Regex

 

Regex is mostly used for e-gift cards that includes letters, using regex increases your chance to get a hit instead of using the same letter.

Example from Netflix regex:

LEQ\d[A-Z]\d\d\d\d\d\d

3. Finding sites and exploiting them

 

 

3.1. Finding sites

 

You will have to use your imagination with google dorks to find the best results.

Simple Example:

inurl:giftcardbalance OR inurl:giftcard + "check" -pin -captcha

3.2. Exploiting site

 

 

This is the hardest part because you will have to use your brain to find the best approach and think if its worth exploiting the site.

What do i mean by if its worth exploiting?

For example:

Site has 16 digits number without a pin but has captchas, has 8 sequential numbers 8 other are random.

You will have to calculate the captchas prices per request and calculate if you cover the captchas cost and make some profit.

If you decided it is worth obviously you will have to make a config/checker or pay someone to do that for you, if isn't worth just keep looking for another site.

 

 

4. Using gift cards in-store

 

So some sites have balance check page without a pin, but when you are in the check out page they ask for a pin.

So there is a bypass for that if you don't want to use javascripts to crack pin, but they need to have barcode based gift cards like this(without magnetic stripe):

So basically what you do is download stocard app or use barcode generator and download the photo of the barcode and use it in-store.

 

 

 

This tutorial took a while to write, if you want a part 2 about gift cards cloning show some support  :ezy:

[/hide]

[Ald1slav 3]

like, i want see this

[CaptainWaffle_ 2]

I want to see this!Anyway thanks for the share!

[Skrookie 1]

If this includes something of value to me or anyone else then I'll leave a like

[sabridi 0]

thanks for the share

[Reverb 1]

Ttttttttttttttttt

[ralph_dibny 3]

like, i want see this

[metiv 0]

good job i like your share

[CPlusPlus 4]

looks interesting

ty for the share mate

[ficokin 1]

thank you sir

[topy-31 0]

I want to see this!Anyway thanks for the share!

[riggzwheelz 0]

does it really work tho

[tobiasetienne 0]

[align=left]

 

I've never heard anything about this subject. We learn something every day ig.  :fiesta:

[duxibimu 0]

إذا كان هذا يتضمن شيئًا ذا قيمة بالنسبة لي أو لأي شخص آخر ، فسأترك مثلًا

[Guess7131 0]

Thabks for this

[sanjabon 1]

lets check it out.

[Wwljva 0]

THANKS MATE.

[dasjdaslkdadklas 2]

dasdasdasdasd

[seo decompile5 2]

thanks man good share

[funkyna665 1]

Tx alot mate

[Apxy 4]

like, i want see this

[aliayub123 23]

Nice highly appreciated

[Zaaamj 1]

hope this works this time

[itachi212 15]

Hope It Works

[huyfgrt3 0]

would check it out soon