If you have any questions, contact us:
Telegram:maintex
ICQ:1607000


Go Back   Cyber Security Forum > Cybercrime Forum > Hosting » Security » Anonymity

Notices

Hosting » Security » Anonymity VPN, socks, rdp, traffic

Reply
 
Thread Tools Search this Thread
  #1 Old 11-21-2019, 01:40 PM
Cartographer
 
Cartographer's Avatar
 
Join Date: Aug 2013
Posts: 511
Cartographer is on a distinguished road
Default How to secretly mine on sites [Hide Mining]

In this article I want to tell you how to secretly mine on sites and how it works.
In this case, it will be enough to go to the infected site without any download files or running bat file. Now some "users" earn on such opportunity, and others even suspect nothing.


Theory
Mining is the process of maintaining a distributed platform and creating new blocks with the ability to get rewarded for such activities. Quite a few currencies support mining, for example Bitcoin, Monero, Ethereum, ZCash, etc.
A mining farm is a high-performance computer that uses video cards to perform calculations. As a rule, several video cards are connected to the motherboard, which are used for mining.
The traditional scheme looks quite simple: purchase of equipment -> connection and setup -> registration on the pool and start the miner-> profit.
But instead there is a service: https://coinhive.com/

Which allows you to embed javascript code in the site and will receive income from the capacity of site visitors. For mining, the coinhive library is used. For more detailed information you can use the documentation:
https://coinhive.com/documentation/miner in the English language.
Important: the so-called browser mining with javascript uses only CPU power. In simple words, computational operations are performed using the processor. They are less effective in terms of reward, but make sense with a large number of miners.
How in practice can you secretly mine on the site?
First you need to register on the service https://coinhive.com/. After that, you need to verify the account through the mail. If all goes well, then you will see statistics with the number of sites and capacity.

Let's look at the interesting features that this site offers. At the time of writing, there were 6 accommodation options and plus a separate "Shortlinks" mode.

First you need to get the key. To do this, go to the "Settings" section and Sites & API Keys. Enter the name of the site and get the key. There's nothing complicated about it. An example is on the screenshot:

After that, you can create a standard HTML document framework and embed our miner. For this case, use The JavaScript Miner page. To do this, use the basic form and create this document with the index extension.html

https://pastebin.com/raw/DajxMnXW

After the launch, the user will have a message on the page that warns about the beginning of mining. I think most of the users clicked "Cancel".

But there is an edit on the site that allows you to run the miner absolutely secretly and without warning. To do this, you need to change the download link of the miner to another and our index page.html

https://pastebin.com/raw/LkzeJiRi it will look like this.
After the launch, there are no confirmation forms for the use of resources and mining begins immediately. This can be checked in the task Manager or statistics panel on the site. Testing was conducted on Windows 10 with security and virus protection enabled.

I think the meaning is clear that if you have access to thousands of pages of sites, then you can make good money from this. Everything is of course relative and depends on what computing power users have. According to the service, 10-20 active miners can bring 110$(0.3 XMR) per month. It should be noted that it is possible to work through the API, as well as separately developed a plugin for the popular CMS WordPress.
It is interesting to test how the miner will work if you add adblock to the browser. After running the script the utility stopped the script and mining was stopped:

The coinhive service offers an alternative in the "Non-Adblocked Version" section for use with downloads via authedmine.com thus, users will always receive a sign with the permission to use this process and if the user has allowed such mining, it will not be blocked by antivirus and Adblock programs. Therefore, hidden mining is designed more for users who do not have any protection in the systems.
How to integrate a captcha miner on your website?
The coinhive service allows you to integrate a captcha that will use the computing power of the computer for verification. You can see how this will happen in the user interface.

Code:
https://pastebin.com/raw/w2yUTdEp -for captcha insertion.

Let's analyze the parameters:
data-hashes= "1024" / / Number of hashes. data-key= "SITE_KEY" > / / the Key for the site, you can get on the service
How to get cryptocurrency through the distribution of short links?
This service provides the ability to reduce links and before opening the desired resource, the user will mine cryptocurrency. Thus, if each of your links will open thousands of users, it can bring a certain income. It is also possible to store previously generated links on this service.

The screenshot shows that you can specify the target url, your site for statistics and the number of hashes that must be obtained before opening the link. Let's examine how the transition occurs and whether it is blocked. The test was conducted on Windows 10 without additional plugins. It is important to note that the site has a secure connection. There were no messages from the system and the link successfully started and started using system resources.

Thus, the target link will not open until the slider reaches the end and the desired number of hashes is obtained, which can be specified when configuring. Thus, after one transition, you can get 0.00000003 XMR or 0.00001098$ (this value can be increased, but then the link load time will also increase). In the panel you can see statistics on the number of transitions.


Conclusion.
It can be concluded that it is possible to secretly mine on sites using the service coinhive. This will work for those users who do not have protection. Not all antiviruses detected a threat during testing. Therefore, there is a possibility that such users can "provide" computing power for mining.
In General, the service was conceived as an alternative to advertising. The white use case involves notifying the user about the beginning of mining. Therefore, it all depends on how you will use this service. I remind you that all information was provided solely for educational purposes and the author assumes no responsibility for illegal use.
__________________
Advertising Policies
Cartographer is offline   Reply With Quote
Reply

Tags
hide, mine, mining, secretly, sites

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


Cybercrime forum, cybercrime site, ,fraud forum, russian fraud forum, Credit cards, carder, infraud, carders.ws, crdpro, fraudsters, darkpro, crdcrew, dumps, cvv, cc, stuff carding, legit seller, vendor, free cvv, dumps+pin, skimmer, ,shimmer, emv software, emv chip writer, free cc+cvv, valid cards, track 2, free cvv, dump pin, dumps, cvv, cc, credit cards, real carding, legit vendor, carder forum, carding tutorial, russian hackers, online cvv shop, track 101, enroll, fullz