Cryptocoin Faucets

So I’ve gone a bit cray cray since DOGE came out, thanks to connection (she LOVES that I have spent so much time screwing with coins btw >.<). Totally understood how much of a joke it was, but it gave me my first glimpse of what cryptocurrency was and I started researching. Everything I’ve found out with it, I’ve ensured to try and share back the knowledge with the community (mainly on /r/bitcoinforbeginners). A shout out to giveen is deserved as well since he helped me understand a lot of the trading aspects.

So what I have done is taken EVERY coin I could find that had a faucet and added it below. I’m aware that I probably missed a ton and if you know of any, please let me know below or through the contact form and I will get it/them added.

If you find any of this useful, please consider donating:
BTC:  1JSiEk9JGjCRaxbUjecHMKoxjCyofHbxzc
LTC:  LMTnjMtkG8osVDFN2Eh8u7hiD6gWsFdVFf
CRYPTSY TRADE KEY:  9ec7a1a482355b0f5d78502f09b820ed7cb4c2a6

ALPHA – ALF
http://alph.a.gp/index.php  -  24 hours
https://sites.google.com/site/alphacoinfaucet/  -  Google forms  -  requires email
https://sites.google.com/site/memecoinfaucet/alphacoinfaucet  -  Google forms – requires email – 1 time payout

Bitcoins – BTC
http://www.landofbitcoin.com/  -  Collect from multiple faucets and has a faucet directly on main page that accumulates over time
http://www.bithits.info/  -  2ubtc per submission  -  sent out in waves
http://www.freebitcointips.co.uk/ – 24 hour faucet
http://virtualbitcoinfaucet.com/ – 3 hour faucet
http://freebitcoinfaucet.com/faucet/ – 12 hour faucet
http://www.reddit.com/r/bitcoinfaucet - A list of multiple BTC faucets (most are listed on here)
http://freebitcoinz.com/ – 1000 satoshi every 24 hours
http://www.thefreebitcoin.tk/ – Sends to microwallet
http://www.coinfaucet.tk/ – Sends to microwallet
http://www.bitcoinfreefaucet.tk/ – Sends to microwallet
http://trzn.co/ – hourly faucet
http://btcclicks.com/?r=67896aec – earn BTC for surfing ads (most are 10 seconds)
http://canhasbitcoin.com – 30 minute faucet – sends to coinbox.me
http://www.nioctib.net/get-free-bitcoins/ – 30 minute faucet – sends to coinbox.me
http://www.rawbitcoins.com – 30 minute faucet – sends to coinbox.me
https://coinad.com/ – view ads and earn mBTC
http://www.bitvisitor.com – view websites and earn uBTC – payout is 100 uBTC
http://www.bitcoin4you.net - view websites and earn uBTC
http://www.bitcoinget.com/task – earn uBTC for completing tasks
http://bittoclick.com/?view=home – earn BTC for clicking ads
http://bitcoinflood.com/faucet/ – earn up to 30 satoshi – sent to microwallet
http://freebitco.in/- roll hourly to earn BTC
http://hotswap.co/faucet – earn up to 1k satoshis hourly – payout at 100k satoshis
http://mmoclub.com/ – earn up to 500 satoshis – payout at 10k satoshis
http://redcoins.co/index.php – hourly faucet – 54.3 uBTC payout
http://www.bitcoins4.me – hourly faucet – payout at 5500 satoshis
http://www.freebitcoins4u.com/index.php – 30 minute faucet – sends to coinbox.me
http://www.thefreebitcoins.com/index.php – 30 minute faucet – sends to coinbox.me
http://www.freebtc4all.com/index.php – 30 minute faucet – sends to coinbox.me
http://www.btc4you.com/index.php – 30 minute faucet – sends to coinbox.me
http://bitbucks.com/ – complete offers for BTC
http://earnfreebitcoins.com/ – visit websites and earn uBTC
http://faucetbtc.com/index.php – 30 minutes faucet – sends to coinbox.me
http://www.bitcrate.net – 24 hour faucet – “break a crate” and earn BTC
http://www.thebitcoin.me/index.php – 30 minute faucet – sends to coinbox.me
http://www.rawbitcoins.com/index.php – 30 minute faucet – sends to coinbox.me
http://www.freebitcoinlottery.com/ – unlimited guesses – earn up to 2.4 BTC daily
http://www.bitcats.net/index.php – 30 minute faucet – sends to coinbox.me
http://www.btcmine.net/index.php - 30 minute faucet – sends to coinbox.me
http://www.bitcoins4free.me/ – 30 minute faucet – sends to coinbox.me
http://www.elbitcoingratis.es/index.php – in spanish (shouldn’t matter) – 30 minute faucet – sends to coinbox.me
http://www.greencoins.org/index.php – 30 minute faucet – sends to coinbox.me
http://www.freebitcoins.me/index.php - 30 minute faucet – sends to coinbox.me
http://www.dailybitcoins.org/ – hourly faucet – offers code for peerbet.org
http://www.cleverpuffin.com/faucet/ – 2 hour faucet – sends to microwallet
http://megabitcoinfaucet.com/faucet – hourly faucet – 100 satoshis every hour – payout is 50k satoshis
http://bitcoinaddict.com/index.php – 24 hour faucet
http://www.bitcoinar.net/ – 24 hour faucet
http://btcflow.net - 24 hour faucet – payout at 0.00015930 BTC
http://bitcoinfaucet.tk/ – 6 hour faucet – payout at 0.00005430 BTC
http://www.virtualfaucet.com/index.php – 30 minute faucet – send to coinbox.me
http://www.srbitcoin.com/index.php – 30 minute faucet – sends to coinbox.me
http://www.bitcoinspain.net/index.php -  30 minute faucet – sends to coinbox.me
http://www.fr33bitcoins.com/index.php – 30 minute faucet – sends to coinbox.me
http://www.payfaucet.com/ – 30 minute faucet – sends to microwallet
http://faucetsurfer.tk/ - Takes you through roughly 60 faucets in one place

Bytecoin – BTE
http://bytehits.info/ – (Malwarebytes shows as malicious)

CATcoin – CAT
http://www.thebitcoinmaster.com/catcoin/ - Pays out at .001 CAT – No time restraints

COINYE – COYE
http://www.coinyecoinfaucet.com/ – 12 hour faucet
https://coye.bitcoinproject.net/ -
http://coinyefaucet.com/ – 12 hour faucet

Cthulu – OFF
http://www.thebitcoinmaster.com/offerings/index.php – 24 hour faucet
https://andarazoroflove.org/faucet/offerings/ – unlimited submissions for .01 OFF

Devcoin – DVC
http://faucet.d.evco.in/ – Pay per round
http://www.freebitcointips.co.uk/devcoin – 24 hour faucet

Digitalcoin – DGC
http://majesti.co/freedgc/index.php – 24 hour faucet
http://dgc.u.gp/index.php – 24 hour faucet

DOGEcoin – DOGE
http://earnfreedoges.com – offers/faucets/giveaways
http://www.kbve.com/rewards/doge/videos/ – watch videos earn DOGE
https://wow.bitcoinproject.net/ – Hourly
http://freedogecoins.net/ – List of DOGE faucets
http://www.thebitcoinmaster.com/dogecoin/ – Pays out at 5 DOGE
http://dogebb.com/ - Get paid for posting
http://bartstuff.eu/doge/doge2.php – sends up to 5 DOGE
http://freedoge.we-mine.it/
http://cryptolockup.com/doge/
http://dogefaucet.tk/ – “few hours” faucet
http://95.85.13.147/faucet/
http://littledoge.com/index.php – almost dead
http://cryptobucket.com/dogefaucet/ – 24 hour faucet
http://www.doge2goods.com/free-doge/ – 1-100 doge based off your comment (funnier more doge)
http://silabsoft.org/doge/ – 4 hour faucet
http://faucet.earcaraxe.com/ – possibly broken (sends to send.php and blank screen)
http://indogewetrust.com/ – unknown wait time

Earthcoin – EAC
http://www.thebitcoinmaster.com/earthcoin/index.php – no limit

EZCoin – EZC
http://www.freebitcointips.co.uk/ez-coin – 24 hour faucet

FASTcoin – FST
http://majesti.co/fastfaucet/index.php – 24 hour faucet

Freicoin – FRC
http://theopeneffect.com/freicoin/index.php – paid per round
http://www.freicoin-raffle.org/ – FRC raffle

FRANKO – FRK
http://majesti.co/freefrk/index.php – 24 hour faucet

Gilcoin – GIL
https://sites.google.com/site/memecoinfaucet/gilcoin-faucet – Google forms – requires email – 1 time payout

Globalcoin – GLC
http://majesti.co/glcfaucet/index.php – 24 hour faucet

Goldcoin – GLD
http://gldfaucet.com/ – 48 hour faucet

Hypercoin – HYC
https://sites.google.com/site/altcoinlist/home/hypercoin-faucet – Google forms – 1 time submission

Infinitecoin  – IFC
http://if.x.gg/index.php – 24 hour faucet

Kittehcoin – MEOW
http://freemeow.tk/ - 4 hour reset
http://www.thebitcoinmaster.com/kittehcoin/index.php - Unlimited faucet with low payout
http://1url.co.uk/catnip/ - 4 hour reset

Litecoin – LTC
http://litecoiner.net/ – Adblock must not be installed – must reach .01 LTC before payout – hourly faucet
http://ltc4you.com/ – Hourly roll – win between 2u and 100u

Mastercoin – MSC
http://mastercoin-faucet.com/ – requires linking/verifying accounts

Memecoin – MEM
http://www.freebitcointips.co.uk/memecoin - 24 hour faucet
https://sites.google.com/site/memecoinfaucet/home – Google forms – requires email – 1 time payout

Mincoin – MNC
http://www.freebitcointips.co.uk/mincoin – 24 hour faucet

Mooncoin – MNC
http://mooncoinfaucet.com/ – hourly dispense – 1 to 2,100 moons

Namecoin – NMC
namecoin faucet – Asks how many coins you would like, not sure if it sends entire amount of coins requested

Nutcoin – NUT
http://www.cryptopoolmining.com/nutgift/ - Faucet dispenses 1 – 500 nutcoins

Nextcoin – NXT
http://nxtra.org/faucet/ – account and email required

Onecoin – ONC
http://onecoin.faucet.tmd.ee/

Particle – PRT
http://coindrain.com/particle – 3 hour faucet

QuickQuickcoin – QQC
http://www.freebitcointips.co.uk/quickcoin – 24 hour faucet

SEXcoin – SXC
http://www.freebitcointips.co.uk/sexcoin – 24 hour faucet

Unobtanium – Un
http://andarazoroflove.org/faucet/unobtanium/ -

Weedcoin – WEC
https://sites.google.com/site/altcoinlist/weedcoin-fauicet – Google forms – 1 time submission

Worldcoin – WDC
http://www.freebitcointips.co.uk/worldcoin – 24 hour faucet
http://www.worldcoinsfaucet.info/ – 24 hour faucet

ZETAcoin – ZET
http://zet.qquu.com/ – 24 hour faucet
http://zet.cryptofaucets.com/ – 24 hour faucet

Updated Wordlist location

So, I have been extremely terrible about not blogging recently and for that I’m sorry. Life has been hectic. This is a quick post to say that my wordlist, which was originally on a torrent, has been on bindshell for quite awhile thanks to @jmgosney. Along with that, it was overhauled because when the original one was published, it was sorted and uniq’d, but not as well as I had thought. This updated one has been fixed which cut the size literally in half. I will start trying to blog more for those keeping an eye out.

Help With Writing Your Resume

So, this will start out as every other post does, thanking people who’ve helped with this idea! This list of people is @HackerHuntress, @spridel11, @diami03, the wife, justabill, and whiteb0rd. They helped me tremendously in getting my resume to where it is currently.

Now, with that being said let’s jump right in. Below is exactly how I have my resume. Here is a copy for yourself that you can adjust as needed.

First we have the header. 

First Last Name

ADDRESS

CITY, STATE ZIP

PHONE

EMAIL

CURRENT JOB TITLE

As you can see, it’s nothing incredibly fancy. I used Microsoft Word (2007) to create my resume so copying it to here isn’t exact with the alignment and such. This portion is pretty self explanatory. Starting off, make sure that the phone number you use is one that can contact you. The email, if you do not have an email account that is professional ie: first.last@whatever.com then you better get one! I can’t tell you how many times I’ve heard of people submitting a resume with some ridiculous personal email account, which in turn gets there resume sent to one place…the trash can. It’s easy, and sad, that I must say it but I wouldn’t if it weren’t true. Next is the Current Job Title. This is mainly for people who currently have a job but are searching for a new one. If you don’t have a job, I’d suggest putting whatever you WANT to do, ie security researcher or security analyst.

Summary
  • (Career field) professional currently pursuing a (degree) with a major in (major) from a (NSA CAE or similar). Seeks to compliment the skills of co-workers and advance the mission of the organization by providing technical expertise and business acumen in arriving at solid (career) solutions.

This summary should be the MAIN point of your resume. This is a quick summary of you that will explain why whatever company that is looking at your resume should hire you and essentially what they’ll be missing if they don’t. Starting off, you want to list yourself as a professional in whatever field you are in. In my case, Information Security professional, but this could be Human Resources or a hundred other possibilities. If you have or are currently pursuing a degree, then you want to highlight this in your first sentence. I have listed that my school is a NSA CAE, National Security Agency Center of Academic Excellence. If you currently go to a school that is such a thing, you want to make sure it is recognized. If not try to highlight what your school is known for. Next, you want to explain why they should hire you. As you can see, I’ve crafted a very good sentence that basically tells them in extremely “fancy” terms that you want to improve their company and your co-workers abilities with your knowledge. At the end of this sentence, ensure that you tell them you want to help them arrive at solid “career” solutions, meaning information security or human resources or penetration testing (whatever your career is).

Experience
US Army

January 2006 – Present

Senior Information Systems Specialist
  • Oversaw Network Security Violations for 20,000 personnel and managing a team of seven.
  • Lead helpdesk technician for 300 people.
  • Maintained network and system communications for 20,000 personnel stationed in Alaska.
  • Configured and managed over 40 Cisco devices.
  • Managed Active Directory for 20,000 personnel.
  • Taught upwards of 150 personnel on information security.
  • Maintained satellite communications.
  • Performed vulnerability assessments with (program).
  • Information assurance management officer.

Strategic Security

August 2012 – Present

  Senior Intern

  • Authored numerous lab manuals for Strategic Security facilitating training courses worldwide.
  • Configured and operated common industry vulnerability scanner to include Nessus.
  • Wrote open source intelligence and penetration test reports.
  • Develop post penetration reports providing business with valuable finding and recommendations.
  • Familiar with exploit development tools.

As you can see, yes this is directly from my resume (as I stated above). When listing things you’ve done for each job you NEVER want to say I because it’s your resume, obviously it’s about you! Think of it as a third person description of what you’ve done or if you were writing someone up for an award or promotion. It can be very difficult, but take time and ask for assistance if you need it. The way these are typed up could be the difference between getting a job based off your skills and not getting a job because the skills you list don’t mean anything to the job you’re applying for.

Education and Certifications

MOST CURRENT SCHOOL/EDUCATION

  • TOPIC OF STUDY, DATE – DATE

ANY AWARDS (DEAN’S LIST, HONOR GRADUATE, ETC)

NEXT OLDEST SCHOOL/EDUCATION

  • TOPIC OF STUDY, DATE-DATE

ANY CERTIFICATIONS YOU CURRENTLY HOLD

Lastly, you want to list your education and, if you have any, certifications. The way I recommend listing your education is from most recent to oldest, ending with your high school or GED. Ensure that whatever topics you studied, be it computer science, theater, etc, is listed since this will most likely relate to the job you are currently applying for. With saying that though, if you mainly took theater and are applying for a computer science position, I don’t suggest you list it.

If you have any questions, don’t hesitate to contact me on twitter, @drb0n3z, or comment below and I will respond when I have the chance. I don’t want to claim that I’m a professional at this, but I’ve been through a Department of Labor course specifically to help with writing resumes and finding a job in this terrible economy and have had help from HR recruiters (hackerhuntress). If you have suggestions as well, again don’t hesitate to contact me!

Passision – new wordlist creation tool

So awhile back Marcus Carey from ThreatAgent decided to ask for input on wordlist creation. The general idea was do you think geo data, City, State, zip codes, would be something good to include when trying to crack passwords. My instant response was yes as I’ve seen a decent amount of this type of thing. Remember the Linkedin hack, a ton of those passwords were some variation of the company’s name. So let’s start with how to get the tool.

 

Step 1: Go to threatagent.com and create a user account.

signup

 

Step 2: Once you receive your email, click on Drone on the main page.

drone

 

Step 3: Click on Deploy drone and figure out what company you want to create a wordlist from.

Org

 

Step 4: Click next, then input the organization’s site.

site

 

Step 5: Click next, then click Run.

Run

 

Step 6: Allow for the Drone program to complete the OSINT report.

mission

 

Step 7: Once complete, click on Apps then Passision. Click Create wordlist.

passision

 

Step 8: Allow the wordlist to be collected.  Once it’s completed, you’re able to download it.

wordlist

 

A fun little tidbit Marcus threw into his program is it informs you if your wordlist contains profanity.

 

The big thing you must keep in mind is that you only get 5 searches with a basic/limited account, so unless you’re willing to pay for more searches, make sure you’re using them wisely!

My wordlist now shared

Alright everyone, the time has come for me to finally get off my lazy @$$ and share my wordlist. Now, the main thing with this wordlist is it is a mixture of a ton of wordlists. For example, it’s including @g0tmi1k‘s 18in1, @purehate_‘s old wordlist, @tekdefense‘s random honeypot dump he gave me, @defusesec‘s 15gb wordlist that was recently released, etc. Along with those wordlists it includes TONS of dumps from @cyber_war_news‘ two sites and dumps I’ve posted along with connection to his dump site leaks-db.

I can’t thank the community and people I interact with daily enough for all the support they’ve given and teaching. This is my way of giving back.

MY WORDLIST    —–   15.4gb tar-gz. Actual size is 69.3gb so you’re aware!   <—–(EDITED TO BE A TORRENT)

Now, along with that the fun part…since everything I give you seems to be broken in some manner, there is a lot of the wordlists that probably need to be cut out and fixed. There are (I’m sure) hashes in this that don’t need to be there and possibly duplicate words/phrases BUT I’ve done my best to take care of that.

Mid post writing update: While uploading the file last week, @bwallhatestwits wrote a little python script to remove invalid characters. This did wonders and has made it the size it currently is.

Anything else people come up with don’t hesitate to contact me on the twatters! Much love and awkward hugs to everyone in the community!!!

Editing Invalid Characters in text files

So last night I was working with @bwall last night on his tool distributed-hash-solving, I ran into an issue in my MD5 pot file. It was showing NUL and other characters when viewing it in Notepad++.

After a little google-fu, I figured out a fix for it and then realized it was more then just NUL characters, it was almost every ASCII character that could be input as a two/three letter character.

We start with opening N++ and getting a sample of the character we need to remove.

nul-screen

As you can see, it decided to input between the hash and the correct output of the has. A text sample of it would be:

NUL0NUL0NUL0 etc…

Now the fix for this is hitting CTRL-F and choosing the Replace tab and choosing the corresponding ASCII hex character. In this case, it’s \x00 :

nul-replace

Now you want to select Replace ALL. It took less than a minute and replaced over 150 instances of the NUL character. The output came to this:

nul-fix

As you can see, properly fixed!

Now with that one character being fixed, I also ran into almost every other possible HEX character being thrown into that file. The quick list of these to check for is:

asciifull

\x00 – \x08  (9 actually counting as a character in some passwords you don’t want to remove this)
\x0B – \x0F  (A would do the same thing as \n, or your enter key, so again you don’t want to remove this)
\x10 – \x19
\x1A – \x1F

To ensure you ARE finding the correct characters, I recommend you hit the find next button before replacing to ensure there IS an actual character that needs to be replaced AND that you aren’t going to goof up your .pot/.txt/* file like I did the first time I did this.

If you have any questions feel free to contact me on freenode #hacktalk #intern0t #isdpodcast or #offtopicsec and on twitter @drb0n3z.

Sharing the pot and asking for help!

So I’ve taken the advice of @hacktalkblog (again) and decided to throw all of my .pot files that I have acquired together based off of hash type. Essentially, all the MD5s in one, Sha1s in one, etc.

I’ve decided to share the .pots I have, which are only MD5 and Sha1s right now, and also throw everyone who wants it a list of MD5s that I have yet been able to crack. I got the idea of sharing my .pot files from @bwall because of the hash cracking competition he is running at his site. If you decide to download it than please get back to me with what you can crack.

MD5.pot

SHA1.pot

 

HASHES-MD5.txt

Here is the list of hashes I haven’t been able to crack yet. It contains multiple dumps including:

7poker, acm.hdu.edu.cn, ctemag.com, digitword.com, djartsgames.ca, eharmony, euload, exonmobil, ftxtraders.eu, g4spass, some random ones from iran, last.fm, militarysingles, nvidia, and sex06.nl

About 99% of those dumps have been collected from @cwn.

One more note that comes to mind before I end this post, if you would like to share your .pot or your dictionaries, let me know and I will host the link on this post as well. I would also like a copy of whatever you can give for .pot files too.

-b0n3z

UPDATE: Thanks to @jmgosney & @coolacid for their help, I’ve been able to get about 400k more of those hashes cracked. Both the md5.pot and hashes-md5.txt file have been updated accordingly.