Search the Community

Al Salamu alaykom Recently, i've made this new tool for cpanel cracking - brute forcing.It's very easy to use just follow my pictures First of all you need to download this tool : Download On mediaFire Note : there is no trojans, viruses, you can scan it yourself ! Now open cpanel killer.exe, it will be like this. you can use the auto username grabber option on the configuration side, or i already included a python script for auto username grabber you can use it also it includes two options 1 - single site username grabber. 2 - Server Usernames Grabber For usage, you just need to put your passwords list, if you use the auto username grab option you don't need to add a usernames list either, you don't need to add the usernames list. Sorry for my bad english guys :">

A security consultant has published 10 million passwords along with their corresponding usernames in a move he characterized as both necessary and legally risky given a legal landscape he said increasingly threatens the free flow of hacking-related information. Most of the existing corpus of passwords exposed in hack attacks is stripped of usernames, preventing researchers from studying the possible relationship between the two fields. Mark Burnett, a well-known security consultant who has developed a specialty collecting and researching passwords leaked online, said his sole motivation for releasing the data was to advance what's already known about the way people choose passcodes. At the same time, he said he was worried the list might land him in legal hot water given the recent five-year sentence handed to former Anonymous activist and writer Barrett Brown, in part based on links to hacked authentication data he posted in Internet chat channels. "I think this is completely absurd that I have to write an entire article justifying the release of this data out of fear of prosecution or legal harassment," he wrote in a post published Monday night on his blog. "I had wanted to write an article about the data itself but I will have to do that later because I had to write this lame thing trying to convince the FBI not to raid me." Last March, federal prosecutors dropped criminal charges related to links Brown left in two Internet relay chat channels that were frequented by members of the Anonymous hacker collective. The links led to authentication data taken during the December 2011 hack on Strategic Forecasting by members of Anonymous. Before dropping the charge, prosecutors said the links amounted to the transfer of stolen information. Even though the charge was dropped, however, prosecutors still raised the linking to support their argument Brown deserved a long prison sentence. In Monday night's post, Burnett also raised changes the Obama administration is proposing to federal anti-hacking statutes. Many security professionals have said the revised law would outlaw the publication of links to public password dumps even if the person making the link had no intent to defraud. If the people sharing the information have any reason to believe someone might use it to gain unauthorized computer access, critics have argued, they would be subject to stiff legal penalties under the Computer Fraud and Abuse Act. Including usernames alongside passwords could help advance what's known about passwords in important ways. Researchers, for instance, could use the data to determine how often users include all or part of their usernames in their passwords. Besides citing the benefit to researchers, Burnett also defended the move by noting that most of the leaked passwords were "dead," meaning they had been changed already, and that all of the data was already available online. As password dumps go, 10 million is a large number, but it's still small compared to the seminal 2009 hack of gaming website RockYou, which leaked 32 million passcodes, 14.3 million of which were unique. Last year, The New York Times reported that Russian criminals amassed a database of more than one billion passwords gathered from more than 420,000 websites. As Burnett noted, what sets this latest dump apart is that it was made by a security professional with the goal of advancing the public understanding of password choices. Equally noteworthy will be the reaction it receives from prosecutors. Source

A team of Internet security researchers has stumbled upon a massive online cache of more than 2 million hacked email addresses, usernames, and passwords. SpiderLabs, a division of online firm Trustwave that bills itself as an "elite team of ethical hackers, investigators and researchers," made the announcement Tuesday. The majority of hacked accounts come from major sites: Facebook, Yahoo, Google, Twitter, LinkedIn, and Russian and eastern European social networking sites odnoklassniki and VK. The thing that many of the hacked accounts had in common? Outrageously easy passwords. Tens of thousands of them had passwords like "12345," "1," "admin," and the ever-popular "password." As you'd expect, the fewer characters and complexity a password had, the more likely it was to end up on that list. The passwords had been harvested by an enormous botnet referred to as a "Pony," which the BBC referred to as "probably run by a criminal gang." As this Pony's operators did a good job of covering their tracks, SpiderLabs couldn't confirm where the attackers were based, though the dump was written in Russian. Source: The daily Dot More info: Look What I Found: Moar Pony! - SpiderLabs Anterior