Hannibal Posted June 20, 2006 Report Posted June 20, 2006 This is what I did to start with, I will leave out all the times I got it wrong, just assume I did I am going to explain things really simply, I don't want to offend anyone but, but it's best to be sure now.The first thing you will need to go is get some good tools.You want to have all your tools ready incase you need something, there is nothing worse than needing something and you can't remember were you saw it, then spending 3 hours looking for the bastard thing.AccessDiver - The program I use for Cracking/Exploiting sites, I have found this to be the most stable and feature packed program, Get it at http://www.accessdiver.com or look here for linkzAATools - This program I use to check my proxy lists to make sure they are fully Anonymous, this will stop people logging my IP address,AAToolsForm@This is what I use to attack form based logins, it's very well built and is simple enough to use but very very powerfull.Form@ Program is attached at lesson 6...see belowRaptor - Raptor is a wordlist tool, it will check any list for double words, and you can also make macros for it, so when a site needs a specific format of userass you can custom make one. Raptor is attachedEditpad - wind0ws text editors are *poepoe*, I use editpad becasue it's faster and can handle large lists better than wordpad, Get it at http://www.editpadclassic.com/. (my tip is Metapad)And thats pretty much all the tools you will need to get into basic auth sites.Next thing is you want to find some wordlists and proxy lists but I will cover how to find those and use the programs in the next lesson.Lesson 2: Access Diver and Proxy LeechingNow you have all the tools you will need, I really recommend before you start at all is getting some good proxies.This can be annoying but there are two really good reasons why you need them.1) Some websites don't like you handing out log/pass to their site and I have known one or two people that have been kicked off ISP's and one was blacklisted from every ISP in Australia for trying www.penthouse.com (http://www.penthouse.com) without some proxies.2) Most sites now days have software to ban an IP after a certain ammount of attempts (like pennywise), so when you are hitting it with 50 per min it's not going to take you long before you are forbidden.AATools is what I use to check to see if my proxies show my IP or not, but first you will need to find some.This is where Accessdiver can help.Hopefully you have run Accessdiver (From now on I will call it AD)When you first run AD it doesn't look like much, because most of the features are hidding by default.What you need to do if you havn't done so already is go to the top of the program to the Tool bar and click My Skill (see Pic)Choose Expert mode, Now AD will show you lots more options and the one we want at this moment is under the Proxy Tab called Web Proxy Leecher.I'm going to show you how to use this first because I get most of my proxies this way, it's fast and easy.I have attached a text file with a list of my sites I leech proxy lists from, download this and choose the Folder in ADAnd Import the list I gave you into AD, then all you have to do is click Start Leeching, and AD will download all your proxies from those sites.Shouldn't take long so when it's done it will display a list of found proxies in the box to the right, save those and there you have about 3000 proxies, I tend to run that once every two days because they update those sites we are leeching from often.Now we don't know which of those proxies hide your IP, so the next lession will be how to check if they are anonymous.Here is the list you need, rightcick the link and choose save as and save it on a place you can rememberProxy Leech List--> http://users.skynet.be/bk286048/proxyleechlist.txtLesson 3: Wordlist creation and MaintainanceWordlist creation and maintainanceI probally won't have to tell you how important it is to have a efficent wordlist, it will make or break your sucessFistly I would like to bring up the specific sites billing, being in difference billing companies (who charge you to join) have different idea's on what is a good password, some billing companies have no requirements, others will use the users email address as the login, and others use random numbers and letters.You can probally guess the later of these companies will be the most difficult to crack, but we have a database of billing companies (not complete and I am adding to it daily) requirements to help you decided if it's worth trying and what wordlist to use on itBilling RequirementsThere are many ways to create a decient list, I will cover a few methods I use.Firstly I will show you how to leech combo's just like we leech proxies.I don't have a recient pass leech list but I am sure somebody will be able to help us out.Basicly you load a list of URLs into a program like bugsbunny, or Raptor that have password dumps on them, and let the program leech the combo's from the links.What i do is, i look for Free Password Sites such as (the more you find the better and the easier to make the best wordlists):http://www.ultrapasswords.comhttp://www.purepasswords.com/#newhttp://www.workingpasses.com/passes.htmlStart up Raptor:1) Go to : Pass leecher.2) Click on Add url and add the 3 urls from above.3) Hit LeechAfter it's done you should see the following thing:If you don't have that try again and add try to find some more sites like that to get even more results.Now you got a raw combo wordlist. (combo = loginass)The next step will be deleting duplicates which goes like this.Click on Remove duplicates. Then click on Find and Remove.A whole bunch of duplicates will be removed and your list will shrink immense. But no worries you can always make your list longer by leeching more passwords from more sites.Next we go to List Operations. There you have several options to work on your wordlists such as:1) Sorting2) Randomizing3) Removing duplicates and spaces4) Make all words lowercase or uppercase5) ...After you made several wordlists you can merge them together in the File operations tab. After that don't forget to remove all the duplicates again and so on....I hope this lesson is a good value for all of you and good luck for making excellent wordlists.Second and I use this quite a lot is to find a xxxpass channel in IRC, then sit in the channel and leech the posted combo's there, not quite as effective as the final method but a good way to begin.thirdy is what I mainly make my wordlists from, is .htpass files and other user lists.They are complete lists of users/passes from a particual exploitable site, there are methods and tricks to obtaining these files, and they make the best lists.To learn this method first master brute forcing sites, then stick around, we have a special place away from the public on this topic becuase some of the techniques are quite closly guarded, but be part of the team and you will recieve an invite in no time.Lesson 5: Cracking a SiteThis lesson won't be very long or complicated and a lot of you will know this but I feel it's importent to bring up most of this.Now we have proxies sorted out and I hope you have played around with AccessDiver and the other programs it's time to make a wordlist and start cracking.I started out with some ready made wordlist available from the net and different places, although my hit's where not the greatest to start with I think that you learn a lot more about making and maintaining these lists better this way.In Dimi's lesson he gave a valuable hint about leeching combo's from Password sites, other methods would be in chat, some IRC channels hand out passes (I have a tool that will do this for you)and right hereIf you copy a combo to your lists each time you visit a site sooner or later you will have my wordlists.How I make my wordlists is a bit more complicated but the princple is the same.When you think of a wordlist and cracking sites, what you are acually doing is pretty silly when it comes down too it, you are trying different combinations of usernames and passwords hoping you will get lucky and somebody would have used that combo to sign up with.Now taking that theory a step further, if say I signed up at a site, and choose a user pass that I could remember to make it easy.The next day I am browsing a site and find one I want to sign up too, chances are I would use the SAME combo for that aswell.So we can also assume that a site with a lot of members will yield a lot more chances for hits than a site with 2 users.Also one very important thing is to check the billing of sites, what I mean by that is to click the join link, and follow it untill you can find where you are allowed to choose your login and pass (if at all)if you can't choose your password chances are they will assign it too you and that would make the site very hard to crack because you don't know the format.Once you have seen the billing company eg. ibill, ccbill, globill, you can decide how to attack that particular site.What I do and I will give lessons on later is find and download the websites database of signed users and passes and add them too my lists.Leeching lists and adding simple combo's is still a very good way to build a good list.I have added a leech list I have found works for you too leech combo's from download this here:Combo Leech List(thank you too all who contributed)Follow Dimi's Lesson and leech them but always remember to use the Sort and remove duplicates function of Raptor to remove any double ups.Also a fellow cracking (and a very very good one at that) has a website that he has donated some wordlists too,His website is here: http://www.howdyisevil.com/page4.htmlBrowse his sites and read his lessons, very valuable info thereThank you Captain Howdy.~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~Now onto using all this to crack ourselfs a site.Load AccessDiver1 Load the wordlist you have choosen to run against your site(I suggest a site with a LOT of users to start with karupspc.com is a good site that will almost always give hits)If you can't find the load wordlist option you may need to choose MySkill and drop it down to Expert Mode.2 Once loaded click on the Proxy tab and check the following things Use Web Proxy List is firstLoad your proxy list like belowAnd let that load your proxy list (hope you checked it before hand )Now when your proxy list has loaded you will need to do a few more things in the section.Right click on the Load/Unload all button hightlighted belowthat will black ticks beside all your proxies and tell AccessDiver to use these proxies when cracking.The settings to the left of your loaded proxy list need to be addressedI rotate proxies after 1 attempt, that keeps the from getting banned for too many attempts and will keep your cracking speed up if a proxy is slow.I change proxies on fake replies, usually a fake is a blocked proxy and is useless to use against that site anywayI change proxies on redirections, again normally a blocked proxy getting redirected to a page saying blocked (pennywise does this)I retry the proxy after it has been skipped, that means when AccessDiver is skipped a proxy the first run, next time around it will try it again too make sure it's still down.I continue to use timedout proxies, I do this because sometimes a site can slow down when you are cracking and you could waste valuable proxies that wayI also use the drop down menu to say Reactivate all proxies.once this is done Click on a proxy in the box to highlight it, that tells AccessDiver which proxy you want to start with.Now there are some settings to consider in the Settings tab but they differ from each site tested.The next thing is to use the slider under Test speed to a speed that you want, based on the server speed, and your connection.Add the URL of the members section up the top in the server section like belowAnd click startThere is a option under the Progression section that will come up after the attack starts called Don't close Progress window, I myself check that aswell.I expect everyone who has read these lessons and uses the karupspc to get at least ONE working password.Attached is a wordlist from myself for those who choose to use it.Wordlist---> http://users.skynet.be/bk286048/igi...erysitelist.txtLesson 6: HTML Form crackingHTML forms are no different to crack than standard "popup" style logins, you just need to do a little more research into it before you start.This lesson is going to show you the quick and easy way of cracking HTML form based sites, but for those who know a little of html code, you will see that I am not getting into most of the code.Firstly you'll need @Form, coded by SilverSandStorm, who's tools you should be familiar with.File was attached but new rulez..no warez, try a googleSSS stopped working on this tool, so it has one little flaw and one bug that I've found, the flaw is that you will need to open the proxy manager and tick "multiple proxies" each time as it doesn't remember that in the .ini and the second bug is it seems to lock up and eat kernal time if you have it running for hours and hours (any coders out there who want to have a look at it, he's released the source code, PM me for details)So firstly after the program is up and running is load some of our annon proxies in it.Then load your checked proxies into it, remembering to tick the multiple boxfor this example we are going to use a pretty simple site to crack that is form based, http://www.suze-video.com/html/login.htmlso place that into the URL to attack and hit start.What this program is going to do is read the HTML data off the form URL page for you, and extract the post and varables needed to complete the request, these are in plane site in the page, all you need to do is right click the page with the form login and choose view source, it's all there, you just need to look.@Form will now fill in the boxes on the next screen for you, and it should look something like thisif you get an error hit the "Switch Proxies" button on the bottom, chances are it's a proxy timing out.Sometimes you'll come across a site with multiple forms on the page, you are going to have to use your own good judgement to choose one, look for keywords like 'login" "pass" and things that would be logicly on a login form.Next click "Use This Data"The next screen is asking you for some input, the only way this program is going to know that it's into the members area is if it has a keyword that will not likely be on the members page, it will scan the page and check if that words not there and if it's not it will list it as a possible hit.What I do is goto the page I am trying to crack, in this case, www.suze-video.com/html/login.html (http://www.suze-video.com/html/login.html) and enter some random login and pass, say this time we use loginass, of course that's going to be wrong and it will reflect this on the page, and in this case it says "invalid login password".So we can pretty much guess that on the official members page of this site the word "invaild" isn't likely to be present, so we can assume that, invaild would be a good failure keyword.So go ahead and put invaild in the failure keywords.To the right on this screen is "test keyword", that is a just going to make sure you have the correct failure keyword, you can hit this but if you're confident then click "launch attack" At this stage you might come across a site that has 2 different failure pages, one that is the invaild log/pass one, and another that for example will redirect old members who's login and pass combo have expired, in this case you can use 2 failure keywords by using; as the seperator.That will now run and continue running till either, you stop it, you run out of working proxies or you finish your wordlist.Hopefully that is enough info you need, anyone has any questions just ask away, i am glad to help anyone with a well thought out question.Good luckForm@ Final...@http://sss.deny.de/Raptor 3 ...@http://madmax.deny.de/siteJS/indexJS.htmAA Tools + Crack...poor download speed but worksAccessDiver 4.120...@http://www.xisp.org/downloads.html (more tools downloadable from here)authors homepage --> http://www.accessdiver.com/index.htmhttp://www.geocities.com/lubus1970_2...ILE_DATA_BASE/Word list page to get you startedI've been informed that @form in not longer available or updated so use c-force instead from here http://carpetboy.deny.de/ Quote
Cosmin1314 Posted October 12, 2015 Report Posted October 12, 2015 Si eu sunt nou, dar stiu ca daca un post e din 20-06-2006, probabil e cazul sa ramana acolo unde era. Quote