Reply to thread

Message: <blockquote data-quote="ulta" data-source="post: 12681163" data-attributes="member: 327260"><img src="http://crackingforum.com/CarbonFiber/icons/icon9.png" alt="" class="fr-fic fr-dii fr-draggable " style="" />Cracking For Beginners                                                                                                                                        Introduction to Cracking Well given that there are few introductory  tutorials and none on the subject for people who walk starting and I  took the boldness to share with you the little knowledge I have about the subject.1) Terms: Wordlist:  As its name suggests is a list composed of words with the following format.     Code:      lalalalala mexicanpass username password cualquiercosa test12345 Combolist: This means a user name and password in the same line separated commonly by ":" "-" "-"      Code:        username<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite7" alt=":p" title="Stick out tongue    :p" loading="lazy" data-shortname=":p" />assword usuario-contraseña contraseña - username Proxys: Basically it is an IP address from  anywhere in China, Peru, Italy, which we use to mask our connection  (IP) against the attack site and in this way we will not be banned,  separated by a colon ":" the connection port.Proxylist: This is a list of proxies that we use for our attacks.     Code:        192.168.12.147:8080 192.168.12.141:80 192.168.19.147:80 We have L1 = Anonymous proxies, L2 = Anonymous Middle , L3 = TransparentSuccess Key:    You could say that is the part of the web source code that is unique,  and shows us that we are in the members section correctly. For example, if we go to the web     Code:      <a href="http://members.pornpros.com/splash.php" target="_blank">http://members.pornpros.com/splash.php</a> If successfully logged get something like this:<a href="http://crackingforum.com/redirect-to/?redirect=http%3A%2F%2Fi.minus.com%2FiMKpzHX8XZCS5.jpg" target="_blank"><img src="http://i.minus.com/iMKpzHX8XZCS5.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a> If you entered an invalid username and password will get Failure Key Failure Key:  Code is the part of the web which tells us that we have initiated incorrectly session (user or password)<a href="http://crackingforum.com/redirect-to/?redirect=http%3A%2F%2Fi.minus.com%2FiVbhybkbAYfsf.jpg" target="_blank"><img src="http://i.minus.com/iVbhybkbAYfsf.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a> Commonly in web safely POP-UP is the text that this equipment from the <title> </ title>Fakes:  According to my understanding are the text strings that identify not test positive but rather as a false (false positive)Block Keys: When a proxy is not anonymous is bad enough that L3 or blacklisted process results in a message as     Code:      <title>Internet - Acesso Bloqueado</title> <title>DansGuardian - Access Denied</title> Retry Keys: Usually occur in cases with Captcha Web where you entered the wrong captcha results in an error message to try again to     Code:      Invalid Security Code !      Code:      Security Code missing ! Banned string: It seems that is the text  that identifies which logged repeatedly without achieving any positive  results have been banned for the web for a while or forever, according  to web.Hit:  What is called to obtain a correct username and password for the site attackedLechig:  You get a wordlist or ProxyList of a file or web page. 2) How to get wordlist and ProxyList:How to Get a WordList:  Well there are several forms and each one uses the best from experience  so results will show you how to get a wordlist with google (using  Firefox, Firefox Pulgin Copy Links and Access Diver 4.402) and AthenaII  as and filter our wordlist with Raptor3.Using Google: We use it to get a wordlist to attack a single site, for example pornpros, thus more likely tend to get HITSa) Getting the URL of the login section of the web members to attack make our search as follows     Code:      @members.pornpros.com/splash.php <a href="http://crackingforum.com/redirect-to/?redirect=http%3A%2F%2Fi.minus.com%2FiboWf8W4vJprrg.jpg" target="_blank"><img src="http://i.minus.com/iboWf8W4vJprrg.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a> Consider the options given google. b) Having installed Firefox Pulgin select Copy  Links to our search results by copying the links to a text file then  leeches and filtered to obtain a good WordList. <a href="http://crackingforum.com/redirect-to/?redirect=http%3A%2F%2Fi.minus.com%2Fioz40cyEEwmUu.jpg" target="_blank"><img src="http://i.minus.com/ioz40cyEEwmUu.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a> c) When you have copied Google results in a txt we leecher combos with Access Diver 4.402 <a href="http://crackingforum.com/redirect-to/?redirect=http%3A%2F%2Fi.minus.com%2FiKW3IM4EFGkt3.gif" target="_blank"><img src="http://i.minus.com/iKW3IM4EFGkt3.gif" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a> d) We will filter our combolist with Raptor 3 Once you loaded our list filter out duplicates<a href="http://crackingforum.com/redirect-to/?redirect=http%3A%2F%2Fi.minus.com%2FiqWDqK3rCnHdQ.jpg" target="_blank"><img src="http://i.minus.com/iqWDqK3rCnHdQ.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a> Then we filter out the characters we do not want combolist own. <a href="http://crackingforum.com/redirect-to/?redirect=http%3A%2F%2Fi.minus.com%2Figs3nkAnwBxti.jpg" target="_blank"><img src="http://i.minus.com/igs3nkAnwBxti.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a> Finally press randomize list ie stir our combo. <a href="http://crackingforum.com/redirect-to/?redirect=http%3A%2F%2Fi.minus.com%2FiVp3B2s12GQeZ.jpg" target="_blank"><img src="http://i.minus.com/iVp3B2s12GQeZ.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a> Using AthenaII: Well we'll see how simple it is<a href="http://crackingforum.com/redirect-to/?redirect=http%3A%2F%2Fi.minus.com%2FismwH5ZqLw3SJ.gif" target="_blank"><img src="http://i.minus.com/ismwH5ZqLw3SJ.gif" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a> How to Get a ProxyList: Well we use ProxyFinder v.2.5 Enterprise Edition 1.1.0 and Z-LeecherProxyFinder Enterprise Edition v.2.5:  Simple program for get proxys<a href="http://crackingforum.com/redirect-to/?redirect=http%3A%2F%2Fi.minus.com%2FiKAPUag6WXsmJ.gif" target="_blank"><img src="http://i.minus.com/iKAPUag6WXsmJ.gif" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a> Z-Leecher 1.1.0:    Well this program serves to proxy leecher combos and be it websites or  files. This time we will collect links to websites that contain lists of  proxies.Searching google proxy list, ProxyList, list of proxies or similar terms<a href="http://crackingforum.com/redirect-to/?redirect=http%3A%2F%2Fi.minus.com%2FigCszDxJr36X6.jpg" target="_blank"><img src="http://i.minus.com/igCszDxJr36X6.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a> Something like this<a href="http://crackingforum.com/redirect-to/?redirect=http%3A%2F%2Fi.minus.com%2Fibi2WmvKII6aox.jpg" target="_blank"><img src="http://i.minus.com/ibi2WmvKII6aox.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a> Copying links to a text file for later use with Z-Leecher 1.1.0 Using Z-Leecher 1.1.0Once you collected our list of web links that have lists of proxies amounts to Z-Leecher<a href="http://crackingforum.com/redirect-to/?redirect=http%3A%2F%2Fi.minus.com%2Fi2VGeV9JFicYa.jpg" target="_blank"><img src="http://i.minus.com/i2VGeV9JFicYa.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a> 1) Leech Page 2) Select Leech Proxies 3) We import our list of proxiesIn the "Ignore & Replace" We can set the words and proxies we want to ignore<a href="http://crackingforum.com/redirect-to/?redirect=http%3A%2F%2Fi.minus.com%2FibtYlI0uL7xfq6.jpg" target="_blank"><img src="http://i.minus.com/ibtYlI0uL7xfq6.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a> Set the path and file name where you saved our list of proxies tab "Output Files"<a href="http://crackingforum.com/redirect-to/?redirect=http%3A%2F%2Fi.minus.com%2Fib0ZnmL6dc6Z.jpg" target="_blank"><img src="http://i.minus.com/ib0ZnmL6dc6Z.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a> Leech and results <a href="http://crackingforum.com/redirect-to/?redirect=http%3A%2F%2Fi.minus.com%2Fi1deAWuODyzlU.jpg" target="_blank"><img src="http://i.minus.com/i1deAWuODyzlU.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a> 1) Select the URL´s and Press Leech button2) Show results3) Show how much proxys have leech3) Anonymity in our proxies:  For this part ProxyFire.v1.24 use to test and get our anonymous proxies  and ProxyTester - By RoyDJ to learn how to test proxies against a  particular website (This will get better results in my experience) .ProxyFire.v1.24We loaded our list of proxys proxies we remove duplicates and dangerous<a href="http://crackingforum.com/redirect-to/?redirect=http%3A%2F%2Fi.minus.com%2Fi8QIR1subEjzx.jpg" target="_blank"><img src="http://i.minus.com/i8QIR1subEjzx.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a> We check the boxes to be active only in this way we obtain the results of the L1, L2 and SOCK4/5<a href="http://crackingforum.com/redirect-to/?redirect=http%3A%2F%2Fi.minus.com%2FibkRyBPFvOxM4I.jpg" target="_blank"><img src="http://i.minus.com/ibkRyBPFvOxM4I.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a> In the options to the default funsion always correctly.<a href="http://crackingforum.com/redirect-to/?redirect=http%3A%2F%2Fi.minus.com%2FiD8rWhXyttDiV.jpg" target="_blank"><img src="http://i.minus.com/iD8rWhXyttDiV.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a> In the "Settings" checked our proxy Judges (the websites that are tested  against the anonymity of our proxies) and proceed to test our proxy<a href="http://crackingforum.com/redirect-to/?redirect=http%3A%2F%2Fi.minus.com%2FiEwGHLR3OErzL.jpg" target="_blank"><img src="http://i.minus.com/iEwGHLR3OErzL.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a> We have our anonymous proxies (ProxyFire.v1.24 are automatically saved in \lists\check)<a href="http://crackingforum.com/redirect-to/?redirect=http%3A%2F%2Fi.minus.com%2Fic1ZbAnHx5S8y.jpg" target="_blank"><img src="http://i.minus.com/ic1ZbAnHx5S8y.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a> ProxyTester - By RoyDJ:  Well this testing is in my opinion the best and get better results in obtaining HITS (fewer fake)<a href="http://crackingforum.com/redirect-to/?redirect=http%3A%2F%2Fi.minus.com%2Fibl7RDjfceuRE1.jpg" target="_blank"><img src="http://i.minus.com/ibl7RDjfceuRE1.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a> 1) Member´s login2) Press Title3) Load Proxys4) Press Start TestTime out to like to each one and Threads Max 100Test ending 1335 proxys for pornpros<a href="http://crackingforum.com/redirect-to/?redirect=http%3A%2F%2Fi.minus.com%2FilJVnEzFYIeNB.jpg" target="_blank"><img src="http://i.minus.com/ilJVnEzFYIeNB.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a> 4) Practical attack:So now we know how get a good wordlist and proxys anon. Lets to crack  something. I going to show how doing with CForce 1.01b. Also explore our  website to attack CForce 1.01b:  In the "Settings" configure something like this<a href="http://crackingforum.com/redirect-to/?redirect=http%3A%2F%2Fi.minus.com%2FiVGF5PCUiGze3.jpg" target="_blank"><img src="http://i.minus.com/iVGF5PCUiGze3.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a> In the "Auto" to put the website URL login  We went to the tab "Pro" where we set our attack data<a href="http://crackingforum.com/redirect-to/?redirect=http%3A%2F%2Fi.minus.com%2FiQ0sNSi78JQGp.jpg" target="_blank"><img src="http://i.minus.com/iQ0sNSi78JQGp.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a> 1) Members URL2) Analyse3) "Check keywords in header too"4) Put the Success key5) Save profileWe can also see that the analysis tells us it is basic (POP-UP) and the GET method Finally press "Bruteforce"Analysis:     Code:      http://www.youtube.com/watch?v=O9AYy_xD2Lg      Code:      Web URL:    <a href="http://pornpros.com/" target="_blank">http://pornpros.com/</a> Members URL:    <a href="http://members.pornpros.com/splash.php" target="_blank">http://members.pornpros.com/splash.php</a> Success key:    <title>Welcome To Porn Pros</title> Failure Key:    <title>PornPros - Unauthorized Login Attempt</title> Security:    POP-UP The Key Success does not always know. What we can do in these cases is  to try to attack the Web HIT expecting some positive results which take  the key Success.By clicking "Bruteforce" will move to the tab "Auto" which carry all our proxies and combos and press START to begin the attack.<a href="http://crackingforum.com/redirect-to/?redirect=http%3A%2F%2Fi.minus.com%2FibpWblwkU2GINn.jpg" target="_blank"><img src="http://i.minus.com/ibpWblwkU2GINn.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a> HITS Checking web access<a href="http://crackingforum.com/redirect-to/?redirect=http%3A%2F%2Fi.minus.com%2Fi3XXzJ6VvyynB.jpg" target="_blank"><img src="http://i.minus.com/i3XXzJ6VvyynB.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a></blockquote>

Verification: Hathara warak wissa keeyada? (Hathara wadi karanna 20)

Top Bottom