Cracking Tutorials MUST CLICK! HOW TO CRACK! NO HIDDEN CONTENT + DOWNLOADS EASY FOR NOOBS

Discussion in 'Tutorials & Information' started by Xtra, Aug 22, 2016.

  1. Xtra

    Xtra Active Member Active Member

    Messages:
    546
    Likes:
    499
    Ratio:
    1.89
    This tutorial was made possible by
    @Jacob for giving me editing rights in Cracking Tutorials & Information so I could keep this TuT up to date
    and everyone on Cracking.org for giving me the motivation and support
    Ok let me start off by saying this tutorial is free. Why? Because I am sick and tired of others begging me for stuff and not being able to read rules and acting like complete noobs in shoutbox.

    Lets begin:

    What is Cracking?
    Cracking is basically brute forcing into someones account for a certain website?
    Bruteforcing is using a tool, a list of emails/usernames and a list of passwords which you combine with the other time to form a combo. Some combos are more HQ then other because they are taken from SQL dumping.
    You can learn more about it here
    What makes a combo HQ? How do I get HQ combos?
    High quality combos are taken from SQL dumping. It makes them more high quality because they already have a password and you don't have to get some long lists of passwords to combine with emails you scraped.
    To get them you use SQLi Dumper which I will later explain.

    What are the cracking tools?
    The main cracking tools which everyone uses is Sentry MBA, SQLi Dumper, and Proxy Scrapers.
    Sentry MBA is the Bruteforce tool. SQLi Dumper is a tool to get your HQ combos. Proxy scrapers get you your proxies.
    Bruteforce Tool + Combos + Proxies
    Note: Sometimes you don't need to use proxies because the config is proxy-less. (I will get into that later).

    ---------------------------------------------------------------------------------------------------
    Tool #1
    Pastebin D3v Spider

    I copied and pasted this from another thread to make my life easier.
    All Credits : https://cracking.org/threads/pastebin-d3vspider-v1-41.51503/
    [​IMG]

    This tool can do a lot. It can scrape your combos and proxies with a few other things. But, it scrapes them from Pastebin making them less HQ.
    Info:

    What is Pastebin.com Spider?

    made this tool as lots of jr. crackers use pastebin.com to get their combos weather it was email or user combos, so this tool can leech
    combos (user or email), proxies, emails from pastebin.com site....

    all you have to do is to

    1-add Query you want to search for , in the TextBox above (such as ProxyList , Email ComboList , UserList......etc)
    2-Define Time Results your looking for were posted
    d: = one day
    w: = week
    m: = month
    y: = year
    all: = Any Time
    3-Choose What u want the tool to capture from the buttons below (User : Pass Combos , Email : Pass Combos , Proxy Lists , Email Lists, URL List)
    Note:
    Needs .net Framework 4.0
    --------------------------------------------------------------------------------------------
    Tool #2
    μProxy

    This tool is one of my personal tools. I prefer it more then other proxy scrapers.
    This one I also copy pasted from my own thread

    First, I want you to go to this link and download the program


    Then, I want you to extract the program to wherever you want it.

    Open up the application

    It should look like this
    [​IMG]
    You may exit out of this and follow those directions. Or, continue with tutorial
    [​IMG]
    Additional Option
    Click on Settings at the top right. You then can increase thread count and many more options
    Set them to how mine are for the best optimization.
    Thread count can be increased depending on how good your PC is
    [​IMG]
    Now, click on the "Scrape" tab at the top.
    [​IMG]
    Once it is done scraping the proxies, it will automatically start to check them.
    Url Passed meaning, the option you set for URL, which is https://www.google.com/, means the proxy works on that site. And if a proxy works on google.com, then it is a ssl proxy which is why I made you guys set it to that
    [​IMG]
    Once you get this, click OK. You can see all the information that is useful at the bottom
    [​IMG]
    Click Export at the top.
    This is what my layout looks. If you select Country, then you can export proxies only from the countries you select. After you click Export again, navigate to the place where you want your proxies to be. It will automatically turn into a .txt file
    Make sure you tick off Url Passed as most of the proxies won't be. If you do, it will only save the proxies that are url passed. If you want it to save all proxies even if they aren't url passed, turn that option off in the settings in the beginning on this TuT

    What it should look like if you did it properly
    [​IMG]


    A few notes:
    Navigate to "Settings" for more customization
    Play around with settings and sources

    ----------------------------------------------------------------------------------
    Tool #3
    SQLi Dumper

    This tool you use is to get combos.
    This one I manually took the time and got all the picture. It was a pain.
    [​IMG]
    Side note: If you get a picture when first opening program to enter a key or something, just spam 1 in all of the boxes and click the button to continue

    For this program, we need to have dorks!
    What are dorks?
    https://en.wikipedia.org/wiki/Google_hacking


    (I'll give you a few dorks you can paste in like mine are in the pic at the end of this entire tut.)

    To start off, paste your dorks inside the box and click Start Scanner.
    YOU NEED AT LEAST 3K URLS TO GET ANYTHING GOOD.

    At the bottom you can see how many urls you have scraped and up top on the Queue.
    This is what mine looked liked after a few minutes.
    595 dorks and 3k urls @ 75 percent is really good.
    [​IMG]
    Now, if you are still scanning click Cancel. Then you want to click Exploitables and click Start Exploiter and let it finish.
    My results
    [​IMG]
    Now you want to head over to Exploitables and click Start Analizer and wait for it to finish.
    My results:
    [​IMG]
    Where you see email, admin,password,and users, you want to tick the things you want to search through the databases.
    To search through all the databases to make your life easier, you want to right click on of the urls, and click Select All. Make sure have Current DB selected.
    Then, click Start. You will see a pop-up.
    [​IMG]
    You can move it around and such, wait for it to finish though in SQLi Dumper.
    After that, you can scroll through the databases till you find a good one to dump.
    You want to find one that has ratio close to 1:1 for email/user to password.
    [​IMG]
    Then, you want to click the url and on the top left click Go To Dumper and then click Dumper Form.
    You will be prompted to something that looks like this
    [​IMG]
    Using the pop-up we got, I was able to figure out where the email and pass were located. They were in people_sfg
    Once you find the table you want to see whats inside, click on it, and then click Get Columns
    which is next to Get Databases.
    [​IMG]
    Now, you need to find either email and pass, or user and pass. I found it and mine was email and password. Tick the boxes you want to dump info out.
    Then click Dump Data.
    Now you can see it dumping. After it is all dumped click Export Data and select the export settings you want.
    [​IMG]
    Thats all for SQLi Dumper
    -------------------------------------------------------------------------------
    Tool #4
    Sentry MBA

    This is the most popular tool for bruteforcing. It is not that hard at all to crack with it.
    [​IMG]
    I am using the CrackingCore version which you can find on the forum.
    This tool, is basically sending a bot with post data and different attributes and views the html and uses Keywords to determine if its a failure or success account.
    I will show you how to just a load a config and run it.

    What is a config?
    Basically a bunch of settings in a text file that you can save it so it turns into a configuration file that sentry can use.

    First, click Load Settings from Snap Shot.
    [​IMG]
    Then, Navigate and find the folder you have your configs in.
    If you're config is pasted in a text file that is not a configuration file, click the drop-down in Files of type: and select Any File
    [​IMG]

    For this one, I am going to select my adfoc.us as a config. I am going to click on it and then click Open.
    [​IMG]

    Now, you want to head over and click on Lists tab on the left. Here you will load your proxies and combos.
    [​IMG]
    Since my config is Proxyless, meaning it does not need proxies to run, I am not going to click on Proxylist. Since every config needs a Wordlist, I am going to click on that. They are both pretty much the same to load in.
    [​IMG]
    What you want to do is, click on that little folder near Wordlist and navigate and find the text file where your combos are loaded. Its like the same with loading config and Proxylist.
    [​IMG]
    Now, after you have done that and loaded your proxies if needed, click on the Progression tab.
    [​IMG]
    Here, you want to do 2 things. For Bots, if your config is proxyless, use 5 bots or less. If requires proxies, use around 100. Also, where it says Combo:, click on the that little refresh icon.

    After you did that, click CRACK!
    [​IMG]

    Now you want to hit Start the Bruteforcer Engine! And it should start. Where you see Wordlist Position is how far you are in the combo list. All your hits will display in the green Hits tab. You should also get a pop-up with useful information.
    [​IMG]
    If you need to stop it quickly, click on the area of the Abort icon twice quickly and every bot should be hard aborted.
    [​IMG]
    -------------------------------------------------------------------------------

    Thats basically all for basic knowledge on how to cracking! If you need extra help feel fre to PM me!
    Downloads:
    Pastebin Spider: Click Me
    Sentry MBA: Click Me
    μProxy: Click Me
    SQLi Dumper: (use FireFox to download) Click Me
    10k Dorks: Click Me
    Few Configs : Click Me

    VT:
    Pastebin Spider: Click Me
    Sentry MBA: Click Me
    SQLi Dumper: Click Me
    μProxy: Click Me

    ALL FILES ARE HARMLESS I HAVE BEEN USING THEM FOREVER.
    ALSO I WORKED SO LONG ON THIS SO LIKE AND FEEDBACK IS VERY MUCH APPRECIATED
     
    Last edited: Mar 10, 2017
  2. Jelly

    Jelly Basic Member

    Messages:
    97
    Likes:
    107
    Ratio:
    0.74
    I prefer Netghost and Proxyfire, but vProxy is good too.
     
  3. Root_Mx405

    Root_Mx405 Member

    Messages:
    263
    Likes:
    179
    Ratio:
    0.26
    woow buddy
    nice tuto for every biggenir
    it's a very big tuto , it's impossible to read it all and don't know how to start cracking
    100% u'll need this when u want to be active member
    and i won't added anything coz it's for biggeners
    And cya soon :p
     
  4. Alex Star

    Alex Star Banned

    Messages:
    28
    Likes:
    62
    Ratio:
    0.55
    very good share
     
  5. Meowth

    Meowth Member

    Messages:
    40
    Likes:
    109
    Ratio:
    1.33
    Make sure you google the url to see if the website has been hacked by someone else something like this
    Code:
    Select All
    www.website.com sql
    With verbatim on.
     
    Xtra likes this.
  6. Xtra

    Xtra Active Member Active Member

    Messages:
    546
    Likes:
    499
    Ratio:
    1.89
    Yes. Or what you could do is dump around 1k out and use an antipublic combo checker to see if you get a lot of good accounts to dump whole thing out. But your idea is also very good.
     
    Meowth likes this.
  7. Doxis

    Doxis Member

    Messages:
    133
    Likes:
    2
    Ratio:
    0
    good tutorial, really helps me build a good foundation thx!
     
  8. locascio

    locascio New Member

    Messages:
    18
    Likes:
    0
    Ratio:
    0
    thanks for this tutorial
     
  9. Firefly

    Firefly Well-Known Member Legacy

    Messages:
    1,753
    Likes:
    2,823
    Ratio:
    1.95
    Why you didn't mention hitman, its a good bruteforce beside mba :D
    Anyway good job, keep it up (y)
    @Xtra
     
  10. Xtra

    Xtra Active Member Active Member

    Messages:
    546
    Likes:
    499
    Ratio:
    1.89
    They are both similar. Though I only wanted to pick one and I was more familiar with Sentry
     
  11. Firefly

    Firefly Well-Known Member Legacy

    Messages:
    1,753
    Likes:
    2,823
    Ratio:
    1.95
    Not similar, Sentry is better Than Hitman inspite of hitman have a strong programming language than sentry and its proxy changing-stage is better than sentry. But MBA still the is best as it have OCR features and variables more than hitman. As a result of its coder(astairs) was a great cracker :)
     
  12. amitace

    amitace New Member

    Messages:
    11
    Likes:
    0
    Ratio:
    0.5
    This is a real excellent explanation. Thanks
     
  13. BoliBerrys

    BoliBerrys New Member

    Messages:
    8
    Likes:
    2
    Ratio:
    0
    This is some HQ Thread :)
     
  14. markpham

    markpham Member

    Messages:
    115
    Likes:
    3
    Ratio:
    0
    thanks bro
     
  15. fts

    fts New Member

    Messages:
    2
    Likes:
    0
    Ratio:
    0
    this is so damn helpful, thanks so much dude :D
     
  16. TheVortex

    TheVortex Basic Member

    Messages:
    34
    Likes:
    2
    Ratio:
    0.91
    Thank you for sharing your knowledge! Truly appreciate it.
     
  17. minderrx

    minderrx New Member

    Messages:
    2
    Likes:
    0
    Ratio:
    0
    μProxy doesn't work I click scrape and it loads for 2 seconds and stops
     
  18. Xtra

    Xtra Active Member Active Member

    Messages:
    546
    Likes:
    499
    Ratio:
    1.89
    You will have to use another tool till I update it.
     

Share This Page