Discussion in 'Cracking Tutorials & Information' started by Xtra, Aug 22, 2016.

  1. Xtra

    Xtra Advanced Member

    Likes Received:
    Ok let me start off by saying this tutorial is free. Why? Because I am sick and tired of others begging me for stuff and not being able to read rules and acting like complete noobs in shoutbox.

    Lets begin:

    What is Cracking?
    Cracking is basically bruteforcing into someones account for a certain website?
    Bruteforcing is using a tool, a list of emails/usernames and a list of passwords which you combine with the other time to form a combo. Some combos are more hq then other because they are taken from sqli dumping.

    What makes a combo HQ? How do I get HQ combos?
    Hiqh quality combos are taken from SQL dumping. It makes them more hiqh quality because they already have a password and you dont have to get some long lists of passwords to combine with emails you scraped.
    To get them you use SQLi Dumper which I will later explain.

    What are the cracking tools?
    The main cracking tools which everyone uses it Sentry MBA, SQLi Dumper, and Proxy Scrapers.
    Sentry MBA is the bruteforce tool. SQLi Dumper is a tool to get your HQ combos. Proxy scrapers get you your proxies.
    BruteForce Tool + Combos + Proxies
    Note: Sometimes you don't need to use proxies because the config is proxyless. (I will get into that later).

    Tool #1
    Pastebin D3v Spider

    I copied and pasted this from another thread to make my life easier.
    All Credits :

    This tool can do a lot. It can scrape your combos and proxies with a few other things. But, it scrapes them from pastebin making them less HQ.

    What is Spider?

    made this tool as lots of jr. crackers use to get their combos weather it was email or user combos, so this tool can leech
    combos (user or email) , proxies , emails from site....

    all you have to do is to

    1-add Query you want to search for , in the TextBox above (such as ProxyList , Email ComboList , UserList......etc)
    2-Define Time Results your looking for were posted
    d: = one day
    w: = week
    m: = month
    y: = year
    all: = Any Time
    3-Choose What u want the tool to capture from the buttons below (User : Pass Combos , Email : Pass Combos , Proxy Lists , Email Lists, URL List)
    Needs .net Framework 4.0
    Tool #2
    This tool is one of my personal tools. I prefer it more then other proxy scrapers.
    This one I also copy pasted from my own thread

    First, I want you to go to this link and download the program

    Then, I want you to extract the program to wherever you want it.

    Open up the application

    It should look like this
    Now, click on the "Scrape" tab at the top.
    Click on the "Import Sources" button at the bottom left. Navigate through your computer and find the file you put the program and its components in.
    Select the "Scrape Sources" text file.
    Wait a minute or two for it to load in all the sources. After it displays all the sources, on the bottom right click "Scrape" and let it scrape all the sources.
    This is what it should like when its done scraping. The urls highlighted in red means that they don't contain any proxies or it does not work. The ones in highlighted in green means they are working. While the proxies were being scraped, if you looked in the bottom left where I highlighted in blue, there should of been a number like 23/284 or 124/284. That is showing out of how many sources there are, this amount has been scraped from.

    On the bottom left click "Send To Scanner" and wait a minute or two for it to send all the proxies. After it has, click "Proxies" on the top left.
    On the bottom right, hit "Scan" and let it scan all the proxies! It will update the amount of proxies checked on the bottom left as you scan.

    After you have scanned all the proxies, it should look like this.
    Now just click "Export " and the rest should be self explanatory.

    A few notes:
    You can use your own sources
    All proxies you check are saved into "Library"
    Navigate to "Settings" for more customization

    Tool #3
    SQLi Dumper

    This tool you use is to get combos.
    This one I manually took the time and got all the picture. It was a pain.
    Side note: If you get a picture when first opening program to enter a key or something, just spam 1 in all of the boxes and click the button to continue

    For this program, we need to have dorks!
    What are dorks?

    (I'll give you a few dorks you can paste in like mine are in the pic at the end of this entire tut.)

    To start off, paste your dorks inside the box and click Start Scanner.

    At the bottom you can see how many urls you have scraped and up top on the Queue.
    This is what mine looked liked after a few minutes.
    595 dorks and 3k urls @ 75 percent is really good.
    Now, if you are still scanning click Cancel. Then you want to click Exploitables and click Start Exploiter and let it finish.
    My results
    Now you want to head over to Exploitables and click Start Analizer and wait for it to finish.
    My results:
    Where you see email, admin,password,and users, you want to tick the things you want to search through the databases.
    To search through all the databases to make your life easier, you want to right click on of the urls, and click Select All. Make sure have Current DB selected.
    Then, click Start. You will see a pop-up.
    You can move it around and such, wait for it to finish though in SQLi Dumper.
    After that, you can scroll through the databases till you find a good one to dump.
    You want to find one that has ratio close to 1:1 for email/user to password.
    Then, you want to click the url and on the top left click Go To Dumper and then click Dumper Form.
    You will be prompted to something that looks like this
    Using the pop-up we got, I was able to figure out where the email and pass were located. They were in people_sfg
    Once you find the table you want to see whats inside, click on it, and then click Get Columns
    which is next to Get Databases.
    Now, you need to find either email and pass, or user and pass. I found it and mine was email and password. Tick the boxes you want to dump info out.
    Then click Dump Data.
    Now you can see it dumping. After it is all dumped click Export Data and select the export settings you want.
    Thats all for SQLi Dumper
    Tool #4
    Sentry MBA

    This is the most popular tool for bruteforcing. It is not that hard at all to crack with it.
    I am using the CrackingCore version which you can find on the forum.
    This tool, is basically sending a bot with post data and different attributes and views the html and uses Keywords to determine if its a failure or success account.
    I will show you how to just a load a config and run it.

    What is a config?
    Basically a bunch of settings in a text file that you can save it so it turns into a configuration file that sentry can use.

    First, click Load Settings from Snap Shot.
    Then, Navigate and find the folder you have your configs in.
    If you're config is pasted in a text file that is not a configuration file, click the drop-down in Files of type: and select Any File

    For this one, I am going to select my as a config. I am going to click on it and then click Open.

    Now, you want to head over and click on Lists tab on the left. Here you will load your proxies and combos.
    Since my config is Proxyless, meaning it does not need proxies to run, I am not going to click on Proxylist. Since every config needs a Wordlist, I am going to click on that. They are both pretty much the same to load in.
    What you want to do is, click on that little folder near Wordlist and navigate and find the text file where your combos are loaded. Its like the same with loading config and Proxylist.
    Now, after you have done that and loaded your proxies if needed, click on the Progression tab.
    Here, you want to do 2 things. For Bots, if your config is proxyless, use 5 bots or less. If requires proxies, use around 100. Also, where it says Combo:, click on the that little refresh icon.

    After you did that, click CRACK!

    Now you want to hit Start the Bruteforcer Engine! And it should start. Where you see Wordlist Position is how far you are in the combo list. All your hits will display in the green Hits tab. You should also get a pop-up with useful information.
    If you need to stop it quickly, click on the area of the Abort icon twice quickly and every bot should be hard aborted.

    Thats basically all for basic knowledge on how to cracking! If you need extra and more HQ help go check out my sales thread!

    Pastebin Spider: Click Me
    Sentry MBA: Click Me
    vProxy: Click Me
    SQLi Dumper: (use FireFox to download) Click Me
    10k Dorks: Click Me
    Few Configs : Click Me

    Pastebin Spider: Click Me
    Sentry MBA: Click Me
    SQLi Dumper: Click Me
    vProxy: Click Me

    Bigbadbri, bugsy28, Arby17 and 8 others like this.
  2. Jelly

    Jelly Member

    Likes Received:
    I prefer Netghost and Proxyfire, but vProxy is good too.
  3. Root_Mx405

    Root_Mx405 Member

    Likes Received:
    woow buddy
    nice tuto for every biggenir
    it's a very big tuto , it's impossible to read it all and don't know how to start cracking
    100% u'll need this when u want to be active member
    and i won't added anything coz it's for biggeners
    And cya soon :p
  4. Alex Star

    Alex Star Banned

    Likes Received:
    very good share
  5. Meowth

    Meowth Member

    Likes Received:
    Make sure you google the url to see if the website has been hacked by someone else something like this
    Select All sql
    With verbatim on.
    Xtra likes this.
  6. Xtra

    Xtra Advanced Member

    Likes Received:
    Yes. Or what you could do is dump around 1k out and use an antipublic combo checker to see if you get a lot of good accounts to dump whole thing out. But your idea is also very good.
    Meowth likes this.

Share This Page