- Joined
- Threads
- 281
- Posts
- 916
Last Edit: December 12th, 2018
This tutorial was made possible by
@Jacob for being awesome and letting me moderate Cracking Tutorials & Information so I could keep this TuT up to date
and Cracking.org for being awesome
Ok let me start off by saying this tutorial is free. Why? Because I am sick and tired of others begging me for stuff and not being able to read rules and acting like complete noobs in shoutbox.
Lets begin:
This tutorial was made possible by
@Jacob for being awesome and letting me moderate Cracking Tutorials & Information so I could keep this TuT up to date
and Cracking.org for being awesome
Ok let me start off by saying this tutorial is free. Why? Because I am sick and tired of others begging me for stuff and not being able to read rules and acting like complete noobs in shoutbox.
Lets begin:
What is Cracking?
Cracking is basically brute forcing into someones account for a certain website?
Bruteforcing is using a tool, a list of emails/usernames and a list of passwords which you combine with the other time to form a combo. Some combos are more HQ then other because they are taken from SQL dumping.
You can learn more about it here
What makes a combo HQ? How do I get HQ combos?
High quality combos are taken from SQL dumping. It makes them more high quality because they already have a password and you don't have to get some long lists of passwords to combine with emails you scraped.
To get them you use SQLi Dumper which I will later explain.
What are the cracking tools?
The main cracking tools which everyone uses is Sentry MBA, SQLi Dumper, and Proxy Scrapers.
Sentry MBA is the Bruteforce tool. SQLi Dumper is a tool to get your HQ combos. Proxy scrapers get you your proxies.
Bruteforce Tool + Combos + Proxies
Note: Sometimes you don't need to use proxies because the config is proxy-less. (I will get into that later).
---------------------------------------------------------------------------------------------------
Tool #1
Pastebin D3v Spider
I copied and pasted this from another thread to make my life easier.
All Credits : https://cracking.org/threads/pastebin-d3vspider-v1-41.51503/
This tool can do a lot. It can scrape your combos and proxies with a few other things. But, it scrapes them from Pastebin making them less HQ.
--------------------------------------------------------------------------------------------
Tool #2
μProxy
This tool is one of my personal tools. I prefer it more then other proxy scrapers.
This one I also copy pasted from my own thread
First, I want you to go to this link and download the program
Then, I want you to extract the program to wherever you want it.
Open up the application
It should look like this
You may exit out of this and follow those directions. Or, continue with tutorial
Additional Options
Click on Settings at the top right. You then can increase thread count and many more options
Thread count can be increased depending on how good your PC is
Now, click on the "Scrape" tab at the top.
Once it is done scraping the proxies, it will automatically start to check them. You can see all the information that is useful at the bottom. You may click Stop to stop the checking at any time.
Once you get this, click OK.
Click Export at the top.
You have lots of control on exporting the proxies. Choose whatever you want to do. I'll just export only the elite ones and http/s
What it should look like if you did it properly
A few notes:
Go to the file in which uProxy is in and open the file Data. From there you can play around with the sources, and view all the proxies by scraped, checked, type, etc.
----------------------------------------------------------------------------------
Tool #3
SQLi Dumper
This tool you use to get combos.
Side note: If you get a picture when first opening program to enter a key or something, just spam 1 in all of the boxes and click the button to continue
For this program, we need to have dorks!
What are dorks?
To start off, paste your dorks inside the box and click Start Scanner.
Make sure to get good amount of URLs in the thousands.
At the bottom you can see how many urls you have scraped and up top on the Queue.
This is what mine looked liked after I was done.
Now, if you are still scanning click Cancel. Then you want to click Exploitables and click Start Exploiter and let it finish.
My results
Now you want to head over to Injectables and click Start Analizer and wait for it to finish.
My results:
*I did not get many Injetcables so I should have scraped more URLs*
*I would use a VPN after this point*
Where you see email, admin, password, and users, you want to tick the things you want to search through the databases.
To search through all the databases to make your life easier, you want to right click on of the urls, and click Select All. Make sure have Current DB selected.
Then, click Start. You will see a pop-up.
You can move it around and such, wait for it to finish through in SQLi Dumper.
After that, you can scroll through the databases till you find a good one to dump.
You want to find one that has ratio close to 1:1 for email/user to password.
Then, you want to click the url and on the top left click Go To Dumper and then click Dumper Form.
You will be prompted to something that looks like this
Using the pop-up we got, I was able to figure out where the email and pass were located.
Once you find the table you want to see whats inside, click on it, and then click Get Columns
which is next to Get Databases.
Now, you need to find either email and pass, or user and pass. I found it and mine was email and password. Tick the boxes you want to dump info out.
Then click Dump Data.
Now you can see it dumping. After it is all dumped click Export Data and select the export settings you want.
Thats all for SQLi Dumper
-------------------------------------------------------------------------------
Tool #4
Sentry MBA
*Please note ths tool is very old and wont work well with most sites today. Though since I am updating this tool, I might as well update this section too*
I am using the CrackingCore version which you can find on the forum.
This tool, like all other tools, is basically sending a http request with post data and different attributes and views the html and uses Keywords to determine if its a failure or success account.
I will show you how to a load a config and run it.
What is a config?
Basically a bunch of settings in a text file that you can save it so it turns into a configuration file that sentry can use.
First, click Load Settings from Snap Shot.
Then, Navigate and find the folder you have your configs in.
If you're config is pasted in a text file that is not a configuration file, click the drop-down in Files of type: and select Any File
I am going to click on the .ini file and then click Open.
Now, you want to head over and click on Lists tab on the left. Here you will load your proxies and combos.
You will load your combos in much like you did with your config. Once you do that, go to Proxylist and do the same thing
Now, after you have done that and loaded your proxies if needed, click on the Progression tab.
Here, you want to do 2 things. For Bots, if your config is proxyless, use 5 bots or less. If requires proxies, use around 100. Also, where it says Combo:, click on the that little refresh icon.
After you did that, click CRACK!
Now you want to hit Start the Bruteforcer Engine! And it should start. Where you see Wordlist Position is how far you are in the combo list. All your hits will display in the green Hits tab. You should also get a pop-up with useful information.
If you need to stop it quickly, click on the area of the Abort icon twice quickly and every bot should be hard aborted.
-------------------------------------------------------------------------------
Downloads:
Pastebin Spider:
Sentry MBA:
μProxy:
SQLi Dumper:
VT:
Pastebin Spider:
Sentry MBA:
μProxy:
SQLi Dumper:
ALL FILES ARE HARMLESS. RUN AT YOUR OWN RISK OR IN VIRTUAL MACHINE/SANDBOX.
Cracking is basically brute forcing into someones account for a certain website?
Bruteforcing is using a tool, a list of emails/usernames and a list of passwords which you combine with the other time to form a combo. Some combos are more HQ then other because they are taken from SQL dumping.
You can learn more about it here
What makes a combo HQ? How do I get HQ combos?
High quality combos are taken from SQL dumping. It makes them more high quality because they already have a password and you don't have to get some long lists of passwords to combine with emails you scraped.
To get them you use SQLi Dumper which I will later explain.
What are the cracking tools?
The main cracking tools which everyone uses is Sentry MBA, SQLi Dumper, and Proxy Scrapers.
Sentry MBA is the Bruteforce tool. SQLi Dumper is a tool to get your HQ combos. Proxy scrapers get you your proxies.
Bruteforce Tool + Combos + Proxies
Note: Sometimes you don't need to use proxies because the config is proxy-less. (I will get into that later).
---------------------------------------------------------------------------------------------------
Tool #1
Pastebin D3v Spider
I copied and pasted this from another thread to make my life easier.
All Credits : https://cracking.org/threads/pastebin-d3vspider-v1-41.51503/
Info:
What is Pastebin.com Spider?
made this tool as lots of jr. crackers use pastebin.com to get their combos weather it was email or user combos, so this tool can leech
combos (user or email), proxies, emails from pastebin.com site....
all you have to do is to
1-add Query you want to search for , in the TextBox above (such as ProxyList , Email ComboList , UserList......etc)
2-Define Time Results your looking for were posted
d: = one day
w: = week
m: = month
y: = year
all: = Any Time
3-Choose What u want the tool to capture from the buttons below (User : Pass Combos , Email : Pass Combos , Proxy Lists , Email Lists, URL List)
Note:
Needs .net Framework 4.0
What is Pastebin.com Spider?
made this tool as lots of jr. crackers use pastebin.com to get their combos weather it was email or user combos, so this tool can leech
combos (user or email), proxies, emails from pastebin.com site....
all you have to do is to
1-add Query you want to search for , in the TextBox above (such as ProxyList , Email ComboList , UserList......etc)
2-Define Time Results your looking for were posted
d: = one day
w: = week
m: = month
y: = year
all: = Any Time
3-Choose What u want the tool to capture from the buttons below (User : Pass Combos , Email : Pass Combos , Proxy Lists , Email Lists, URL List)
Note:
Needs .net Framework 4.0
Tool #2
μProxy
This tool is one of my personal tools. I prefer it more then other proxy scrapers.
This one I also copy pasted from my own thread
First, I want you to go to this link and download the program
Then, I want you to extract the program to wherever you want it.
Open up the application
It should look like this
Click on Settings at the top right. You then can increase thread count and many more options
Thread count can be increased depending on how good your PC is
Click Export at the top.
You have lots of control on exporting the proxies. Choose whatever you want to do. I'll just export only the elite ones and http/s
What it should look like if you did it properly
Go to the file in which uProxy is in and open the file Data. From there you can play around with the sources, and view all the proxies by scraped, checked, type, etc.
----------------------------------------------------------------------------------
Tool #3
SQLi Dumper
This tool you use to get combos.
For this program, we need to have dorks!
What are dorks?
To start off, paste your dorks inside the box and click Start Scanner.
Make sure to get good amount of URLs in the thousands.
At the bottom you can see how many urls you have scraped and up top on the Queue.
This is what mine looked liked after I was done.
Now, if you are still scanning click Cancel. Then you want to click Exploitables and click Start Exploiter and let it finish.
My results
Now you want to head over to Injectables and click Start Analizer and wait for it to finish.
My results:
*I did not get many Injetcables so I should have scraped more URLs*
*I would use a VPN after this point*
Where you see email, admin, password, and users, you want to tick the things you want to search through the databases.
To search through all the databases to make your life easier, you want to right click on of the urls, and click Select All. Make sure have Current DB selected.
Then, click Start. You will see a pop-up.
You can move it around and such, wait for it to finish through in SQLi Dumper.
After that, you can scroll through the databases till you find a good one to dump.
You want to find one that has ratio close to 1:1 for email/user to password.
Then, you want to click the url and on the top left click Go To Dumper and then click Dumper Form.
You will be prompted to something that looks like this
Using the pop-up we got, I was able to figure out where the email and pass were located.
Once you find the table you want to see whats inside, click on it, and then click Get Columns
which is next to Get Databases.
Now, you need to find either email and pass, or user and pass. I found it and mine was email and password. Tick the boxes you want to dump info out.
Then click Dump Data.
Now you can see it dumping. After it is all dumped click Export Data and select the export settings you want.
Thats all for SQLi Dumper
-------------------------------------------------------------------------------
Tool #4
Sentry MBA
*Please note ths tool is very old and wont work well with most sites today. Though since I am updating this tool, I might as well update this section too*
I am using the CrackingCore version which you can find on the forum.
This tool, like all other tools, is basically sending a http request with post data and different attributes and views the html and uses Keywords to determine if its a failure or success account.
I will show you how to a load a config and run it.
What is a config?
Basically a bunch of settings in a text file that you can save it so it turns into a configuration file that sentry can use.
First, click Load Settings from Snap Shot.
If you're config is pasted in a text file that is not a configuration file, click the drop-down in Files of type: and select Any File
Now, after you have done that and loaded your proxies if needed, click on the Progression tab.
After you did that, click CRACK!
-------------------------------------------------------------------------------
Downloads:
Pastebin Spider:
Sentry MBA:
μProxy:
SQLi Dumper:
VT:
Pastebin Spider:
Sentry MBA:
μProxy:
SQLi Dumper:
ALL FILES ARE HARMLESS. RUN AT YOUR OWN RISK OR IN VIRTUAL MACHINE/SANDBOX.
Last edited:
