need expert answers please.

Discussion in 'Cracking Discussions & Help Forum' started by iShadow.Angels, Nov 26, 2014.

  1. iShadow.Angels

    iShadow.Angels New Member

    Messages:
    108
    Likes:
    6
    Ratio:
    0
    ok, so far i have learnt a lot of basics of sentry mba, sqli dumper and ezleecher,
    i got so many questions to ask which are advanced level. i don't find much satisfactory answers from google dude.
    here is my bet on CC to find them to learn more.
    i seek for an advanced level guide or book or video tutorials on these cracking tools.
    and until i find that, let me put my most important questions nude here

    Sentry MBA:
    • ok so i know and i can make some easy configs now by studying basic guides, but i wanna know their deep workings. what is success key? how does it work? i mean what is the procedure of sentry mba to find a key? in what code of the page does sentry mba look for a success key or any other key like failure keys etc? does sentry mba look for whole source of page for differences after trying a combo on it? or there are specific type of things it look for?
    • what is the difference between source keys and header keys? what should i know to learn them? and to know where to use any one of them or both of them?
    • im interested in learning OCR feature in detail,
    • when i'm cracking something for example skype accounts with 10k proxies, 10k user:pass combos, and suddenly there is an electricity failure, what is the way to continue my previous session from same progress again?
    • ok so i can put a user:pass or Email:pass combos, but what if i want to try all the passwords to all the users list to crack them? i see in combo list there are two other boxes to put only users and another to put only passwords, is it what i want? if yes then can you tell me an easy way to separate users and passwords from a user:pass combo? or from an email:pass combo?
    • can i crack a router which has user name "Admin" with sentry mba without a static combo of passwords? can i define lower, upper letters dynamically and password length to auto generate and try all possible combinations of it?
    • what other good alternatives are there for Sentry MBA ? is there an android version with same features ?

    SQLi DUMPER:

    • ok so i know how to dump random sites for combos, but i want to dump specific sites, and i don't know if there is a specific tool for it? or i can do it with SQLi Dumper ? please guide me what should i look for in that specific website to dump it through SQLi if possible,
    • is there any use of non-injectable websites? how?
    • wanna learn about Dorks, how to find out what dork i want for what kind of sites etc?
    • what other good alternatives are there for SQLi Dumper, is there an android version with same features?
     
    Ezekiel likes this.
  2. Onlykl

    Onlykl Member

    Messages:
    363
    Likes:
    108
    Ratio:
    0.11
    Hello there, Here are some answers from me.

    On question:
    • what other good alternatives are there for SQLi Dumper, is there an android version with same features?
    • what other good alternatives are there for Sentry MBA ? is there an android version with same features ?
    ~ There is no tools for Android and probably never gonna be any. Imagine your little cpu on andriod handling all those data, first of all you will have to put your phone on power charger while u are doing.
    For SQLi Dumper there is no better alternative, about Sentry MBA idk since i use same Sentry and im happy with it.

    On Question:
    • is there any use of non-injectable websites? how?

      ~ No there is no use of them, you can trash them or try manually to find rows to be able to get tables and databases.
    On Question:
    • ok so i know how to dump random sites for combos, but i want to dump specific sites, and i don't know if there is a specific tool for it? or i can do it with SQLi Dumper ?
    U can specify them only via dorks so if u want shopping sites u will be using cart.php?= and such dorks :)

    Thats all from me :)
     
    Mody216, Sam_03 and iShadow.Angels like this.
  3. Onlykl

    Onlykl Member

    Messages:
    363
    Likes:
    108
    Ratio:
    0.11
    And for tool to split passwords, users etc check User Made programs in that section i posted 2 programs that will help you out :)
     
    Mody216 and iShadow.Angels like this.
  4. iShadow.Angels

    iShadow.Angels New Member

    Messages:
    108
    Likes:
    6
    Ratio:
    0
    yea i know about little processors of android, but now a days but sometimes you don't have pc with you and you might need to crack something, and here is why it becomes handy.
    can you tell me more about Dorks thing? you said if i specify cart.php?= it will show random websites with shopping, am i right? but my question was to only pick one site and dump it, how can i do that? for example i only want to dump skype. so how will i do that?
    can you tell me more about how to do that?

    and thank you so much for replying. you are my friend :)
     
  5. Onlykl

    Onlykl Member

    Messages:
    363
    Likes:
    108
    Ratio:
    0.11
    Do you really think that big companies as skype and such are sql injectable? xD
     
  6. iShadow.Angels

    iShadow.Angels New Member

    Messages:
    108
    Likes:
    6
    Ratio:
    0
    hahaha lol, not at all, im not that mad, i just said skype as an example.
     
  7. Sam_03

    Sam_03 Member

    Messages:
    443
    Likes:
    251
    Ratio:
    0.04
    key's tell sentry that what happen after trying a combo :D
    [SK=success key,FK=failure key,BK=ban Key,RK=retry key]
    you can get Sk,fk,bk,rk keys from header & Source page of your Authenticating URL after analyzing it [use httpfox addon or debugger inside in sentry] !
    Senty Find /match key From Header & Source code of your Authenticating URL ! [if you setup both keys xD ! :rolleyes: ]

    Source key is found in the received source code of your target http://i.imgur.com/sK0gMOt.png or in browser http://i.imgur.com/2gNvoRI.png
    so for Source SK key : you can see what changes in the received source code after using a valid account ! & use it as Source success key ,, Eg: after login with valid account you see logout then you can use Logout</a> as SK Key http://prntscr.com/5a8xvd & http://i.imgur.com/XuR2fiR.png
    same law is applied for other Source FK,BK,RK,

    Header Key is found in the received/Response HTTP Header of your target http://i.imgur.com/1EYGr6o.png or in browser http://i.imgur.com/8RvTxSO.png
    you can use cookie,location or response code [200 OK,302 Found,403 etc.. response codes] as Header SK,FK,BK,RK ! ;)
    some site's doesn't show any received Source codes so you can use header keys !

    for OCR !
    check other configs with ocr stage and see ther ocr configuration setting & you can learn much better yourself For OCR stage :lol:

    For Continue my previous session :
    there is not any solution for this & you can change Wordlist position http://i.imgur.com/sgg65me.png ! some time sentry ask you to start from last snapshot position http://i.imgur.com/hEybOik.png for bruting same site with same Wordlist & Some time not :P
    For combo !
    yes ! for separating use AIO HNB tools & for all pass for all user you can use This http://prntscr.com/5a91it
    For Router !
    go To Sentry>Tools>HTTP Debugger & inter your router login page/IP in site & Check with get request & than see that you get any response or not !

    For Senrty alternatives
    vertex,hitman are good too but only available for windows !

    for specific website SQLi !
    Sqli specific website like Crackingcore :P There is no tools for this,,, learn SQL & Then SQli & do it manually ! & use Acunetix for scanning specific site for vulnerability !

    for non-injectable
    there is no use as Onlykl maintained :lol:

    for Dorks,
    it's depend on which type of sites you want !
    you can use inurl,site,intext,intitle for Finding your type of website ! :P
    ex, For shopping sites based on UK you can modify you dork to : inurl:cat.php?id= site:.co.uk ^_^

    alternative for sqli dumper ;
    sql map,sql poizon etc. . & so on

    there is nothing available for android ! :P
     
    iShadow.Angels and Ezekiel like this.

Share This Page