What is cracking? [ Short & Sweet Tut]

Discussion in 'Cracking Tutorials & Information' started by Galaxy, Jun 24, 2013.

  1. Galaxy

    Galaxy New Member Retired Staff

    Messages:
    3,002
    Likes:
    4,468
    Ratio:
    138
    Code:
    Select All
    Brute Forcing & Wordlists Preview: Let's talk about brute forcing. For these types of attacks, you use wordlists with combinations included in them. These �combos� are essential, and are usernames and passwords separated by a colon. The best combo lists come from pass files that have been taken from the servers that the websites exist on. You might find some other helpful information here about restrictions on choosing them like they can only be 6-8 characters long, or maybe the username has to be a working email address. This allows you to tailor your wordlists appropriately. Brute forcing programs read the combos and try to guess the username and password in the login area specified. To emphasize, this is how one starts. Basically a brute forcer uses a list of words and attempts to try them one at a time to see if any of them work as passwords. In the case of web sites, a brute forcer acts as a browser to send username: password combinations (or combos) to the website to authenticate and then reads the responses to see if the combo is valid or not. You must be able to identify the member�s area of the site you are cracking, and must be able to tell what type of login area you are dealing with. Proxies Many times, crackers make simple mistakes and forget to hide their IP with a proxy. A proxy is like an IP except it replaces the IP address of a host with an IP of a server or computer that is somewhere else in the world. A proxy is an entity that acts as a substitute for another. When a client sends a request for a web resource, that request can go straight to the web server, who can read where the request is coming from, or instead you can use a middleman, or a proxy server. So when the request travels the Internet, it first goes to the proxy server, then to the server, then the server sends the response back to the proxy that then forwards it to you. These proxies can be overlooked if studied close enough, and the website crackers can be discovered instantly. That�s why you use a list! Member Login Areas: The Basics Be that as it may, there are five basic types of member�s areas that are crack able. Pop-Up/Basic Authorization: The first type is basic authorization. Also known as �pop-up� website security, basic authorization is an easy website login area that opens a new window with a username and password area to log in to. In theory, if there is no limit to the number of attempts, a brute force attack will always be successful. This method is mainly successful when the password is relatively short, but in some cases it doesn�t matter. "C-Force", "Sentry", and other programs can handle this type of security! Ex. : .......... Form Security: The next type is of course Form security. Notably, this is among the most common and is a little harder to crack, depending on the website. Many cracking programs such as �Form@� or �HttpBugger� focus specifically on cracking this type of member�s area. Form type security is embedded on the site where there is no characters that you have to type in, and its just usually 2 boxes for a Username and one for a Password. Ex. : ......... Strongbox/Fake Strongbox Security: The next type is strongbox. Strongbox has a very easy to read �captcha image� with a gray hue to it. Captcha is an image with letters where the system verifies if the user trying to login is human or not. These are the easiest to exploit but harder to crack. Exploiting in this case refers to hacking all of the usernames and passwords from the database. No more wordlists needed! There are two types of strongbox. Real strongbox is one, where you must type in the letters that appear. Inversely, with fake strongbox you can type in anything and it will believe you typed the right word. "Strongboxer", "FastOCR", and other programs can handle this type of login! OCR Type Security: Lastly is OCR. Embedded into sites, this character recognition software makes it very difficult for accounts to be cracked. By the same token, it has a captcha image like strongbox except this image is difficult for even real people to read! Certain programs for this type of security include �CaptchaKiller� , �TonyVegas�s On Cracking Rampage�, and �FastOCR�. Tutorial Written by ChRoNiC X
     
    Linkahan and HoddHed like this.

Share This Page