|
Introduction This tutorial is only very basic; this is just for wannabe crackers to get started! This mainly focuses on Access Diver, so people wanting to use a different tool, should look at a different tutorial. Before cracking an account, there are a few things that you need to learn! First of all anyone can do it, AS LONG and you have the prior knowledge to do so....
Introduction This tutorial is only very basic; this is just for wannabe crackers to get started! This mainly focuses on Access Diver, so people wanting to use a different tool, should look at a different tutorial. Before cracking an account, there are a few things that you need to learn! First of all anyone can do it, AS LONG and you have the prior knowledge to do so. To crack a site, a method known as "Brute Forcing" is used. The word may sound intimidating at first, but when you become a more skilled brute forcer, this term will be very common. All brute forcing does is sends many usernames and passwords to a site, and hope that a matching username and password comes back. The passwords retrieved are called "hits". This process can be quite easy, but it requires a little bit of knowledge first!
Cracking Tool Download and Tutorial Sites
http://www.security-forum.net http://www.securitysite.host.sk These sites will act as bibles for you, and you will find your selves visiting and revisiting again and again! Make sure that you go to these sites; these are what will turn you into a "skilled cracker"
The Cracking Tools Available
Before you start to "crack" a site, you will first need a cracking tool. There are many cracking tools available, but the best ones are Access Diver, Goldeneye & Ares. Try all of them to find which one suits you. I stick to Access Diver most of the time; it has nearly all the features you'll ever need to "crack" an account. NOW TO START
1) The Cracking Tool
The best one i've found is Access Diver on:- Download Access Diver 4.241+
First of all, set the "My Skill" to expert.
2) For Proxies
Proxies are probably the most important thing you need for cracking. Proxies are in this format:-
205.232.121.104:8080
203.199.64.132:8080
200.75.42.4:80 The port number is the bit after the ":" which at the moment, you probably don't need to know... Anonymous and Non-Anonymous proxies are available on the net. Obviously we want the Anonymous ones, so the question your probably asking right now is "How do I get some proxies?". Well there are many sites available on the web with proxies in them, a good place to start is probably http://soldierproxy.s5.com/MainPage.htm. You can find more proxies by searching google for "anonymous proxies", and there are plenty of sites. You can either copy and paste these proxies into a .txt file, or you can copy the URL into AccessDiver (proxy ---> Web Proxy Leecher), then just click on that lovely leech button, and your away!!! Now your probably thinking "I've got my proxies now, I want to start!!!" Well we still have a long way to go. First we need to check the proxies to see if their good or bad, and we need to check their level of anonymity. Once you have you .txt file of proxies, click on the "Proxy Analyser" tab in AccessDiver, then load into it your proxy list. Highlight all of the proxies, by clicking on the first proxy, then going to the bottom of the list, and clicking the shift button, and left mouse click on the last proxy at the same time. Next click on speed/accuracy tester, and wait for it to finish analyzing then delete all proxies with a delay above 3500 milliseconds. Next, we need to check if the proxies are anonymous or not, so for this we need a proxy judge. Here's a list of some good ones:- http://proxycheck.virtualave.net/checker/pj235.cgi
http://www.stilllistener.addr.com/checkpoint1/test2/
http://mgbible.virtualave.net/cgi-bin/prxjdg/prxjdg.cgi
http://www2.inforyoma.or.jp/~misa/manitou_s/prxjdg.cgi
http://forest.ami.ne.jp/what/prxjdg.cgi
http://angura.ug.to/cgi-bin/prxjdg.cgi
http://www.leader.ru/secure/who.html
http://www2.inforyoma.or.jp/~misa/manitou_s/iptrace.cgi
http://www.multiproxy.org/env_check.htm
http://proxycheck.virtualave.net/checker/
http://www.rental-web.com/~azuma/cgi-bin/env.cgi
http://www8.big.or.jp/~000/CyberSyndrome/evc.html
http://thor.prohosting.com/~tcpip/cgi-bin/env.cgi
http://www.inside.ne.jp/cgi/util/envtest1/envtest.html
http://lightning.prohosting.com/~aozora/cgi-bin/env.cgi Just add them to your AD by clicking on the proxy judge setting tab, then adding them. Now, select a proxy judge, then highlight all the proxies again, and click on the "Confidentiality tester". When the testing has finished, delete all the proxies with a "NO" result. We now have a good working proxy list. But you need to maintain this list everyday, by adding more proxies and deleting old ones, because anonymous proxies do not last all that long! You must now save the list. Now click on "My List", and load up the proxies into this section, these are the proxies you will use for cracking.
Another way to get proxies is to scan for your own, A.D, I find is not very good, use something like Proxy Hunter! But BE CAREFUL, your ISP can throw you off their service for this, as it is considered an illegal activity. These Proxies that are obtained also have to be checked, and if you find some anonymous ones, they will last a lot longer than the ones found on the web:D
I mainly just leech though; it saves a lot of time! 3) Combo list A combo list is a list of usernames and passwords looking like this:- bill:clinton
username:password
john:doe The username is the first bit, and the bit after the ":" is the password! Now you're probably asking "where the hell do I get some combo lists?!!" well the best thing to do is leech them from other password sites with a program like raptor2! Or an easier option, is to go to www.google.com and search for them although they are not that good, the truth is not many people want to share their real password list, because it take so damn long to make them. Just make it up and you'll be cracking passes in no time.
I decrypt log files, I find that's the best way, but the easiest way for you at the moment is to leech passes from sites.
Oh here's a good site with wordlists in it, even some in different languages!
http://wordlists.security-on.net/download.html Once you have your list put together, click on the dictionary tab on AD, then load them in.
4) Getting The Members URL Of the Site
To start of, I think you should try an easy site. Go to that site and right click on the members link, and copy shortcut. It should come out like this! http://www.thesite.com/members". Put that into AccessDiver. Also check the join section of the site, to check the requirements of the username and password, and filter your wordlist accordingly (i.e. with raptor 2) Don't worry, we're nearly there!
5) Now Lets Go!!!
(i) Use lots of anonymous proxies of any level, and rotate them after 1 attempt.
(ii) Set the attack rate to around 15-20 bots, depending upon your connection and the type of website security.
Now click on the standard button in AD (the one with a lightning bolt next to it) and we're away. Now all you have to do is WAIT, and pray that you get a login!
(iii) If you find a real login, then go into the site with the same proxy you used to crack it
4) Happy Cracking
Related Items:
|
