[ulta]

Cracking For Beginners

Introduction to Cracking

Well given that there are few introductory tutorials and none on the subject for people who walk starting and I took the boldness to share with you the little knowledge I have about the subject.

1) Terms:

Wordlist: As its name suggests is a list composed of words with the following format.

Code:
lalalalala mexicanpass username password cualquiercosa test12345

Combolist: This means a user name and password in the same line separated commonly by ":" "-" "-"

Code:
username:password usuario-contraseña contraseña - username

Proxys: Basically it is an IP address from anywhere in China, Peru, Italy, which we use to mask our connection (IP) against the attack site and in this way we will not be banned, separated by a colon ":" the connection port.

Proxylist: This is a list of proxies that we use for our attacks.

Code:
192.168.12.147:8080 192.168.12.141:80 192.168.19.147:80

We have L1 = Anonymous proxies, L2 = Anonymous Middle , L3 = Transparent

Success Key: You could say that is the part of the web source code that is unique, and shows us that we are in the members section correctly.
For example, if we go to the web

Code:
http://members.pornpros.com/splash.php

If successfully logged get something like this:

If you entered an invalid username and password will get Failure Key

Failure Key: Code is the part of the web which tells us that we have initiated incorrectly session (user or password)

Commonly in web safely POP-UP is the text that this equipment from the <title> </ title>

Fakes: According to my understanding are the text strings that identify not test positive but rather as a false (false positive)

Block Keys: When a proxy is not anonymous is bad enough that L3 or blacklisted process results in a message as

Code:
<title>Internet - Acesso Bloqueado</title> <title>DansGuardian - Access Denied</title>

Retry Keys: Usually occur in cases with Captcha Web where you entered the wrong captcha results in an error message to try again to

Code:
Invalid Security Code !
Code:
Security Code missing !

Banned string: It seems that is the text that identifies which logged repeatedly without achieving any positive results have been banned for the web for a while or forever, according to web.

Hit: What is called to obtain a correct username and password for the site attacked

Lechig: You get a wordlist or ProxyList of a file or web page.


2) How to get wordlist and ProxyList:

How to Get a WordList: Well there are several forms and each one uses the best from experience so results will show you how to get a wordlist with google (using Firefox, Firefox Pulgin Copy Links and Access Diver 4.402) and AthenaII as and filter our wordlist with Raptor3.

Using Google: We use it to get a wordlist to attack a single site, for example pornpros, thus more likely tend to get HITS

a) Getting the URL of the login section of the web members to attack make our search as follows

Code:
@members.pornpros.com/splash.php

Consider the options given google.

b) Having installed Firefox Pulgin select Copy Links to our search results by copying the links to a text file then leeches and filtered to obtain a good WordList.

c) When you have copied Google results in a txt we leecher combos with Access Diver 4.402

d) We will filter our combolist with Raptor 3

Once you loaded our list filter out duplicates

Then we filter out the characters we do not want combolist own.

Finally press randomize list ie stir our combo.

Using AthenaII: Well we'll see how simple it is

How to Get a ProxyList: Well we use ProxyFinder v.2.5 Enterprise Edition 1.1.0 and Z-Leecher

ProxyFinder Enterprise Edition v.2.5: Simple program for get proxys

Z-Leecher 1.1.0: Well this program serves to proxy leecher combos and be it websites or files. This time we will collect links to websites that contain lists of proxies.

Searching google proxy list, ProxyList, list of proxies or similar terms

Something like this

Copying links to a text file for later use with Z-Leecher 1.1.0

Using Z-Leecher 1.1.0

Once you collected our list of web links that have lists of proxies amounts to Z-Leecher

1) Leech Page
2) Select Leech Proxies
3) We import our list of proxies

In the "Ignore & Replace" We can set the words and proxies we want to ignore

Set the path and file name where you saved our list of proxies tab "Output Files"

Leech and results

1) Select the URL´s and Press Leech button
2) Show results
3) Show how much proxys have leech


3) Anonymity in our proxies: For this part ProxyFire.v1.24 use to test and get our anonymous proxies and ProxyTester - By RoyDJ to learn how to test proxies against a particular website (This will get better results in my experience) .

ProxyFire.v1.24

We loaded our list of proxys proxies we remove duplicates and dangerous

We check the boxes to be active only in this way we obtain the results of the L1, L2 and SOCK4/5

In the options to the default funsion always correctly.

In the "Settings" checked our proxy Judges (the websites that are tested against the anonymity of our proxies) and proceed to test our proxy

We have our anonymous proxies (ProxyFire.v1.24 are automatically saved in \lists\check)

ProxyTester - By RoyDJ: Well this testing is in my opinion the best and get better results in obtaining HITS (fewer fake)

1) Member´s login
2) Press Title
3) Load Proxys
4) Press Start Test
Time out to like to each one and Threads Max 100

Test ending 1335 proxys for pornpros

4) Practical attack:

So now we know how get a good wordlist and proxys anon. Lets to crack something. I going to show how doing with CForce 1.01b. Also explore our website to attack

CForce 1.01b:

In the "Settings" configure something like this

In the "Auto" to put the website URL login

We went to the tab "Pro" where we set our attack data

1) Members URL
2) Analyse
3) "Check keywords in header too"
4) Put the Success key
5) Save profile
We can also see that the analysis tells us it is basic (POP-UP) and the GET method
Finally press "Bruteforce"

Analysis:

Code:
http://www.youtube.com/watch?v=O9AYy_xD2Lg

Code:
Web URL: http://pornpros.com/ Members URL: http://members.pornpros.com/splash.php Success key: <title>Welcome To Porn Pros</title> Failure Key: <title>PornPros - Unauthorized Login Attempt</title> Security: POP-UP

The Key Success does not always know. What we can do in these cases is to try to attack the Web HIT expecting some positive results which take the key Success.

By clicking "Bruteforce" will move to the tab "Auto" which carry all our proxies and combos and press START to begin the attack.

HITS

Checking web access

[krish69]

[themes1]

wadee nam patta kiyavanda puluwan vidihata kudaa kalaa nam meeken meeka meloo rahak nethi welaa. down karaganda vidihakatavath demmanam print karagena hari balanda thibba