fudmario Posted September 19, 2013 Share Posted September 19, 2013 This is the hidden content, please Sign In or Sign Up Cracking For Beginners by th3z1r0 Merged Reply: 1.- Theory - Terms and definitions 1.1 Wordlist: List of words This is the hidden content, please Sign In or Sign Up 1.2 Combolist: List of words separated by " : - " Usually are separated by ":" This is the hidden content, please Sign In or Sign Up 1.3 Proxys: Basically it is an IP address that belongs to any PC in the world such as China, which makes a connection request to a PC X in this case the web to attack this for example in the USA, in our PC in this way masking Our Location We have L1=Anonymous, L2=Anonymous Middle, L3=Transparent Sock4/5 SSL=Secure Encrypted Connection used for HTTPS sites This is the hidden content, please Sign In or Sign Up 1.4 ProxyList: Proxys list separated for ":" IPAddress:Port This is the hidden content, please Sign In or Sign Up 1.5 Success Keys: Part of the source code that receives the program that performs the attack with which we determine that an account is valid or not This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up This does not mean that the account is complete ie that allows us to download the content etc. Only we have successfully logged. 1.6 Failure Keys: It's part of the code that has been our criteria to a setting you do determines that the account is not valid, is expired or the password is incorrect, but the user is correct. This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up 1.7 Ban Keys: Determines that the connection has been banned or something given in the code received indicates that the connection results in a value that is our principle is considered ban. Example: The job of introducing the characters in the ReCaptcha in bangbros.com after several failed attempts to login. This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up 1.8 Retry Keys: Determines when it gets a result X is trying to connect again, we can see on sites with captcha security code which jumps when entering wrong message as Invalid Security Code! This is the hidden content, please Sign In or Sign Up 1.9 Block Keys - Fake: It is a false positive that occurs when using no anonymous proxies making that connection is blocked or redirected to another website. Internet - Acesso BloqueadoDansGuardian - Access Denied 1.10 Hit: When we get a valid account 1.11 Leeching: It is being drawn from websites or text documents that need information such as proxy list, lists of combos or user lists 1.12 Proxyless: Refers to the configuration created for a site which does not require the use of proxies but yet the number of connections (boots) should be 10 or less 1.13 OCR: (Optical Character Recognition) is the Captcha code in the login forms that need to authenticate correctly 2.- Practice 2.1 Leeching Proxys: Let's look at several ways to obtain proxies ProxyFinder Enterprise Edition v.2.5 Clic "Find" wait 100% and save This is the hidden content, please Sign In or Sign Up You can use search engines like google and compile a list of sites that publish proxies and thus extract "Leeching" with a program like ProxyFire, these links to the sites with lists of proxies can add the PLeecher tab "Edit Forum List " This is the hidden content, please Sign In or Sign Up ProxyFire default this tool brings some parameters to find and obtain proxies PLeecher tab "Edit Forum List" opens the file with the list of sites you will use to obtain proxies This is the hidden content, please Sign In or Sign Up Psearch tab proxies can search through different search engines This is the hidden content, please Sign In or Sign Up Z-Leecher that allows us to extract "leeching" proxies and combos from urls or text files This is the hidden content, please Sign In or Sign Up 2.2 Testing Proxys ProxyFire - Filter Proxy tab filtered the proxy list we have against blacklisting dangerous proxies duplicates and then filtering the result is saved - Right Click - To File Sava - Proxies-Filename.txt - In the Settings tab are online we check if our Proxy Judges are sites or scripts against which proxies will be tested to check their level of anonymity - Check tab load our proxies establish the amount of Threads (Connections - Petitions at the same time) and retry - Clic Go and wait for it to finish checking proxies - Result Dir will open the folder where you save the result of tested proxies This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up Using FJProxyTester to check the connection of proxies against a particular website - Select the Site Profile for which we want to check our proxies - Load Proxy list - Threads (Number of connections) - Start Checking - Save This is the hidden content, please Sign In or Sign Up To create a new profile for FJProxyTester - URL: Example This is the hidden content, please Sign In or Sign Up - Title: Clic Retrive and get the Title - Save 2.3 Leeching Combos Using a search engine like google can create a combolist to attack a specific site, for this we use the URL to the members area of the site you want to attack and seek with the following format @members.pornpros.com/splash.php *:*@members.pornpros.com/splash.php With plugin Copy Links for Firefox we can select all the links on the results and go saving them in a text file and then extract the combos This is the hidden content, please Sign In or Sign Up When we file or text files with URLs that have achieved manually through the search engines we use Access Diver 4.402 to extract data This is the hidden content, please Sign In or Sign Up Now we use EZLeecherV3 to automate the search for combos across subjects, configurations (Themes) Creating a Theme, I will use the following sites This is the hidden content, please Sign In or Sign Up http://members.pornpros.com/'>http://members.pornpros.com/ This is the hidden content, please Sign In or Sign Up - Theme Settings Tab - Deselect "Don't user a theme, leech everythinh" You can also do without deselecting this option and will extract everything without filter by theme - Create New Theme - Set the name - Add item(s) - URL to add only URLS - Keywords to add keywords to search - Save Changes This is the hidden content, please Sign In or Sign Up To start extracting the combos go to the tab Leecher and click Start Leecher, then just have to save "=> Export items[X]" This is the hidden content, please Sign In or Sign Up Merged Reply: 2.4 Leeching Usernames ForumLeecher0.3.0 The site will test now trancesessions.com - We are located on page 2 of the members of the site - Using Firefox press Control+U to see the source code for the members page (Right click view source) - We look for the first user in the source code This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up - You configure the basic parameters ForumLeecher0.3.0 - URL Original members page This is the hidden content, please Sign In or Sign Up - We can use the following manner This is the hidden content, please Sign In or Sign Up - Dismissing the next part of the url, in some places you can play with the URL and put it together as you wish do=getall& - In the part of String we separate the parameters of the URL to call the part of the users being the result /forums/memberlist.php?order=asc&sort=username&page=2 - We replace the &page=2 a &page= - In Parse Options establish the parts of the source code of the web page from which you will find the username, in some cases with 2 parameters is sufficient in this case so we must select the option Double parce - In Page Option establish the number of users per page and the number of pages that are in the web - Finally press Test and check that it works correctly, then save This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up - The spaces can be edited in notepad We may also use AIOHNB tool for this and a few more things about this tool will not hold tutorials since the program's author has covered the subject very well tutorials You can see another tutorial by the author of the program at the following URL 2.5 Editing Wordlist - Combolist For editing Wordlist - Combolist use Raptor III - Once we have loaded the combolist can filter the amount of characters in each line and can do advanced filters Remove Duplicates tab can filter out repeated lines of our combolist This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up 2.6 Complete analysis of a site Let's look at several sites to see what information we can get out of it to make the configuration http://www.pornstarnetwork.com'>http://www.pornstarnetwork.com We can see the options of Join and Sign In (Login) This is the hidden content, please Sign In or Sign Up Join In page we can see the parameters they must have a user, the number of characters that should have the username and password, if the user is an email, not a nick, if the user data and password are generated randomly and automatically Password is too short This is the hidden content, please Sign In or Sign Up Password is too Obvious This is the hidden content, please Sign In or Sign Up The password is very weak This is the hidden content, please Sign In or Sign Up The password is good This is the hidden content, please Sign In or Sign Up The password is strong This is the hidden content, please Sign In or Sign Up The password is very strong. This is the hidden content, please Sign In or Sign Up The password contains unusual characters or exceeded the maximum allowed length This is the hidden content, please Sign In or Sign Up Pages do not always give us this information, but we can get the lengths which are allowed on the site and whether or not automatically generated by the same we better. On the Sign In (Login) we can identify the type of login that has This is the hidden content, please Sign In or Sign Up Taking all this information then we can determine that URL: http://www.pornstarnetwork.com Login RUL: This is the hidden content, please Sign In or Sign Up Length User-Pass: User Email or Nickname - Pass Minimum 4 Maximum 20 Login Type: Form OCR Merged Reply: http://www.pornpros.com/'>http://www.pornpros.com/ This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up We determined that URL: http://www.pornpros.com/ Login RUL: http://members.pornpros.com/ Length User-Pass: User Min 6 Max 11 - Pass Min 8 Max 11 Login Type: Pop-Up 2.7 Practical attack In the first Cracking For Beginners use the program CForce 1.01b this tool is for securities Pop-Up and Form, now SentryMBAv1.4.1 personally use is the most powerful, most complete and supports all types of securities and has very complete with Advanced Options We will make a configure for pornpros.com 1) Settings Tab - General 2) Login RUL 3) We set the filters to the lengths of the users and passwords 4) We set the time for which a proxy is taken as Timeout response time that is spent This is the hidden content, please Sign In or Sign Up 5) HTTP Header Tab this tab to configure the settings of the websites that do not use pop-up security or to set the Pop-Up in an advanced form, we can also configure redirection to another website for the same data capture attack This is the hidden content, please Sign In or Sign Up 6) Fake Settings Tab 7) Select Follow redirects (only in some cases) This is the hidden content, please Sign In or Sign Up 8) Keywords Tab where we set the parameters to determine which account is valid or not, when it is forbidden or required a retry This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up In Settings Tab - General clic Save Settings to Snap Shot to save owr config This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up 9) Tools Tab 10) HTTP Debugger 11) Login URL 12) Clic Debug from SnapShot 13) Establish a username and password This is the hidden content, please Sign In or Sign Up 14) On the Debug tab, click on the button of thunder and thus check that the settings are correct Then in the Keywords Tab we add the following parameter as Failure Key This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up In this way we do not need a Key Success to finish our configuration the first time that we create, if not a cracking session Progression tab can manually check the results that appear in To Check to finally set the Key Succes Link to comment Share on other sites More sharing options...
dEEpEst Posted September 19, 2013 Share Posted September 19, 2013 Re: Cracking For Beginners by th3z1r0 Este tutorial lo he posteado en el foro pero no se donde... good: Link to comment Share on other sites More sharing options...
fudmario Posted September 20, 2013 Author Share Posted September 20, 2013 Re: Cracking For Beginners by th3z1r0 :risass, quizás se perdió al igual que varios post del foro... Link to comment Share on other sites More sharing options...
theziro Posted October 11, 2013 Share Posted October 11, 2013 Re: Cracking For Beginners by th3z1r0 esta disponible en español por si lo quieren y deberian hacerlo permanente "Sticky" por cierto de donde lo han cojido ¬¬ esta es la version 2, la version 1 tambien esta disponible xD Link to comment Share on other sites More sharing options...
pax01 Posted October 12, 2013 Share Posted October 12, 2013 Re: Cracking For Beginners by th3z1r0 esta disponible en español por si lo quieren y deberian hacerlo permanente "Sticky" por cierto de donde lo han cojido ¬¬ esta es la version 2, la version 1 tambien esta disponible xD Sería excelente que publicaras ambas versiones compañero. saludos! Link to comment Share on other sites More sharing options...
Recommended Posts