Go Back   Viprasys - Your #1 source for freewares > PC Related > Help Section

Help Section Have a question about how 'something' is done, ask in here.

Similar Threads
Thread Thread Starter Forum Replies Last Post
Need Website For Socks Grabbar Website NOn-SeNsE Programming related 5 12-11-2011 07:29 PM
What a Website Knows About You ~Tahsin~ Tutorials 0 12-15-2009 05:00 PM
!!!Crack any software - create your own crack!!! spuds_howry Tutorials 5 06-19-2009 07:02 PM
How to Crack Software, Make your first Crack [rapidshare] __bh0ng__ Trash Can 0 04-21-2008 05:30 AM

Post New Thread  Reply
LinkBack Thread Tools Display Modes
Old 02-06-2008, 10:32 AM   #1 (permalink)
Quits Viprasys,Thank you.
Join Date: Dec 2007
Location: ---CyBeR-CitY---
Posts: 1,867
VipraSys Cash: 37,990.21
Thanks (Given): 0
Thanks (Received): 1
Likes (Given): 0
Likes (Received): 0
shabzl33t has a reputation beyond reputeshabzl33t has a reputation beyond reputeshabzl33t has a reputation beyond reputeshabzl33t has a reputation beyond reputeshabzl33t has a reputation beyond reputeshabzl33t has a reputation beyond reputeshabzl33t has a reputation beyond reputeshabzl33t has a reputation beyond reputeshabzl33t has a reputation beyond reputeshabzl33t has a reputation beyond reputeshabzl33t has a reputation beyond repute
Send a message via AIM to shabzl33t Send a message via Yahoo to shabzl33t
Default How to crack a website

So you want to know how to crack your way into a website....

I was going to write something alarming, funny and probably just a little to far out there for some (gf said it'd probably just piss people off and so I censored it...).

OK... First lets look at some facts of the matters...

#1 You cannot enter a website by cracking into it without having a valid combonation of username and password. No matter how hard you try, if you don't have a user/pass in your wordlist that is in the websites password file, it will not work.

#2 You should use proxies. Duh... Proxies keep you anonymous by passing your http data through them, and then they are the ones who submit the data and do it using their IP addy instead of your own. NO PROXY IS ANONYMOUS UNLESS YOU CONTROL IT! Most all proxies log the transactions they run so all it takes is a government to supena the owner and get the data. 

#3 You should use software. By far the easiest software to use is Access Diver. Why is it the easiest? You can leech wordlists, proxies and use it to do the actual cracking. Its like a Bowflex for cracking passwords...

That out of the way lets get down to it...

What is a wordlist and why do I need it. We are going to bruteforce the targets because, by nature, it is faster then hand typing. Access Diver is an excellent BF'er. It will try anywhere from 8,000 - 100,000 combos per hour. Depending on how fast your connection is, how fast the targets connection is, how fast the proxies are, your mileage may very. A wordlist is a compiled list of past known good combos used by real people on websites. We prefer refined lists where the websites the combos where good for and similar in genre to the websites we are attacking. Huh? In other words, having a list made of combos that were from mature websites isn't going to help us get into a teen niche site. But we are newbs eh? So we will make a larger general purpose list.

First open AD and select, My Skill - Expert. We are almost elite already! How many situations in life besides for snow skiing let you pick your own skill level? Then click the history tab. Should be pretty darn empty. Now we leech like ****ers... But we have to start somewhere so lets get to it. Visit many, many passboards looking for previously cracked passes. Prefer boards where people are posting them 100's to 1000's per post or where the admin compiles them daily into such large numbers. We want them in the http standard basic authentication format. what?

Like  this:
http://LSW-asp547:[Only registered users can see links.  ]/members/
http://LSW-willie:[Only registered users can see links.  ]/members/

http:// login : pass @www.website.com/members directory/

We copy them to the clipboard after selecting the with the mouse and then in AD we can ShiftF2 or right click and import from clipboard... After hunting down say 20,000 such passwords we want to get some proxies.

Clicking on the Proxy tab and then the WEB proxy leecher sub tab we add in some proxy sites:


Save that to a file named extraction.txt and load it with the folder icon into AD. One of the things I really like about AD is if you use windows, this thing is almost completely self explanitory. The author made it with certain standard icons so you could know how most of the thing works just by looking at it. If you need hints to something before you press it, just hold your mouse cursor over it and it will popup a little explanation.

Now all of the imported URL's should have a check in the box next to them. If not, click the little check box icon on the left bar menu. Put the number 20 in the little black box towards the bottom and click the start button. When it is done, click the add these proxies in button on the right middle and select to add them to the analyzer.

Now click the proxy analyzer subtab and right click a proxy and select all, right click again and select remove duplicates, right click once more and select remove govt' and dangerous proxies. Then in the top two black boxes with numbers in them, make them 80 and 40. If you are on a modem, you can change it to smaller numbers if you keep getting timeouts. Towards the bottom you have a few more tabs, click the proxy judge tab and select the one that matches:

Then on the special tab make sure it is set for the last option (basic authentication) and finally for parameters, don't check anything off for now.

In the very top is a green long text box with server next to it. Put:
into it. We use this server because it is their old one and no one else uses it so it is fast. Also it is before they used any kind of protection to block multiple failed login attempts and we want as many good proxies as we can get.

Click the speed and accuracy button at the top next to the box you put 80 into and wait for it to finish. When it is done, click the heading for the column labeled Accuracy and it will sort them by what happened. Scroll down to the Timed Out ones and select them (click the first so it is selected, scroll to the last, hold the left shift key down and select the last one, they should all be selected (welcome to windows 101)). Then click the Speed/Accuracy button again and let it check them again. When done, click the Delay column header and it sorts them by speed. Scroll up and select the first one with no speed number and then down to the last one without a delay speed number and select them. Now right click and delete the selection. Next click the Confidentiality tester button and wait for it to stop. Then click the Anonymous heading and sort em... Scroll down and select the first timed out to the last Uncheckable. Click the Confidentiality tester button again and wait... Now sort by delay again and scroll up. Remove those without a delay number again. Now you have anonymous proxies... yeah.. next right click and select, Make selected proxies your default proxy list. It should put you on the My List subtab.

Click the Use WEB proxies box. Then click the rotate proxies and put a 1 in the box.
Click change on 4xx/5xx
Click change on fakes
don't click on redirections
Click on specific words and put
<preview> <Blocked> <wildwebsites> <DENIEDURL>

Click retry user:pass
Click Don't use proxy after...
Don't click on Continue to use timedout proxies

Select Reactivate all proxies from the drop down menu.

Select the first proxy at the top of the list.

Go back to the history tab. Right click and select all. Put a 50 in the black box or a smaller number if on slower connections (timeouts occure). Click the yellow arrow that looks like it is wrapped around something cylindrical.

When it is done you will have currently good passwords and bad passwords. Either way they are we still want to export them to a list. ShiftF6 when they are all still selected and it will let us export only the logins (not the urls) to a file to use as a wordlist. Once that is done. Opening the file into raptor is a good way to remove the duplicate logins and save it again. Now go to the Dictionary tab and click the middle button (Load a combo file) and laod it. Now click on Standard at the top and it will try to crack the captainstabbin website. Just under the server text box is a slider to add or recude bots. Try it on 25 and if its going good (401 access denied is normal) set it to 40... Wait and enjoy your new life...

To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.

Quits Viprasys, THANK YOU for everything.
shabzl33t is offline   Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

All times are GMT. The time now is 06:39 AM.

Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.1
vBCredits II Deluxe - vBulletin Mods & Addons Copyright © 2010-2014 DragonByte Technologies Ltd.
Feedback Buttons provided by Advanced Post Thanks / Like v3.1.6 (Pro) - vBulletin Mods & Addons Copyright © 2014 DragonByte Technologies Ltd.
The logos and trademarks used on this site are the property of their respective owners.
We are not responsible for comments posted by our users, as they are the property of the poster.