Ez Cracking Method By OptiFlex

1. EZ CRACKING METHOD EVEN MONKEY CAN DO!
2. # made by OptiFlex <3
3.  
4.  
5. The programs we will be using are:
6. 1) SQLi Dumper
7. 2) Notepad++
8. 3) Dork Generators by N3rox and JohnDoe
9. 4) Sentry MBA
10. 5) Gather Proxy
11. 6) Online Reverse Hash Tool
12. 7) Sandboxie (You can get if from Here because i don’t have it included in the .zip file)
13. DISCLAIMER: IN THIS GUIDE I AM USING SANDBOXIE TO OPEN THE PROGRAMS FOR MAXIMUM
14. SECURITY. I HIGHLY RECOMMEND USING SANDBOXIE TOO OR A VIRTUALBOX/RDP. I AM NOT R
15. ESPONSIBLE FOR ANYTHING THAT HAPPENS TO YOU FROM THESE PROGRAMS. MOST OF THE
16. ANTIVIRUSES WILL FLAG THE FILES AS VIRUS AND DAMN RIGHT THEY ARE, MOST OF CRACKE
17. D PROGRAMS ARE FULL OF VIRUSES. JUST ADD AN EXCEPTION AND ALWAYS RUN IN SANDBO
18. XIE/VB/RDP. DOWNLOAD AT YOUR OWN RISK.
19. Just for a heads-up:
20. Sandboxie will frequently pop-up a window and ask to recover files for future use. Just recover each one f
21. or them. Don’t forget to clean your Sandboxie contents from time to time. You will also need to have .Net
22. Framework 3.5 and 4 installed on your machine for the programs to work correctly. Search Google how to
23. get them.
24. To open the programs, Right Click &gt; Run Sandboxed.
25. The default Sandboxie location should be this. So you can know where the text files created from the prog
26. rams are stored.
27. CHAPTER ONE: Making the dorks.
28. Dorks are used in SQLi to create a list of URL’s where we can analyze and find which ones can be exploit
29. ed. So, let’s learn how we can create our own dorks, shall we?
30. Firstly, open the two dork generators by N3rox and JohnDoe, as well as the Notepad++.
31. Step 1:
32. Go to the dork generator by JohnDoe and click the letter D, as shown in the image below, until the boxes
33. are clean. If they are already clean, skip this step.
34. Step 2:
35. Now go to the Grabber tab and press Load.
36. Step 3:
37. Load the url text i included in the zip file. (The program interface sucks, sorry for that, its JohnDoe to blam
38. e)
39. Step 4:
40. Wait for the program to complete loading.
41. Step 5:
42. Copy the Page types p.2 contents.
43. Step 6:
44. Go to Notepad++ and make two new files.
45. Step 7:
46. Paste in the contents of the box we copied just a second ago.
47. Step 8:
48. Go to Search &gt; Replace.
49. Step 9:
50. Press the “Space” button on the first box and “Backspace” on the second box, so we can remove all the s
51. paces from the lines. Click Replace All.
52. Step 10:
53. Now, search all the lines and remove any weird marks, until there are only words like “example=”.
54. Step 11:
55. Now go to Page Types box in JohnDoe’s generator and copy all the contents, and paste them in the seco
56. nd file you created in Notepad++, search all the lines and delete all the bad types until there are only good
57. ones left. Just like we did before, we keep only the good lines. If you didn’t understand what “bad types”
58. meant, just write down the same page types as mine.
59. Step 12:
60. Now go to the N3rox’s generator and write down some words in the first box on the left, for example “stea
61. m, money, LoL, bf1… etc” and separate them in their own lines. Also, copy and paste the clean page type
62. s and page types p.2 we made a while ago from Notepad++ to N3rox generator, in their own boxes, as sh
63. own in the image below. Click Generate. (i used translated page types p2 and keywords to German, so i h
64. ad German dorks. Use any language you like, the best and most common is English. I will also show you
65. how to translate them in a few steps below.)
66. Step 13:
67. The dorks file should be in the folder where you placed the n3rox generator. If it isn’t there, check the San
68. dboxie folder, like i showed you a few steps above. Congratulations, you just made your own dorks and y
69. ou didn’t even pay for them.
70. Step 14:
71. If you want to make dorks in other languages so you can get accounts of that nationality, go to the Transl
72. ator tab in JohnDoe’s generator and write your keywords in the Name of Pages tab, select the language,
73. press Translate and wait for the process to finish. After that, you can copy the translated contents and pas
74. te them in N3rox’s generator.
75. So, what we did basically was generate the Page Format and Page Types from the URL’s and we used th
76. em to make new dorks. We cleaned them and we also translated them so they are even better. We used
77. JohnDoe’s generator to generate the Page Formats and Page Types, and we used N3rox’s dork generato
78. r to generate the dorks, with those Page Formats and Page Types. You can also import your own URL’s a
79. fter finishing with SQLi Dumper, as i will show you later on, so you can generate more Page Formats and
80. Page Types. This is the hardest part of all the process of account cracking and it’s not even that hard lol.
81. What you need is some imagination for the keywords and that’s all the fuss. Let’s move on to the next cha
82. pter.
83. <strong style=””><font color=”#ff9933″>CHAPTER TWO: Making the combo lists.</font></strong>
84. Now is the time to use the dorks we made, to make our combolist. We will be using SQLi Dumper to make
85. some good combos so we can test them later on. Let’s begin.
86. Step 1:
87. Open SQLi Dumper and make sure it looks exactly as the image below.
88. Step 2:
89. Now, open your dorks text file with Notepad++ and copy your dorks. (Don’t copy more than 15k because y
90. our SQLi Dumper will crash 100%). Now click Start Scanner and wait until you have about 10-20k URL’s.
91. If your SQLi dumper does not get any URL’s, make sure you have it unblocked from your firewall and anti
92. virus and restart the program. If it still doesn’t load any URL’s, load the ones i gave you in the .zip file by cl
93. icking the Import button, and press Start Scanner. If it still doesn’t work, then GG. See you in a while, after
94. you get some URL’s. After you see it has about 10-20k Valid Added, press the Cancel button. It doesn’t s
95. top at 100%, that’s why we have to do it manually, based on the Valid URL’s added.
96. If the valid added stay the same number after 15 mins, click cancel. If you Loaded 20k dorks and you got
97. 1k URL’s after 3012831280441279410274 days, you have bad dorks.
98. Step 3:
99. Now go to the Exploitables tab and press Start Exploiter. Use as many threads as you want, i use about 3
100. 0.
101. Step 4:
102. After it has completed exploiting, (you can see if a process has completed by looking at the bottom of the
103. SQLi Dumper, it says Exploited thread done, exploitable detexted: X. If you dont see such message, then
104. you need to wait until it’s done. ) it should look like this. (keep in mind that antivirus messages may pop up
105. , saying that a webpage was blocked. Thats ok, nothing to worry about.)
106. Step 5:
107. Go to the Injectables tab and press Start Analizer. I use about 30 threads again. Wait for the process to c
108. omplete. Note that your SQLi Dumper may crash during any of these processes. If it does so, just recover
109. the files in Sandboxie and reopen the program and continue from where you were left.
110. Step 6:
111. After the Analyzing process is complete, your Dumper should look like something like this.
112. Step 7:
113. Click the Method tab, until we have all the Unions sorted from the Errors.
114. Step 8:
115. Click The [+] box in the bottom left corner of the dumper.
116. Step 9:
117. Check 2 boxes out of 4. Write in what you want your combolists to be about. I used username and passw
118. ord because i want my combolists to be of usernames and passwords. You can also have 1 box checked.
119. You can also write in anything you want, such as email and password, name and lastname, credit card n
120. ame and credit card number, etc
121. . Also make sure Current DB is checked and Collumns as default.
122. Step 10:
123. Select all the Unions with the SHIFT button and click Start. A new window will pop-up. Wait for the proces
124. s to finish. Don’t close this window. EVER.
125. Step 11:
126. Scroll down until you find a database with a good number of Username or Password rows. If both Userna
127. me and Password have the same number, its perfect. If you only see Username or Password, its ok too, b
128. ut the database may not have good combos. Its all about luck here. Select a database with more than 5k r
129. ows.
130. Step 12:
131. After you found what database you want to crack, select the URL’s name and click Go to Dumper &gt; Du
132. mper Form.
133. Step 13:
134. This is the time where you need to guess. Click on a column you think the combolists will be at and press
135. Get Columns.
136. Step 14:
137. I found mine, so now i click on what i want to dump. In this case i only want to dump usernames and pass
138. words. Check on anything you want to dump and press Dump Data. If you had a large number of rows, thi
139. s is gonna take a while to complete. Also, if the Dumper crashes here, i feel sorry for you son, you cant do
140. something about that, you need to restart dumping the data from the beginning.
141. Step 15:
142. As you can see, i got very shit combos. If you get bad combos too, press X which is under Schema tab an
143. d search for a new URL.
144. Step 16:
145. After you dumped your data, press Export data. A new window will pop up, just make sure it is as mine. Pr
146. ess start when you are done.
147. Step 17:
148. Click save and find the text document you just saved. Check the Sandboxie location if you cant find where
149. you saved it. Open the text file and remove the first lines until you only have your combos in there.
150. If your passwords are not encrypted, you can skip chapter three and you can go straight to chapter four
151. . If your passwords have a weird format like mine, we need to find out which type of Hash it is and we nee
152. d to dehash it.
153. Dumping data from a database is all about luck.
154. If your SQLi Dumper keeps crashing, you can dump databases with SQLMap, that never crashes (i canno
155. t post how to do it because SQLMap keeps updating and the commands keep changing all the time. You
156. can search on google or youtube how to install SQLMap and how to use it. I am currently using it on Kali
157. Linux 2016 on VMWare Workstation 12).
158. You will either get good combos or you will get shit. Just never give up, and always keep trying. You can a
159. lso save your Trashed URL’s to generate new combos with JohnDoe’s generator.
160. CHAPTER THREE: Dehashing the passwords from a combolist.
161. Step 1:
162. Open ORHT ad click Ok. If you have opened ORHT and you cant find the window or you minimized it acci
163. dentally, you can find it in the tray menu.
164. Step 2:
165. Click Main Menu &gt; Start From File, and load the Combo you dumped. My hash encyption was MD5, so
166. i have checked MD5 as Hash Type on the window.
167. Step 3:
168. Make sure your ORHT looks like mine. Click OK and after some time, a message will pop up saying how
169. many hashes were decrypted. Click OK again.
170. Step 4:
171. Go to Main Menu &gt; Save to File and make sure your OHRT looks exactly as mine. Click Ok and wait fo
172. r the process to finish. A message will pop up that will say sucess. Click OK and save your DEHASHED c
173. ombolists.
174. Basically thats it, if you dumped 100k combos, its most likely that 30% of it to be dehashed, but thats on lu
175. ck again.
176. CHAPTER FOUR: Checking the combos.
177. Before we start checking the combos with sentry, we need some proxies.
178. Step 1:
179. Make a new text document and name it proxies. Then open Gather Proxy and go to the Advance tab and
180. change the settings same to mine.
181. Step 2:
182. Go to Gather Proxy tab and press Start and wait for the program to finish. After its done, press SHIFT to s
183. elect all combos and copy and paste them in your proxies text document.
184. Step 3:
185. Open Sentry MBA and go to Settings &gt; General &gt; Load Settings from Snap Shot and load the config
186. of the site you want to check your combos. In my case, i will be using the NA League of Legends server b
187. ecause my database was from a site from the US
188. . In the .zip file i have all the League of Legends configs. If you dont want to check your combos for leagu
189. e or if you your combolist is email and password (email:pass) form, you can find all the configs you need h
190. ere from FORUM. I will not be posting them here.
191. Step 4:
192. Go to Lists &gt; Proxylist &gt; Clear List and then Load the proxies from the text document you made earli
193. er.
194. Step 5:
195. Go to Lists &gt; Wordlist and press clear combo if the upper left box is not clear. Press Open a Combolist
196. and choose the combolist we dehashed a while ago.
197. Step 6:
198. Go to Progression, set the bots to a high number (i go for about 90-110), click Start and Click start one mo
199. re time.
200. Step 7:
201. Wait for the program to finish, when all combos were checked as we can see from the bottom of the wind
202. ow, we can click Stop. Press SHIFT and select all the contents from the Hits tab and right click and save t
203. hem to clipboard. Make a new text document and paste them there. Congratulations, you have your ready
204. combos that work for that specific website/game, etc… In my occasion it was for League of Legends.
205. So here is the results:
206. The whole process is similar to the oil process. We take all the shit we can find and we filter it to a good re
207. sult. If you read carefully this whole tutorial, you have now learned to:
208. 1) Make your OWN dorks.
209. 2) Dump your OWN data.
210. 3) Make some good out of it.