Step by step AccessDiver tutorial


this are only made for http://ppw.npx.de/


Athena and Energy

26-03-2003

This tutorial is for complete beginners. I want to describe how AD should be set up and how to use it. I take no responsibility for misuse/abuse/law conflicts/destruction of your PC ;-)/etc.

All right... how do we start? With downloading the newest version of AD of course (I'm writing this tutorial using AD 4.113). Get it from www.accessdiver.com/download.htm. Run it and set "My Skill" level to expert. Now all options are visible. You should see this:

OK, it's time to set AccessDiver up. Most important thing is security - you don't wanna get caught for hacking into porn sites, do you? ;] What would your mother say... or your girlfriend? :o). You'll need to hide behind anonmous proxies. You can use Google to search for some sites listing them. When you find some (the more, the better), put them into WEB proxy leecher in AD.

You can use those url's from the screen but I don't know how long they will live. Right click on the "tick" button selects/unselects all sites you gonna leech from. Now click "Start leeching" and wait. When done you should see the list of extracted proxies on the right side. Click "Add these proxies in..." and select "Proxy Analyzer".

Click on one of proxies then press CTRL+A to select them all. Right-click over the list and from the menu choose "Remove duplicates". Again right-click and select "Find and Remove FBI and US Army proxies from the list". Now you can test if they're working. Tick "Auto-deletion of bad proxies after test completion", then click "Speed/Accuracy" button and wait...

Wait...

Wait some more...

Done. Now you should check anonymity od those proxies. You'll need a bunch of proxyjudges. Get a list from http://www.accessdiver.com/download/proxyjudge-scripts.txt. Choose few (not all because you'll wait years when testing) and put them here:

Now click "Confidentiality tester". AD will test proxyjudges first - this will take a while and will live you with one or two working PJ's. Next time it won't take so much time. When done, right-click over proxies and choose "Delete everything non-operational and not anonymous". You can also remove gateways (I don't do it).

And a little diggression from me - I've noticed lately, that there's huge group of proxies with ip 12.164.77.*. AD finds them working but they aren't. Probably gateway error. I've blacklisted them because they extremely slow down cracking process...

OK, Now you have a nice set of anonymous proxies (I usually get between 300-500). Just right-click and choose "Add selected proxies in your proxy list". In this menu set all options like on the screen.

You're almost ready for cracking but you still need a wordlist. You can search the Internet for some but no wordlist will be as good as your own list based on your needs. Good way to start is to leech combos from XXX password sites or password forums. The second option is much better because you'll get many more combos than from those full of pop-ups and scam sites where most passes are repeating anyway. Unfortunatelly AD doesn't have the feature to leech from forums (only usual sites), so you can use different programs to do that. Or go to a forum and save selected pages to disk, then use AD's WEB word leecher to do that. I prefer to do it manually because that way I have better selection of combos and I can make different wordlists for different type of sites to crack. When you know from what you wanna leech, go to this menu:

Put your url's/files there and click "Start leeching". When done, click "Add in wordlist" (right-click will add this leech on top of your current wordlist. AD will automaticly remove dupes. Here it shows:

At last you can start cracking. Type url of your wanted-to-get-in site here (remeber to type the url to the protected area):

and click "Standard" button. If the login is in HTML form, click "HTML" but first you'll have to set keywords for invalid login... I won't describe HTML form cracking now cause it's another story. Sometimes AD doesn't want to start cracking. Check if the url is correct. If yes, it's probably proxy's fault. Just choose another proxy from "My List" menu and try again. The nuber of bots depends on your connection speed, so you'll have to determine it yourself.

You're transfered to a new window showing progression of the attack.

In the upper frame you see the current combos being tried and the current proxies. On the left side are server's responses. If you get too many #404's, you'll have to change your proxy list. #403 error means that a current proxy or combo is forbidden. Try to lower the number of bots if you're reciving too many #500's. And finally in the bottom frame are our most wanted HITS :-) which are copied to the history section when the test is comleted.

You can play with these options as well.

If you get too many fake logins, set redirections to "I assume redirections are FAKE replies".

Well, I hope this small tutorial will get you started. So, have fun and many many hits. :-)

1