Click here to see the screenshot of access diver in expert mode...
Click here to download access diver...
Disclaimer: This is an insight into how I do it. It's not the only way and it's probably not the best way but its my way and it works. If it works for you - share the knowledge with those who want to learn and share the fruits of your efforts with those who want to wank! Part 1 - How is it possible?
1) Humans love porn 2) Humans are lazy
How does this help us find a login for your favourite left handed web site? well.....
1) above tells us that if we take a normal red blooded male (with more money than internet sense and a permanent hard on) who is prepared to shell out some of his hard earned cash on a subscription to www.stickitupmy****.com then there is a very good chance he will also be prepared to shell out a little more on subscriptions to www.stickitupmyass.com or even www.****myarmpit.com too (for when he feels like a change - in fact he may well be a fully paid up member of 5 or 6 adult pay sites.
2) above tells us that he does not want to have to remember 5 or 6 different login:pass combinations because it makes his brain hurt, so he will probably use the same login:pass for all of his subscriptions. So, for instance, if some person with a little more computer savvy than the administrator of one of the porn sites happens to break into that porn site's server and finds the password file then as well as liberating lots of valid login:pass combos for that site, there is a very good chance those combos will be valid for several other sites as yet unknown.
2)above also tells us that he will probably choose a login:pass combo that is easy for him to remember - and for that read easy for anyone to guess. So there is a fairly good chance that the imaginative Login=dave Pass=dave or Login=qwerty Pass=asdfgh will be valid combos for an extraordinarily large number of sites.
So bearing all this in mind, to start your journey into the wonderful world of cracking all you need is a fair sized list of these combos and a program that automates the process of entering them into the site login:pass box........or is it.
There is one more very important ingredient you will need. Lots of adult sites will detect that a single person (ie you) is trying lots of different combos to try to gain access and will react by not allowing access from your ip address even with a valid login. They may go further and report this dubious behaviour to your isp and may even report this attempted theft of their electronic property to the police. No 5 minute wank is worth losing your account with your isp and possibly a large fine or worse! To get round these possible spanners in the works you will need an anonymous proxy (or realistically as big a list of anonymous proxies that you can find) Part 2 - Where do I get these 3 essentials?
1) A brute force program - There are several good programs available to automate the task of inputting lists of login combos into a pay site via an anonymous proxy. I use Accessdiver (www.accessdiver.com) but there are others such as goldeneye, ares and hackttp. Accessdiver has many extras which make it my choice such as a facility to find and check anonymous proxies and a tool for making combo lists
2) A combo list - A good list is what seperates the adequates from the greats. I make wordlists by doing the following: Leech passes from password sites such as www.ultrapasswords.com, Turn on channel loggig in your irc client and leech passes from the logs (Crackers frequently post whole lists of passes in the channel) remember it doesn't matter if the logins no longer work for the sites they are posted for - they may well work for sites they haven't been tried on yet.
3) A list of working anonymous proxies - there are sites on the web with lists of proxies - try looking on www.neworder.box.sk or packetstormsecurity.org for proxy sites- Cracking sites will frequently have a proxies page also. Proxylists can also be found on irc - try asking channel ops if there is an automatic dcc trigger for an up to date proxylist. Part 3 - How do I use accessdiver to...
1) Get a decent wordlist. Fire up AD (Current version is 4.76) and go to My Skill on menu bar - set it to "expert" and never set it to anything else. Go to dictionary|web word leecher To leech websites -In the box marked zone type in the EXACT url of the page containing the passes you wish to leech eg
http://www.ultrapasswords.com/index.html and press the + button. Repeat this for as many pages you wish. To leech passlists or irc logs - press the "extract logins from a file" button on the left and browse to your file eg c:mirclogs#hackedxxxpasses.log and press open. Repeat for all local files you wish to leech. Now press the "start leeching" button. A list of combos will appear in the right hand pane. Go to wordlist on the menu bar and remove duplicates then press the "save to disk" button to save and the "add in wordlists" to start using them straight away. You now have your first wordlist.
2) Find anonymous proxies In AD go to proxy|web proxy leecher To leech websites - In the url box type in the exact url of the page containing the proxies eg http://www.proxy.com/index.html and press the + button. Repeat this for as many pages as you wish. To leech proxylists - press the "add a file to the list which contains proxies" button on the left and browse to your proxy list eg c:mircdownloadsproxylist.txt and press open. Repeat for all local files you wish to leech. Now press the "start leeching" button. A list of proxies will appear in the right hand pane. Press the "add these proxies in" button and select the proxy analyzer. go to the proxy analyzer tab, set your timeout to 15 seconds(small box at the bottom of the screen) then press the speed/accuracy tester. After this check you will see all the proxies which are no longer valid. press the button with the brush on it and select "delete bad results and timed out" Don't be surprised if loads of your proxies are deleted at this stage - proxies die quickly. Next select all remaining proxies and press the "confidentiality tester" button. Anonymous proxies are ranked from 1 (best) to 5 (worst) delete all proxies that don't have a ranking. select the rest (or choose the fastest ones if you have lots) and press the "add proxy" button to save your selection as the active list. Part 4 - Ok so I've got everything I need, how do I Crack a website?
So you have Accessdiver up and running with your newly made wordlist and your freshly checked proxylist, how do you turn that into a members only wankfest? Well, you're almost there. Visit the site you want to crack and find the members login url - thats the link that throws up the login and pass box eg http://members.privategold.com/restricted. Paste that url into the "server" box at the top of the screen. Go to the settings tab and check the "let a bot retry on abnormal replies" and "always force a security test" boxes. Make sure temporisation is unchecked. Redirections mean nothing special! Go to proxy tab and check "use web proxies" Check change proxy on redirections, fake replies and errors. Set the bots slider at the top of the screen to about 50 and press standard. You should see a "progress" box with a whole column of "401-unauthorised" replies. If so everything is going according to plan and with a bit of luck you might see a cracked login appear below the progress column. Congratulations, you just cracked your first site!! Part 5 - What should I look for while the test is running?
Keep an eye on the progress page! -If you want you can gradually increase the number of bots; on a 56k dialup with no other online activity you should be able to run around 75-80 bots. Too many bots will cause a sharp increase in 404 errors. If you see the 404s increasing, decrease the bots. A large number of 403 errors means the site is going to be a bit of a challenge and will probably need a lot of proxies to crack it. You can maximise the life of each proxy by checking the "rotate proxies" box on the proxy tab. The number of logins before rotating will vary from site to site and its a matter of trial and error, experience and advice to get it right. If the test seems to be going extremely slowly - give up and try another site. Some sites just weren't made to be cracked by beginners! Part 6 - Anything else I should know?
This is a very basic introduction to cracking adult sites. You can't have your hand held forever so if you want to get better at it you need to put some effort into it. Play around with the program. Experiment with different functions but specifically become familiar with the exploiter facility - it can sometimes deliver golden eggs! On the web word leecher, go to the urls found tab and check the box marked extract urls during the process. Save the cracked sites found in your history. Learn how to "refresh the login status" of the sites in your history. Download a copy of Raptor and use it to compile wordlists and site lists. Keep updating your main wordlist but keep your old ones too! Some sites are not crackable using this method - the ones that do not allow the member to choose his own login or pass . iBill frequently - but not always - use this method. don't waste your time on these sites.