Ok so it has come to my attention a lot of the guys who are wanting to get into cracking know very little about combos and such, what they are and how do you get them so I thought I would write a little reference guide for all the new comers!
Combos
Need a question answered? Post it and i'll reply if i see it. What other things would you like information about?
Combos
- A combo "combos" are a user:pass login which can either be real or fake.
- These can be obtained several ways for example: Scraping, SQLi (SQL injection, a form of hacking into a website to then dump the real user:pass database) and using public dumps of combos
- You do NOT look for combos aimed at specific sites, any user:pass could work on any site, you could use SQLi on a porn site and get hits with runescape, two totally unrelated. Most new people really don't understand this.
- A config is a .ini file which goes into the program SENTRY MBA, it contains information about the target site which allows sentry to direct to the URL, try a combo and determine if the account is a hit or not.
- Making a lot of configs isn't hard, sentry is built for making configs and has a whole GUI on it. Some sites require advanced features such as OCR and try to trick bruteforcing softwares but sentry has many features you can config to bypass this, this is where config making can be difficult.
- I wont go into what a proxy is but it is essentially an IP that sentry will use to try the user:pass of a site, they are used because a lot of sites ban you after a certain amount of tries. This allows sentry to try hundreds of logins rather then just 3 every 5 minutes or whatever the lockout is
- They can be obtained many ways for example: Scraping with programs like proxy goblin, proxy shark or anything else, you can find MANY public lists on the internet and some are actually quite good, you can buy them for cheap from websites such as good-proxies.ru and best-proxies.ru (can't verify quality)
- Basically without going into lines and lines about proxies you want to be using SSL proxies for most things.
- Need public proxies? http://www.sslproxies24.blogspot.de
- Need paid proxies? https://buy.fineproxy.org/eng/
- SQLi which stands for SQL injection is a form of web hacking which can be extremely advanced, you use this to gain access to databases and dump the user:pass for cracking.
- You do NOT need to know manual SQLi to dump databases although it will let you understand what you are doing, programs like SQLi dumper are 100% noob friendly GUI tools which anyone can figure out
- Dorks can be found, made or bought. Go look on google, public dorks still give good user:pass to but more then likely you will be sharing them with others who have already cracked the site but many do not change the passwords (take me for example, I crack and never change)
Need a question answered? Post it and i'll reply if i see it. What other things would you like information about?