OP 17 July, 2022 - 02:27 AM
(This post was last modified: 26 March, 2024 - 03:48 AM by CDSG. Edited 40 times in total.
Edit Reason: Guide updated.
)
Introduction
Beginner guide regarding account pentesting
General Concepts
Common Words
Quote:C.P.M
Check Per Minute
How many checks are made by minute.
Combos / Wordlists
Combination of Email:Pass, User:Pass, Phone:Pass to vulnerate accounts and get valid accounts.Proxy / Proxies
A web proxy server, also known as a proxy is an application-level gateway
Server sits between you and the Internet.
The proxy server replaces sent data as original sending server.
Proxy Protocols
For only cracking related you would use Socks4, Socks5, HTTP and HTTP/s
HTTP (Hypertext Transfer Protocol) Proxy, HTTPS (HTTP Secure) Proxy, SOCKS (Socket Secure), FTP (File Transfer Protocol) Proxy, SMTP (Simple Mail Transfer Protocol) Proxy, POP3 (Post Office Protocol 3) & IMAP (Internet Message Access Protocol) Proxy
Network layers
Pentesting Related: IPV4, IPV6
Proxy Type
Quote:Datacenter Proxies [ Might be banned from some API's ]
Datacenter proxies come from secondary corporations, not ISPs, offering high anonymity and private IP authentication.
Residential Proxies [ Best for cracking as usual ]
With residential proxies, pick a specific location and browse as if you were a local, hiding your true IP behind a legitimate user ISP.
Rotative Proxies [ Rotative doesn't means it's good, just it rotates through an IP-Pool ]
Rotative proxies switch your IP either at set intervals or every request, cycling through a pool provided by the supplier.
Static Proxies [ Static isn't bad, just not so good for cracking / account pentesting ]
Static proxies keep your IP the same for every request, maintaining your original IP throughout.
Sticky Proxies [ Might be useful related to making account creation and not checking ]
Sticky proxies are a type of Datacenter proxy that maintain the same IP for a session or a specified period.
Cracking Concepts
Common Words Inside Cracking Community
Common Words Inside Cracking Community
Quote:Config
OpenBullet configuration made from loliscript.
it uses the API, headers and requests to do massive requests at target and test each account to provide a valid account.
Checker
Same function as a openbullet configuration
Can be customized with custom threading, format and more.
Dumper [ SQL Injection Exploit ]
Tool used to exploit the SQLI vulnerability.
Used to get Rows from Databases
A.K.A Combos.
Google Dorking
This refers to using Google search techniques to hack into vulnerable sites or search for information that is not available in public search results.Tool used to parse URL's to get vulnerables websites using any search engine.
Dork Parser
Vuln Scanner
canner made to get Vulnerable Website with injection vulnaribilities.S
Example of vulnerable DataBases
How to start?
Guide step at step
Guide step at step
Quote:First of all you need to get a checker or OpenBullet.
You can get OpenBullet in github or just click here
I like more "SilverBullet" than Openbullet, but is my opinion.
You can get OpenBullet configs in Config Section or buy configs in Sellers Marketplace
Remember:
Most of OpenBullet Mods (Like SilverBullet) have their own extension
Default extension for OpenBullet config is ".Loli"
Extension for SilverBullet is ".SVB"
Extension for Anomaly is ".Anom"
Extension for CyberBullet is ".CYB"
After you get some configs, drag all of them to the Configs Folder (Follow the video)
Rescan to get your configs
Get some Combolists and add to your openbullet
Follow the video
Get Proxies and add to your openbullet
Follow the video
Make a runner and start checking!
The bots are the threads, more threads = More PC usage (RAM and CPU) but gives more CPM
Follow the video
Combolist Section
Spoiler: