[Tutorial] Getting into cracking for first time

[20]

this is really useful thank you

[18]

Be sure to leave a like after reading it, I spend 1 hour to write this and source individual information. 


Hi, looking to get start cracking for your first time? Look no where else, read this first. The little basics.

What is cracking?

Show ContentSpoiler:

Cracking or another term as credential stuffing is a type of cyberattack where stolen account credentials typically consisting of lists of usernames and/or email addresses and the corresponding passwords (often from a data breach) are used to gain unauthorized access to user accounts through large-scale automated login requests directed against a web application(usually on an application) like sentry mba. 

 

Types of account credential?

Show ContentSpoiler:

 When we talk about credential stuffing, we need one kind of thing to make it work. We call them "Combo-list". 
They consist of list of username/password or email:password combination. Below is an example.

 

Credential list example:

Show ContentSpoiler:

 crackedexample:12345678 (username:password) format
[email protected]:12345678 (email:password) format 

 

How credential are obtain?

Show ContentSpoiler:

 They are obtainable through a process called SQL Injection. It's a code injection technique to gain administrator access for databases. It works by extracting information like emails/username/password. But, it only works on site that are vulnerable for such attack.

 

How is the credential extracted?

Show ContentSpoiler:

 You should have heard of SQLi Dumper and other tools similarly to these. SQLi Dumper is an application that uses dorks to find sites and later on finding vulnerabilities in those sites and perform an SQL Injection on them, allowing you to extract the database.

 


Type of application?

Show ContentSpoiler:

 Commonly used and found are Sentry MBA, and other made software tools like SNIPR/BlackBullet/Standalone Checker.
Commonly used for Email Access are AIO/Woxy/Mailflow.

 

---

Usage

Show ContentSpoiler:

 Combos -  Combos are found extracted on site with SQL Injection attack and mostly on vulnerable site as such. The password may be hashed encrypted in sha or md5 thus requiring you to de-hashed them.

Web Application - SNIPR/STORM/SENTRYMBA typically use to acquire account from the credential list from breach site.
Storm:https://stormapp.org/
SNIPR/CRACKED:https://snipr.gg/ / Cracked version can found on this forum.

Proxy - Public Proxies(Low Quality) / Premium Paid Public List(Medium Quality) / Private Sources(High Quality)

 
Storm:

1. Download configuration file, https://cracked.to/Forum-Configs--82
   
2. Drag the configuration file and place it on the config folder, the same folder as storm.
   
3. Run Storm
   
4. Load your credential list
   
5. Load your proxy
   
6. Set the required thread based on the config, and start running
   

SNIPR:

1. Open up SNIPR.exe if you're using the paid version if not open up SNIPR Local.exe if you're using the cracked one.
   
2. Tick the configuration module you like
   
3. Choose the type of proxy you're using, HTTP/s or Socks 5 or Socks 4.
   
4. Choose the thread, recommend 150. Max 500 
   
5. Load the credential list and it will start the checking right away.
   

PROXY:

Show ContentSpoiler:

 First off from your first time of cracking, I would not highly recommend you to get a private proxy source right away.

 


Type of Proxy?

Show ContentSpoiler:

 Public proxy - free and can be found everywhere and they don't last long cause they're shared with everyone.
Paid public - proxies are constantly updated by verifying proxy ratio found on various sources. They last quite awhile and all of them have the speed of below 300ms 80% of them un-comparable to free public list. 
Private proxy - No explain is needed here, high-quality. 

 

Public Proxy:
Recommended you to use gatherproxy scrapper.

Paid Public List(CHEAP):

1. https://proxy-grabber.com/premiumproxy.php
   
2. https://good-proxies.ru/
   
3. http://premium.freeproxy.ru/
   
4. https://premproxy.com/
   
5. https://proxies24.com/
   
6. https://hide.services/
   
7. http://cmproxy.ru/
   
8. https://top-proxies.ru/
   
9. http://own24.ru/
   

Private Source:

1. http://stormproxies.com/
   
2. https://starproxies.com/
   
3. https://www.proxyrack.com/
   
4. http://www.vip72.com/
   
5. https://rsocks.net/
   
6. https://buy.fineproxy.org/eng/
   
7. https://moxyproxy.pw/
   
8. https://exproxy.ru/
   

List of good site to start cracking on without the need of good quality proxies :

1. Hulu
   
2. Spotify 
   
3. Minecraft
   
4. ExpressVPN
   
5. Fitbit
   
6. Crunchyroll
   
7. Deezer
   
8. Tidal
   

---

Email Access:

Show ContentSpoiler:

 Email access are email accessible account that is acquire on a email-checker tools like AIO/Woxy/MailFlow etc. Not only you have access to the account on the website, but you can also login to the email. This usually boosts the value of the account by a significant amount. Download thunderbird, https://www.thunderbird.net/en-US/. An essential tool for email accessible account. It can almost login with any domain 

 

Profits?

Show ContentSpoiler:

 There is many and various way of earning money through cracking. Let's say you can sell some VPN Account/Spotify/Netflix or anything you like on ecommerce site or forums. But, selling of runescape golds are even better.

What to do with the profits you earn?

Show ContentSpoiler:

 Do whatever you like. Supporting your own family ? Pretty much I'll say don't stop learning. Keep going.

 

sheesh

[32]

thanks bro for this post

[12]

yes just what i needed