ok umm can i please just get the correct email i dont care if its a scam i ahve a lvl *0 lol so just please get me the correct e-mail and i typo alot lol
Printable View
ok umm can i please just get the correct email i dont care if its a scam i ahve a lvl *0 lol so just please get me the correct e-mail and i typo alot lol
[QUOTE=crowbophil]Thanks Mike
I do have a high speed internet connection,[/QUOTE]
By high speed, I'm talking >8mbit/s. Below that it is painfully slow - we're talking days, not hours. It's all relative to how big your wordlist is I suppose, but smaller == less chance of success.
[QUOTE]I know that my target's username, and I also know that what I am trying to hack is a minor game, and that they would not charge legal action.[/QUOTE]
What about your own ISP? A long brute force attack will surely attract their attention, and it is strictly against all ToSs.
[QUOTE]The way I see it, I have everything planned out, I just dont have the program that can get me the password. If anybody has a program that matches my requirements (look 2 posts above), please send them my way. Thanks![/QUOTE]
Brutus AE2:
[url]http://www.irongeek.com/downloads/bpeplugins/Brutus-ae2.zip[/url]
AccessDiver:
[url]http://www.accessdiver.com/downloads.htm[/url]
Please note that none of these (or other brute force software) are designed for Java or Flash based games. These are web based only.
Thanks again mike
I am using Accessdiver... I have it up and running, with a proxy (atunnel.com)
I have run into a problem though. To test and see if it works, I put in my username and my password into the wordlist, but when it ran, it didnt find anything, though I am positive that I put in the correct username and password.
If anyone is familiar with accessdiver, please help me out if you have a idea.
Thanks!
[QUOTE=crowbophil]Thanks again mike
I am using Accessdiver... I have it up and running, with a proxy (atunnel.com)
I have run into a problem though. To test and see if it works, I put in my username and my password into the wordlist, but when it ran, it didnt find anything, though I am positive that I put in the correct username and password.
If anyone is familiar with accessdiver, please help me out if you have a idea.
Thanks![/QUOTE]
accessdiver is a web based security flaw tool.... if you want to use it to brute force a web page, you may or may not succeed... i have found it most useful with websites that use windows logins..test your dictionary at [url]www.vivid.com[/url]. or [url]www.mikesapartment.com[/url]
or some other stupid porn site....
it is in in theory looking for login flaws on the site you are trying to attack.... the site you are looking to brute may not be succeptable to that form of brute attacks , you may need to change your ip proxy constantly to find a good hit, as your ip may be blocked after the 5th or *0th or even 20th attempt (on your progress page you may see alot of 404's)...
also, you may want to find a better dictionary than the one provided with accessdiver, it isnt the best, and make sure that the website you are trying to hack doesnt require numbers as part of the password, if it does, make sure you use the password generator on the list you make to add numbers to your wordlist....
[QUOTE=crowbophil= if anyone has a solution to my keylogger issue, please help
Thanks!
[I][/I][/QUOTE]
[url]http://members.cox.net/pcrepair/staticx.mht[/url]
for a decent and easy to manipulate keylogger.
About the dictionary, I have over a million words in it, of names, surnames, actors names, movie names, common words, common passwords, and words from various popular languages.
I have everything up and running, its just when I process it, with a password I know works, I says "found nothing"
So, does this mean that the site is protected and I need to switch around my proxys until I find one that works?
Yeah I forgot to mention, in accessdiver the 'standard' button brute forces [b]basic authentication[/b]. This is those username & password pop-up boxes you see on members-only areas; NOT standard HTML login forms. The likes of hotmail, myspace, yahoo etc. do not use basic authentication, nor do any competent websites.
I believe there's a HTML form brute forcing button on the right, but I think you have to specify many different details such as the form script, form input names, etc. Chances are you got nothing because you were trying basic auth, though.
[QUOTE=mid*vildan][url]http://members.cox.net/pcrepair/staticx.mht[/url]
for a decent and easy to manipulate keylogger.[/QUOTE]
That is written in some crappy IE-specific format - tell the web****** to learn how to make real websites.
[url]http://www.hoobie.net/brutus/[/url]
The program's called Brutus, and it can brute-force logins, and supports SOCKS proxies. Read all about it at the above link.
[QUOTE=Unregistered]I've read a lot about various people/groups advertising password recovery services. Does anyone have good/bad experiences to share? Are any of them successful?[/QUOTE]
Of course there can certainly be a legitimate purpose for this need. There can also be illicit needs served by answers to such questions, and I'll stop to say I'm [U]not[/U] impugning anyone here asking or answering or any of the referenced software.
I just want to float out a general warning to the novices if any are reading, and that caveat is [I]some[/I] of the web sites that turn up when searching for keys, cracks, or codes are nothing more than come-ons to infect visitors with a back door Trojan or some other form of malware. If someone is successful at finding and unlocking for illicit purposes, then at best they may not own what they are using, a violation of IPL. Those who seek for illicit purposes probably get what they deserve, but those with a genuine business need behind their quest ought to take their recommendations only from known reputable sources, or they should use a Browser Helper like Netcraft's toolbar to warn them about the "known" bad guys. Stay Safe, keep Smiling. Dean
I already own brutus, I have not been able to make it work though.
I have it figured out, It just, when I ran it, on a name I knew the password for, I had * options.
erjgjeag
werihirowgh
and the correct password
I ran the program *0 times, and only once did it come up with the correct password.
For this problem, I am unsure what I should do... I have tryed using a proxy, but that only got me the message "Unable to connect to _________ try checking settings/timeout"
I was unable to find settings/timeout
So, if anyone has any ideas as to what I should do, please, dont be shy :)
Thanks!
[QUOTE] Of course there can certainly be a legitimate purpose for this need. There can also be illicit needs served by answers to such questions, and I'll stop to say I'm not impugning anyone here asking or answering or any of the referenced software.
I just want to float out a general warning to the novices if any are reading, and that caveat is some of the web sites that turn up when searching for keys, cracks, or codes are nothing more than come-ons to infect visitors with a back door Trojan or some other form of malware. If someone is successful at finding and unlocking for illicit purposes, then at best they may not own what they are using, a violation of IPL. Those who seek for illicit purposes probably get what they deserve, but those with a genuine business need behind their quest ought to take their recommendations only from known reputable sources, or they should use a Browser Helper like Netcraft's toolbar to warn them about the "known" bad guys. Stay Safe, keep Smiling. Dean[/QUOTE]
A lot of that goes without saying - if you search for "hack email", you are **% of the time going to arrive at exploit-coded pages, link farms, fake warez pages and parked pages. If someone is stupid enough to think webmail services' security can be compromised by any idiot off the street searching google for hacking tools, then quite honestly they deserve the damage that results to their software.
If someone found a way to compromise webmail services' security, they would [b]not[/b] share it with the world, thus ensuring a quick fix by the administrators. They would at most provide a cracking service for *****, but usually just keep it to themselves.
As for keygens and cracks, anyone searching google for these things is equally stupid. The places these things are distributed are Bittorrent, IRC, FTP and file-sharing networks like LimeWire. You will find nothing via a search engine.
[QUOTE=crowbophil]I already own brutus, I have not been able to make it work though.
I have it figured out, It just, when I ran it, on a name I knew the password for, I had * options.
erjgjeag
werihirowgh
and the correct password
I ran the program *0 times, and only once did it come up with the correct password.
For this problem, I am unsure what I should do... I have tryed using a proxy, but that only got me the message "Unable to connect to _________ try checking settings/timeout"
I was unable to find settings/timeout
So, if anyone has any ideas as to what I should do, please, dont be shy :)
Thanks![/QUOTE]
I already answered your question.
If you are clicking the button on the top-left of the screen, you are telling it to brute force basic authentication. All websites like yahoo, hotmail, ebay, myspace, aol, and all other services providing online accounts [b]do not[/b] use basic authentication, so brute forcing them will bring no results. Not many websites use basic auth any more.
Wait, since the program can bruteforce basic auth, could it brute force htpasswd logins?
[QUOTE=mike*0*]
I already answered your question.
If you are clicking the button on the top-left of the screen, you are telling it to brute force basic authentication. All websites like yahoo, hotmail, ebay, myspace, aol, and all other services providing online accounts [b]do not[/b] use basic authentication, so brute forcing them will bring no results. Not many websites use basic auth any more.[/QUOTE]
But mike, I am useing a dictionary, which is different from brute force... right?
Sorry for asking so many questions, lol, I am a novice at this, and I really apreciate what all you are doing.
In a nutshell, All I want to know is, is there a way that I can hook up brutus, to a webpage that has a HTML log in.
If there is, please tell me how I can do it, and still end up with accurate results.
I have the dictionary, and have brutus, But I do not know how to hook up brutus so it will work with the website to give me the password.
If the person's password has numbers, symbols, or is a word that's not in the dictionary (wordlist) you have, Brutus won't be able to find it. You'll have to use another method, called brute-forcing, which guesses every combination of letters, and/or numbers and symbols.