Chop thousands delogs

By luffy114

Introduction:

With this Ebook you will learn all the basics to

able subsequently to provide you with logs without any
worries, so simply that it will become a game
child! From the power of attorney of combolist to their use,
everything is illustrated and written in the best way so as to
allow everyone to understand.

Before we begin, please respect the work

that I have done on this ebook, I would therefore ask you to
do not share it except with my permission.

I wish you good reading and good fishing.

logs !

Let’s go!
 Summary:

I) Necessary vocabulary

II) Necessary Software

III) Easily obtain proxies (site + software)

IV) Presentation of dorks, how to obtain and create them

V) Obtain combolists with SQLI Dumper

VI) Organize your combolists with Notepad++

VII) Use Sentry MBA and obtain logs

Bonus: Decrypting passwords (MD5)

Bonus Video: Create configs yourself
 I)Vocabulary

– Proxy (or proxies):

A proxy is a software component that plays the role

by acting as an intermediary between two hosts to facilitate or
monitor their exchanges. This is what will allow you to test plenty
to hack accounts and therefore crack them without using your real IP, for sentry
MBA requires a list of at least 3000 proxies to make a
"good" crack assuming that 1/3 is unusable.

– Combolist (or wordlist):

A combolist is a successive list of identifiers retrieved from a

site by exploiting a vulnerability most of the time, there are 2 types:
user:pass and email:pass. Most of the time the identifier is separated from
password by 2 points (:)

Mail:pass is therefore a site with an 'email' first followed by its

password, for example: email@gmail.com:password

User:pass is therefore a list with a "username" first followed by

his password, for example: username:password
This list is less used than its predecessor because few sites
use a pseudonym as an identifier apart from sites like Brazzer
or Steam.

– Each combolist must be chosen according to the site where one wants
to crack accounts, one must know if the connection is established via the
bias of a pseudo or an email. Later on you will learn
how to obtain combolists but I can mention a few
interesting software:

SQLMAP: this software also exploits SQL vulnerabilities but is more

hard to understand and therefore will not be used in this Ebook.

SQLI Dumper: This is the software we will use, its simplicity.

is useful for easily obtaining combolists, it
exploit SQL vulnerabilities to extract data from the site.
– Bruteforce:
used to find a password. It involves testing, one by one,
all possible combinations. What we are going to do is a
variant of brute force, our technique will consist of testing all the
accounts from our combolist on a certain site of our choice.

– Configs

Configs are files with the .ini extension. These files are
usable on the Sentry MBA software that you will need during
this ebook. These are therefore files that allow for brute forcing
accounts on a site of our choice. Each site has its own configuration that
it can vary itself. They can be done manually or
found on the internet.

– Dorks :

A Google dork query, sometimes simply called a dork, is

a search term that uses advanced searches to
find information that is not easily available on
a website. Google dorking, also known as
Google hacking can return information that is difficult to
localize through simple search queries. This
description contains information that is not intended for
publicly available, but has not been adequately protected. It is
thanks to this we can find a site presenting an SQL vulnerability and
to exploit it using software (SQLI Dumper for example).

Example of dork:

inurl:"index.php?id="
 II) Necessary Software

First of all, it is important to know that you should never run these software.
on your real computer, SQLI Dumper for example is known to have a
backdoor in its version 7.0 and 8.0. The best is to execute all of this on a
Virtual Machine or on a Windows VPS (which will also improve your
connection). However, if you purchased this Ebook from my shop
Know that the software Sentry MBA provided for download with the send is safe.
99%!

Here is the short list of necessary software:

– SQLI Dumper (Version 7 or 8):

SQLI Dumper is an all-in-one tool that searches for websites using Dorks.
check if they are injectable and exploitable, and export databases.
It will allow us to obtain, as previously mentioned, combolists.
Fresh.

– Notepad ++ (Personal choice):

To organize your combolist, you will certainly need a

text editor, for my part I chose notepad++ because it is the best
complete. To organize your combolists, I will give you the name of
Some 'Addons' to facilitate organization.

– Sentry MBA (1.4 and above):

Sentry MBA is the software that will allow us to have logs, sound
The principle is simple; using proxies, it will simply test the
accounts from our combolist one by one and then give us back those that
are sold as hits.

– Easy Dork Builder :

Easy Dork Builder will allow you to create your own dorks.
easily.
This list of software is basic; later it will be up to you to adapt and find new software that will suit you.
Even more, however, to start this list of software will suit perfectly!
 III) Easily obtain proxies (site + software)

Getting proxies is a real hassle for some, indeed few sites in

propose for free and no less in the form of a .txt list. So I will therefore
to avoid this hassle for you, I will explain how to obtain it without anything
download. To do this, go to this 'superb' site:

http://free-proxy.cz/

It is completely free and doesn't even offer any paid plans at all.
is available.

Step 1: Sign up

Step 2: Validate the registration

 Step 3: Find the download proxy list option

Step 4: Download the list

Or there is a simpler technique, but for that you must

use the software "Global Proxy Scraper" (Included in the pack thanks to
Zefear).

Carefully select these options then click on Start, wait for the end

Then click on Save List, there you have obtained your list of proxies!
 IV) Presentation of dorks, how to obtain and create them

First of all, it is important to know that dorks can be found almost anywhere, nothing
by doing a Google search, you can find a large list. But if
you took a list of dorks from a site and well know that this list probably
already been exploited many times and therefore the sites that you will find
have already been done and redone and even shared!

The dorks have a particular shape, I will show you a basic example and
explain how it works:

inurl:"index.php?id="

inurl:Means that what follows, in this case 'index.php?id=', is present

in the URL, this can be replaced in favor of "intext:" which
means that what follows must be understood in the source code, it also exists
many other terms of this kind.

indexDesignates the name of the page, index means the 'primary' page so the
most important and the most widespread, this term is therefore widely used.

.php is the page extension, it can be changed in favor of .html or

other.

Designates a specific page, indeed a page can be designated by

an id or a category (e.g.: ?category= , ?buy=, ?catid=)

How to generate dorks with the Easy Dork Builder software:

First of all, please leave all the boxes unchecked, SQLI dumper is
charge these options.
The first column refers to the main term contained in the URL, like you
You can see it in the image, most of the terms are in English and that's all.
the interest, if you modify these terms by French terms, well you will have
much more French sites to exploit or else complement it with
new ones if you find them.
view becomes see

The second column indicates the page extension, it must always be

preceded by a dot and finished with a question mark, I am pasting here all
the most used extensions:
.ashx?
.asp?
.aspx?
.cfm?
.cgi?
.flv?
.html?
.jsf?
.jsp?
.pdf?
.php?
.psml?
.raw?
The 3rd column is also interesting, as you can see in the image.
most of the terms are in English, if you change these terms to terms
French and well, you will have many more French sites to exploit.
change "buy=" to "acheter=".

The 4th column refers to the id or category, for my part I put 1 2 3 4 5 and
It's settled, but you can very well vary!
Then, click on the green button and retrieve the list of dorks!
 V) Obtain combolists with SQLI Dumper

Now that you have all the necessary 'tools', it is time to move on.
at the biggest part of the work, SQL injection with SQLI dumper.

Step 1: Copy and paste your proxies

(tools & settings > Proxy)

Step 2: Paste your dorks and start the scan

We stick the dorks in the surrounding area and then we click on the button as well.
surrounded. Then we wait for the end of the scan and move on to the next step.
 Step 3: And we rescan!

We click on the 'exploitable' tab, then on the 'start' button.

exploiter. We wait for the end and move on to the next step.

Step 4: And we rescan!

We click on the 'injectables' tab and then on the 'start analyzer' button.
We are waiting for the end again and moving on to the next step
 Step 5: Knowing if the sites are interesting to inject.

Right click in the sites area and then left click on 'select all'.
Then in the bottom right we click on the "start" button.

Step 6: Analysis of results

This site looks well-filled, so we're going to exploit it.

 Step 7: We inject!
Right-click on the site and then left-click on 'Go to dumper'

Now we head to the 'DATA DUMPER' tab

And we left-click on the table we want to unfold (exploit) in

based on the previous results. Then finally left click on 'Get'
columns

We are waiting for the end of the loading

 After the loading is complete, we perform these operations.

Then we wait for the end of the loading, which will take more or less time depending on.
from what you wish to extract, it is the longest moment so let it be
turn your computer.

After that, we save where we want and wait for the loading to finish.
There you go, it's done, your combo list is ready to be exploited!
 VI) Organize your combolists with Notepad++

To organize your combolists, nothing is better than Notepad++, this very software
complete will allow us to eliminate duplicates as well as organize the
"Email:Pass" from A to Z.

For that you will need a plugin, go to:

Add-ons>Plugin Manager>Show Plugin Manager

Then search for the plugin "TextFX Characters"

Install the

Then to organize your combolist, select it entirely with

CTRL+A.

Then click on: TextFX > TextFX Tools > Sort Lines Case Sensitive

And there you go, your Combolist is organized and ready to be used.
 VII) Use Sentry MBA and obtain logs

The time has come! Here is finally the long-awaited moment, the one to obtain logs.
thanks to Sentry MBA. First of all, it is important to know that this software, like all
Those who provide logs are based on patience. You will therefore have
need to keep your computer running for a longer or shorter time depending
of your expectations, the length of your combolist, or the site's security.
Here we go!

Step 1: Choose the configuration and thus the site on which you want logs
Settings>General>Load Settings From Snapshot

Then load the configuration of your chosen .ini extension

Step 2: Select your combolist

Lists>Wordlist> "Open Icon".

Then select your combolist

 Step 3: Select your proxies
Lists>Proxylist> "Open Icon".

Then select your .txt proxy list

Step 4: And now we launch!

Start the bruteforce engine!

And now we let his computer run, I will explain to you how to
What does each section correspond to.
 First of all, as you have seen, a small 'box' opens when you
click on 'Start', this box is very important to know how much code
you have forced and followed the course of your cracking.

"Hits" means the number of accounts you have obtained, in this case.
I obtained 7.

"Reds" means that at the time of authentication the account was redirected to
a page

Fakes and ToCheck No matter what, as soon as an account is in there, it is

bad 99% of the time.

"Tested" means the number of "Email:Pass" tested and therefore the number of accounts.
potentials.

"Retries" means the number of accounts that failed to be tested and therefore
who will be retested.

Combo/Min means the number of 'Email:Pass' tested per minute.

The occurrence, 24 per minute are tested on my part.

Active means the number of proxies that are active and not banned.

"Disabled" means the number of disabled proxies but not banned.

"Banned" means the number of proxies banned by the site.

"Count" means the total number of proxies.

"Codes" means the codes encountered when an account is tested, quite useless.
but still allows you to know if a configuration is dead by looking for the
code on Google.
 To recover the accounts, go to the 'Box' at the bottom, that is where they are
display the accounts that work and the others.

Then you need to select all the accounts and right-click on them, this
a box should appear. Now just click on 'Copy Combo'
ToClipboard» and then paste it into Notepad++, for example.

This bar at the top is also important.

«Bots» means the number of accounts tested simultaneously, the more the site is
it's safer, we need to lower it. Since Cdiscount is crap, we can...
allow the 110 bots.

«Wordlist Position» means where the cracking stands, for example, I am currently at
287th "Email:Password".

Then the percentage bar means the percentage of tested accounts for me.
part is 100%.
 Bonus: Decrypting passwords (MD5)

Sometimes when you go to find passwords, they will be in this form:

b6edd10559b20cb0a3ddaeb15e5267cc

This means that they are encrypted, most of the time they will be in this form.
this encryption is called MD5 and, good news, it can be reversed.

To reverse them is quite simple; there are several solutions.

The site:http://finder.insidepro.com/

With this site, nothing could be simpler, paste your encrypted passwords into the box
provided for this purpose. Then, click on Search and the site will try to find
for you, the result will be in this form:

password

There is also another solution, the ORHT software. This software will attempt to
find your password from different sites.

To know how to use it, all you need to do is watch this YouTube video:

The provided text is a URL, which cannot be translated.

 Bonus Video: Create Sentry MBA configs yourself

I am not going to give you a detailed explanation because creating Sentry configs
MBA varies greatly depending on the site's security.

Here is a video that helped me understand how a config

works and to create my own.

Unable to access the content from the provided URL.

As a site to try, I recommend Cdiscount which works very well!

Thank you for purchasing this ebook, I hope you liked it.
Safe travels, luffy114 !