Cracking Guide - Lecture notes 1 PDF

Preview

Summary

its fooled...

Description

Index -

Keywords and Google Dorks (How to make them and optimize them

-

Dork Searching, URL Optimizing

-

SQLi Dumping

-

Combo Checking

Keywords and Dorks, what are they and how to get them?

So, the big question is definitely what are Keywords, well that’s an easy answer! Keywords are basically words related to the account type you want to find, say for example you are looking to crack some Spotify accounts, in that case you would want some keywords related to the word Spotify, have these keywords as an example!

spotify-stats spotify-download spotify-wrapped spotify-for-artists spotify-pair As you can see, all of these words or sets of words are related to our target. Now, you are probably thinking: “But dude, why tf do I need keywords, what’s that gotta do with anything?”. Well, keywords are necessary to generate “Dorks” which I will explain in the next part of this topic, but just trust me for now, they are essential.

Dorks, Google Dorking or Dork Hacking is the act of using “Dorks”, which are generated from keywords to find vulnerable websites in order for you to hack, dump their databases and gather combolists, which is ultimately what you want. Dorks usually take the following form:

.cfm?60= .jsp?358= .jsf?219= .jsp?995= .asp?541= .file?59=

These are generated using keywords and a tool such as the mighty TSP Dork Generator. There are different types of Dorks, I won’t go in depth into this but just know that numeric dorks are what you are looking for!

How do I generate keywords and dorks?

Of course you should ask that question, I wasn't expecting anything else of you my little apprentice.

Let’s see how we can easily generate HQ Keywords for Dork Making!

First, access this website: https://keywordtool.io/

You should see something like this, please select the United States / English language on the language option.

After this, you will need to have an idea of what accounts you are looking for. After you decide, go ahead and search for it on the search bar, in this example I will use netflix.

You should see something like this, scroll down and select the 5th page of results.

Scroll up again and check this box to select every result!

Now, look at the bottom of the page and you will find an orange tab saying Export, click that and click copy to clipboard.

Then, create a notepad document and paste the results there!

After pasting them you should select a random result and put it in the search bar and repeat the process, do this like 5 times until you get a good number of keywords.

Now, go ahead and open the following website: https://www.deepl.com/translator

You should see something like this, mine is in portuguese but yours should be in english or whatever language your PC is in. Now, go to your notepad document and click a random line then press Ctrl + A to select everything. Do Ctrl + C and paste the copied keywords in the DeepL Translator, then select a different language and translate as many keywords as it lets you, repeat the process for at least 3 different languages. In the end, copy everything and paste it into the notepad.

Now, let’s transform your mighty keywords to make them HQ and optimize them. Please go ahead and open the following website: http://www.unit-conversion.info/texttools/reverse-words/

With the website open you should see something like this!

For the input data you should select a large portion of your keywords and paste them there, then you click the convert button and it will scramble the keywords.

Like so:

Do this a couple of times with the different languages and paste the results in your notepad.

After doing that, open the following website: http://www.unit-conversion.info/texttools/replace-text/ As you may see you will see pretty much the same as earlier with the addition of these two inputs:

Now, of course in the input part you will paste all of your keywords and in the Find Text you should just click it and hit the Space Key. This will apparently do nothing but just leave it by clicking the Replace With input, in this you will type: (hyphen).

Select the output and replace it with the keywords you had before on the notepad.

Congratulations, now you have HQ keywords ;))

How to generate Dorks and URLS

Ok, so this is one of the most important steps to getting ‘em fire combos baby!!!

So first download the following software from the discord server or third party:

-

TSP dork generator Dork Searcher by Crypto

Now, go ahead and open the TSP Dork Generator.

You should see this:

Now select the following boxes for the best results, you can always come back to this until you memorize them:

Now you should import the keywords you made previously, in the “Import keywords from file” button:

After that just click the generate button on the right and you’re done!!! Your dorks should be in a file called Generated1 or Generated12 inside the TSP Dork Generator’s main folder!

Ok, so now you should open the second piece of software you downloaded, Dork Searcher by Crypto

You should see something like so:

Please replicate the boxes that are checked and unchecked in the picture above, remember, iSearch should be off and Anti Public should be On. Pages are 30 and threads you can put from 100 to 600 depending on if your PC is good or not.

Then, go ahead and select your proxy type ( you can find proxies on our discord server as well), and click the red Proxy button, navigate to your proxy file and double-click it. Then, hit the Source button and navigate to your Dorks and select them, NOT your keywords. After everything selected you should see it start to work.

Now in this part of the program you can see the links you’re obtaining, what you need to put your eyes on is in the middle value, that value corresponds to the Vulnerable links you can find with your dorks, and those are the ones you want.

For the first time doing this try to get between 5000 and 7000 Vulnerable URLs.

After you get to that number you can hit the STOP button.

After stopping it should say in the logs “Antipublik works” that means it stopped.

Go ahead and navigate to the Dork Searcher’s main folder and enter the following folders:

Now here you select the folder with the biggest number, in this case it’s 07 Just open the folder inside of it.

Select the folder that was created the latest, you can see this in the middle part where you have dates and hours.

Inside should be a file called: Generated.txt These are your URLs.

And just like that we proceed to the next topic!

SQLi Dumping

In this topic I will teach you “da wae” (dead meme) to dump the URLs you generated in order to get their databases and combolists!

First you will have to download one piece of software called SQLi Dumper, it’s on our discord just go ahead and download it.

After that go ahead and go to its main folder and enter the TXT folder.

Copy your URL file from Dork Searcher and rename it URL List.txt Copy that file to the TXT folder on SQLi dumper.

Then open the program, you should see something like so

Go ahead and browse to the Exploitables tab.

In the threads you should put 30-50, more than that will crash the program. And then click Start Exploiter. Let it finish until 100%, it takes a while, everything in SQLi does. After it’s done go to Injectables and do the same with threads and start. After this you should select every URL in the injectables list and look at the following options:

Yours will probably look like this, check every box and replace admin and user for “Admin” and “User” without the quotation marks. After that click start.

A new window will appear and you will see a lot of information. What you are looking for is urls that contain the words email and password with 50+ rows each. You also wanna make sure they are under the same table on the Database. Like the example:

The more rows each one of them has the better!

Go ahead and select email and hit the button on top that says :

Click New Dumper Instance, if it comes out blank do Dumper Form.

Then you should select the Database that contains the email and password and click Get Tables:

After you click that, tables will appear, what you are looking for is Email and Password, these can come like the following examples: Email Password ---------User_Email User_Password ---------Email pass ---------email senha ----------

Go ahead and use the arrows on top to move email on top of password, select both and click the Dump Data button:

It will start to Dump the table’s data and when it is finished it will look like this on the bottom:

Now, go ahead and click Export Data and export these first combos to a file called 1.txt

Go ahead and re-do the process for the other urls you got and rename the files 2.txt, 3.txt….. etc

After you’re done, grab all the combos from the different files and combine them in one txt file

There you go, you got your combolist ;)

How to check the combo you cracked? First you’ll need to download the following program from the discord server again:

-

Silver Bullet

And a config file for what you’re cracking (it’s on the server) and good proxies.

Then, open SB you should see something like this:

Now, browse to the Proxies tab and open it:

Your list should be empty but that’s ok! Go ahead and drag over your proxy .txt file to the blank space where my proxies are! Then, drag the Bots scroll to the max and click CHECK

After it’s done click More actions and then Del Not Working and Del Duplicates.

Now click a random proxy and press Ctrl + A.

You should now move to the Wordlist tab:

Yours should be empty, just drag your combo list over to the blank space!

Then open the Configs tab!

Drag your .anom or .loli file to the blank space and hit the Runner tab.

Hit the New Button. After this hit the blank space of the new runner!

Now, let this screenshot show you what to do ;9

When you click start, your combos will appear and it will start to check. Remember to use good configs and very good proxies to get higher CPMs

If you are checking Netflix or Epic Games Accounts, free proxies won’t do the job as these services rip proxies apart like turkey on thanksgiving, use paid proxies even if you stole them xD

And that's it, you will now hopefully get Hits, if you have any Custom hits (orange) it means it’s either banned accounts or 2FA which are not good for the most part. If you get To Check hits you just copy them and check again to turn them to Hits or Custom....