BruteFroce Step by step guide!

[Syllabus]

Bruteforcing is really simple and chances of getting cought is small (if you are doing something illigal)
Brutforcing can be used to several things:

-Get Passwords for good pornsites
-No need to download the porn, can use HQ stream.
-Porn will be free for Virus,Spyware and nother nasty things.
-Get acces to PHP admin panels that may give you access to SQL servers.

Bruteforce is a method thats works like following, testing X Passwords and Y Username untill one or more matches is found.

Wordlist
Instead of letting the brutforcers try every possible combination A-Z 0-9 we use worldist that contains usernames and passwords people are likley to use.


HTTP Authentication
In the context of an HTTP transaction, the basic access authentication
is a method designed to allow a web browser, or other client program, to provide credentials – in the form of a user name and password – when making a request.

Proxy
Proxy is like a middleman takeing the heat for usso we wont get caught, it's not 100% secure, but pornsites gets bruteforced 100's of times each day. The problem by useing proxy is that they are genraly slow.

Wireless nettwork
Try to finde a a unsecure wireless network, connect to it and your IP will change so you are then 99% secure of never beeing caught.

Athena "DOWNLOAD"
Athena is used to create combo wordlist for bruteforcers, but with this torturial's bruteforce we just going to get some url's.

1. Here you can add a proxy if you would like, the program dosen't do anything illigal so not needed.
2.Just set it to 20
3.This is what we useing the program for, so be sure to enable it!
4.Watch the magic, lol.
5.Heres where you start it^^ This is also where you stop it, let the program run for about 10-15 min before you click the stop button once. The program then needs some time to close connections so dont worry if it takes some time.
6. After it has stopped open the sites.txt file in Athena root folder.

ACCESS DIVER "DOWNLOAD"
The program you will be using to crack the password is Access Diver.

1.Set MY SKILL to Expert.



2.Go to Wordlist in the toolbar, then "Clear Lists"



3.Dictonary> Web Word Leecher > Load a list of URL's from file.



4.Then Press "Start Leeching" and wait for the progress bar to reach 100%
Takes a While :P.

5. It then resets add adds the list to the two boxes on the right side.
This is going to take ven longer When it's finished, click on "Add in Wordlist".


Proxy
This is not something you have to do, If you are connected to a unsecure nettwork or managed to connect to a otherer network then I wouldt do it, It slows down the speed a bit.
1. Go to the Proxy tab, then WEB Proxy leecher.
2. Open notepad and paste following into it, then save as proxy.txt

Code:

http://www.samair.ru/proxy/
http://www.samair.ru/proxy/proxy-02.htm
http://www.samair.ru/proxy/proxy-03.htm
http://www.proxy4free.com/page1.html
http://proxy.org/proxies_sorted2.shtml
http://www.freeproxysite.com/proxy-lists.php

3.Click on the "Add URL site to the list from a file" and select the proxy.txt.
4.Press start leeching.
5.When it's finished, click on "Add these proxies in.." and select analyzer
6. Go to the "Prozy Analyzer" tab and press start "Speed/Accuracy test."
7. After It's done delete bad proxies and press "USE Proxy" and copy it to your list, remember to select all the proxies.
8. Go to the "My LIST" tab under proxies, and enable the following:


Start the brutforcing
Now it's time to start the bruteforcing, find a site you want to try it on, but remember, it has to be a HTTP Authentication page.
The page is a HTTP Authentication page if the following pops up on the login:

[Zordin]

Nice guide syllabus! +rep x2!

[Muster]

Cool guide, i havnt seen one of these around. Nice job dude.

[Neth'zul]

Nice job. +rep if i could

[Emuchild]

Where did you get the URLS from file, can you put that in the guide?

[Syllabus]

Where did you get the URLS from file, can you put that in the guide?

The Proxy URLS? They I found on google.

[Seriouskip]

Nice, will try. +Rep

[Stimorol]

Thanks /filler)

[Stimorol]

Can you help me a bit? sendt you a pm.

[Nosferattu]

You should always use a proxy if you're brute forcing anything. If you connect to an unsecure network and start a bruteforce attack guess what? Its still YOUR COMPUTER hitting that network over and over again. The router will have you unique MAC ADDY for your wireless controller, so they are going to see your IP and Mac Address hit the server OVER AND OVER again and then they have you on a DoS attack. You must ALWAYS use an ANON proxy when you are brute forcing ANYTHING.

Not flaming, but don't provide false information. Connecting to a wireless network and not using a proxy will not save you.

[Seriouskip]

WOT alerts me when I try to download Athena and Access Diver.

[Syllabus]

You should always use a proxy if you're brute forcing anything. If you connect to an unsecure network and start a bruteforce attack guess what? Its still YOUR COMPUTER hitting that network over and over again. The router will have you unique MAC ADDY for your wireless controller, so they are going to see your IP and Mac Address hit the server OVER AND OVER again and then they have you on a DoS attack. You must ALWAYS use an ANON proxy when you are brute forcing ANYTHING.

Not flaming, but don't provide false information. Connecting to a wireless network and not using a proxy will not save you.

Large pornsites gets 100's brutforce attacks daily. It's nothing to worry about.

WOT alerts me when I try to download Athena and Access Diver.

Because lot's of AV says it's hacktools

[Nosferattu]

Large pornsites gets 100's brutforce attacks daily. It's nothing to worry about.

If its nothing to worry about then why connect to an unsecure network at all? Why not just run from your home network? If you're going to bruteforce, you need to use proxies. Period.

Only way you wouldn't need to use a proxy is if you changed your MAC addy, connected to the wireless network, did your cracking, disconnected, and changed your MAC addy back to what it was before you started. Trying to crack with no proxies will get you caught. Maybe not right away, but I can guarntee that it will happen. You think the porn sites don't do anything when they see they are getting DoS attacked?

You can ask any serious cracker on the net, you DO NOT bruteforce without proxies.

And to those of you reading this, I impore you, if you follow this guide, make sure you have a proxy list tested and loaded. You need to make sure the proxies are Anon, if they are transparent or anything else your IP is going to leak through and its going to be like you aren't using a proxy at all. AD should sort out which ones are bad and which ones are good.

[Syllabus]

If you only do 1 attack you wont get caugth, but several attacks in a short period of time YOU will get caught. The bad thing about useing proxies is that it's slows you down like hell. But if you got a fast and secure proxy use it. A good way to get a fast proxy ist to finde a host thats want to host a proxy server.

[Nosferattu]

You're talking about speed, but if you're only doing one attack, that would mean that you're only hitting once and then stopping. Proxies will only slow you down so much, but if you sit there and wait 10 to 20 minutes between each hit then thats gunna be a lot slower than using even 2 to 3 slow anon proxies. The idea behind a bruteforce attack is to rapidly test usernames and passwords against the server until you get a hit, if you only hit once and then stop what good is that going to do you? Odds are you wont get a hit on your first UN:PW attempt, not saying you never will, but odds are against you. Again, always use a few proxies, then you don't have to worry about taking it slow and only attacking once. You have 3 proxies, you can have 2 open bots on AD testing UN:PW combos, which is going to be a lot faster than having one open bot trying to test 30,000 UN:PW's with the risk of getting caught. And the good thing about that is, is that you can hit the server 30,000 times with the same 2 or 3 proxies and still nothing leads back to you.