Guia Cracker
Cracking Guide by NGTEAM Hey, before introduction I must say some words to you. Thanks for purchasing this e-book, I inc
Views 2,265 Downloads 34 File size 2MB
Recommend stories
Citation preview
Cracking Guide by NGTEAM Hey, before introduction I must say some words to you. Thanks for purchasing this e-book, I included there 100% of my cracking skills, 100% of pure knowledge and 100% of basics that you will need to start your journey with cracking. This e-book is mainly for people who are entirely new to cracking. Especially for this e-book, I created a .ZIP file with a collection of programs that are mostly used to crack accounts. I do not want to teach you saturated methods which are worth totally nothing. I will guide you how to get an unlimited number of accounts in like one day. If this e-book helps you, please leave positive feedback on my vouches channel . Remember , this e-book is only for educational purposes. I do not take responsibility for how you use it. I do not like tons of colors, text variations, and stuff, that is why this e-book looks like this. It is basic like it should be.
My name is SIMON, and no, that is not my real name. I am a cracker since 2015. As you may know, I am a high reputable member on the forum and in real life. I know how to introduce you to cracking like nobody else. I am smart, polite, professional and I know what I am doing. With me, you will learn more than you can find anywhere, on any forums. Respect it. Respect me. You may ask why I wrote this e-book – to teach you everything, but you will not be as amazing as me. No one is. You may think that I am such an egoistic person. Yes, I am, you are 100% sure. You will not earn any pound from free tutorials found on cracking forums. Every “withdrawal proof” on these forums is fake. No one earned sh!t from e-books about making money . However , you will gain , you bought the right e-book . Remember, do not duplicate schemes that already exist. That is all.
I divided this e-book into several parts:
TE
AM
✓ First of all – software, Discord server, and some knowledge. ✓ SQL Injection – how to use SQLi Dumper, the creation of dorks and everything related. ✓ Let’s crack! – how to use Sentry MBA. ✓ Security – how to do not lure cops into your house. ✓ D4t4b4s3s – everything about databases. ✓ Dehashing – how to dehash, what is hashcat and more. ✓ Money making – how to make money with cracking. ✓ Regex – how to make your combolists better. ✓ RDP/VPS – how to use them to crack 24/7, which RDP/VPS should you choose. ✓ The end – just read it, please.
G
NGTEAM| GODLY - CRACKING GUIDE
First of all First of all, you will have to download the necessary software to start cracking. I created an individual package with software, so don’t waste your time and download all the required software right now! Software included in the pack:
✓ Sentry MBA – basic and the best tool for cracking. ✓ SQLi Dumper – a most popular tool for SQLi Injection. ✓ Configs – configuration (.ini) files for Sentry MBA. ✓ hashcat – the best and most advanced software for cracking hashes. ✓ Combolists – some public and semi-private combolists to start your journey cracking. Download the tools package Found key [] – Source Length: . You can right click on it and copy the combo to the clipboard. As an output you will get username:password. You can also go to History tab to see all of your saved hits (Sentry MBA have autosave function, do not worry). In History tab you can aim for a specific site by selecting a site filter. You can also save the hits in the selected format. I will not explain there everything about it; I will tell you how to add a custom filter to copy accounts. To do it you must move to Options subcategory. As you can see, there is a list called Save Filter:. On this list, you can find a default save filters. To add new, custom filter type it in the box next to Save Filter:, then click Add Filter to Filter List. There are some operators that you need to know (only a few of them, at this stage you do not need more). #
Operator
Details
1
Your hit in username:password format.
2
Captured keys like balance etc.
3
Cracked site address.
2 \t
Tab character.
TE
New line.
NGTEAM | GODLY - CRACKING GUIDE
G
1 \n
AM
Additional options (extended)
So yeah, everything about cracking accounts using Sentry MBA should be clear for you now. You know how to import combolist, proxylist and how to operate with Sentry MBA. If you want to learn how to create a config for Sentry MBA search for tutorials on YouTube. I will not write a guide about it, because it is much work to write it as plaintext, video tutorials should be much better to understand.
Security
TE
AM
Security is the most important thing if you are a cracker. First, seal your webcam (just kidding, but…). You must care about your security more than typical PC user. Take care of your password, yes, your own password. Don’t use the same password for every service. Don’t use common things like your name, date of birth, child’s name, mom’s name, etc. “When Mark Burnett analyzed 3.3 million passwords to determine the most common ones in 2014 (all of which are on his bigger list of 10 million), he found that 0.6 percent were 123456.”(source). I recommend you to generate your passwords. It is the most secure thing that you can do, create a complex password. What I mean by saying „complex”? To create a complex password use uppercase and lowercase letters, special chars like #, @, !, %, use at least eight characters (more characters, more complex password), and as I said don’t use common things in this password. Your common password should look like this: 2q)q\v?'9CYUqEYg. You can create it via random password/string generator, but take care, some of them may send the generated passwords somewhere or log them. Don’t use random e-mail hostings that are important. Use e-mail providers with the best security, like Gmail, Hotmail (if you want to take illegal actions on this e-mails do not do it, they log everything obviously. Use cock.li for example). Always enable 2FA if it is available! You should do it to prevent unauthorized login attempts to your account and do not tell anybody in the web your phone number on which you are getting the verification codes. Encrypt your passwords and back up them. Back up encrypted passwords on a flash drive like pendrive. Do not login to important websites (like a bank, PayPal, etc.) if you are connected to public Wi-Fi or free to use VPN software. That should be enough about your accounts, move to the cracking part, why security is necessary? As you may know bruteforcing/cracking and SQL Injection to other services than yours is illegal. That is why you should always be connected to VPN. Connect to VPN at the start of your PC. As your main VPN, I recommend Cryptostorm, you should also read history about the creator of this VPN, Douglas Spink because he is also a member of Cryptostorm. Forget about Google, Bing, Yahoo, and other big company search engines (because of logging everything, again), use DuckDuckGo or Startpage (personally I prefer DuckDuckGo). If you want to create a test account or a temp account, use temporary e-mail providers like temp-mail.com. Don’t create random accounts on one of your private e-mail accounts. If you want to take illegal/shady actions, do not use Skype, Discord or forums PM system (it is the worst thing that you can do, obviously and usually, they do not even encrypt your messages) use XMPP. If you are downloading something from the web, remember to open it on a virtual machine. If you have some funds, you can buy RDP or VPS. Cracking on your PC is risky (if you did not know it already), so I recommend you to get a good RDP such as BoomRDP. Do not trust anyone in any way. It is essential. My opinion about Quad9 in one word – sh!t. If you do not know what Quad9 is, you can read about it there. They say that they only log geolocation data
G
NGTEAM | GODLY - CRACKING GUIDE
„for the purposes of tracking the spread of requests associated with particular malicious domains”, but I do not trust them at all.
D4t4b4s3s Now, let’s look at databases – something you will have to work with all the time. However, what exactly database is? The database is a structured set of data. Some data from the database can be hashed, and you will have to dehash it, but you will learn more about it in next parts of this e-book. So it is not only a set of usernames or e-mails and passwords, some of the databases can be in a format like id:username:password:IP:first_name:last_name etc. I think that you want to know how to remove the unnecessary data from the database to make it pure user:pass or e-mail:pass (the process of removing unnecessary data from the database is called parsing, you should remember this term). To do it you will have to use a program called EmEditor (it is paid, but they provide a 30 days trial, so do not worry). It is much more advanced than Notepad++, and I prefer using it for every database-related action. It can open a 20GB of data without a problem, that is why you should use it. This software helps with every database-related action; you can easily sort/delete data using it. Okay, so after downloading and installing this software, you can right-click on a database icon (located on your desktop or somewhere else) and choose EmEditor option from context menu. Your database will be opened via EmEditor. Again, as an example of the unparsed database, I will take the gtagaming.com database.
As you can see in included image every „data cell” is delimited with the comma character. We call this a delimiter. So you have to set the delimiter of each cell to the comma. To do it look at the CSV/Sort menu located at the top of the window. Right click on it and select Customize CSV... option from context menu. As you can see you can add/edit the formats and delimiters. The comma delimited should be added default, so I do not have to worry about it. If your delimiter is, for example, a – character, you have to add it by clicking Add button and changing the delimiter to – char. If you are done just click OK button. Select the proper sorting option from the menu CSV/Sort menu and click on it (I have chosen Comma separated one because my delimiter is a comma). As you can see everything that was delimited with a comma is now in the separated cell (every cell have a number). Now you can quickly delete unnecessary data, just select it and delete (it may take some time, depends on your PC components). I want to have a user:hash combo, so I removed every cell except one with usernames and one with hashes. If you did everything correctly, you could go back to the standard view by clicking on this icon database diametrically changed.
. As you can see the format of the
TE
AM
As you can see the format is still unreadable by cracking programs, so let’s remove the quotes and apostrophes. Do to it you have to click the combination of buttons Ctrl + F. Now you can see the small search/find window. So, let’s click on the Replace >> button and in Find field type the character
G
NGTEAM | GODLY - CRACKING GUIDE
that you want to be removed. Remember to not replace the quote character (in my situation) between username and password (so you have to replace the ,, and ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, characters, not single quote). Leave the Replace with field empty and make sure that you do not have checked the Use Regular Expressions checkbox. Click Replace All button to remove all characters. As you can see after replacing the characters, you have the database in format username,hash. Now just replace the quote with : character and everything is done! The output format is user:hash. You can import the combo to hash cracking software to make it user:pass, but you will get this knowledge in next part of this e-book.
You can do it with any database, just remember to select the proper delimiter. You can also replace delimiters by Ctrl + F. It is pretty easy, so I will not teach you how to do it. But how to combine all databases into a big one? Well, you can try to use other text editors, but again, EmEditor is the best for it. Using EmEditor you can easily combine millions of rows. Select files from your desktop/folder that you want to combine into one .txt file. Right click on one of them and select EmEditor option from context menu. When all files will be fully loaded choose Tools > Split/Combine > Combine Documents into a Single File... from the top bar. As you can see all selected files/databases are checked, so you just have to do is choose the destinated location of combined databases, name it and choose the extension of output file. If you are combining the databases, I recommend you .txt extension. Click Save, Next and again Next. Wait till all databases will be combined and it’s ready. Now you can open your output file with combined text.
Dehashing First of all – what is dehashing? It is a process of getting a plain string of random letters and numbers. It is also a security measure not to store plain passwords in the database. There are many types of hashes. There also exist „salt” term, but what is that? Salt is an additional part of the hash. It has randomly generated string added to the hash. If it is added, then the hash is harder to dehash. I will not explain every hash type there. To recognize a hash type you can use this site (in hashcat every hash have it is own code, for example, MD5 have 0). However, how can you recognize hash? It is just a combination of letters and numbers. For example: MD5 hash: 8743b52063cd84097a65d1633f5c74f5 SHA-256 hash: 127e6fbfe24a750e72930c220a8e138275656b8e5d8f48a98c3c92df2caba935
TE
AM
You cannot even recognize what letters are used in the real password, so how you can check it? There are some programs to do it, but the most advanced and the best is hashcat – console program that allows you to dehash almost every type of hash and get a plain string (password)(do not buy any paid dehashing programs, hashcat is free and the best). It is world’s fastest password recovery tool and can come in CPU-based or GPU-based variants. This software can dehash for you large databases with millions of rows. The dehashing process speed depends on your PC components. Better
G
NGTEAM | GODLY - CRACKING GUIDE
components equals faster dehashing. You will also need a large dick; oh wait, a large disk for dictionaries. However, why you need them? Hashcat without dictionaries/wordlists is useless (you can use a bruteforce mode to dehash without dictionaries, but it will take years to crack a simple password like fuckmedaddy157, that is why we will use wordlists). Wordlist contains billions of passwords combinations. Where can you find the wordlists? Well, one of the best free wordlists is CrackStation’s one. It is 15GB of wordlists (small dictionary, but very, very good). Another one are hashkiller’s wordlists. What is the good amount of wordlists? As much as possible. When I was cracking hashes, I had over 200GB of wordlists on individual drive. There is a list of useful links to download the dictionaries. Let’s move to the practical part. Download hashcat and unzip it into a folder. Open this folder, right click on blank space and select Open command window here option from context menu. You will see a console window with hashcat path. As you probably already guess, it will not work without commands, so you have to learn some, but you have to do something else before it. You have to create one folder and one .txt file in hashcat folder. Name the .txt file hashes.txt and the folder dict. In folder put all your wordlists (do not have to be in .txt extension, some of the wordlist have .wordlist extension, and hashcat still loads them). In the hashes.txt file, you will have to put your hashed database/combo in format user:hash or e-mail:hash. Move again to console window and type command: hashcat64.exe -m 0 --username hashes.txt dict -m – after this argument type the hash ID (you can find all ID’s there), 0 – the hash ID/code, hashes.txt – file with hashes, dict – folder with dictionaries/wordlists. After initializing this command hashcat will check compatibility and format of loaded hashes, then dehashing process will start. You can check actual status by clicking S on keyboard (you will see info like wordlist positon, current status, how much hashes got cracked already and much more) and bypass current wordlist by pressing B. You can also exit by clicking E. When hashcat will finish dehashing you have to save your dehashed combo in format user/e-mail:pass. To do it execute this command: hashcat64.exe -m 0 --username --show hashes.txt --outfile-format=2 -o cracked.txt 0 – hash code that you set in the previous command, hashes.txt – file with hashes, cracked.txt – will be a file with your plain user/e-mail:pass output. You can name it as you want.
TE
AM
That is all. Simple and noob-friendly. Now you can open your output file, load it to Sentry MBA or SNIPR and start cracking.
G
NGTEAM | GODLY - CRACKING GUIDE
Money making I guess you were waiting for it. If you are wondering how to make money with cracking this chapter is for you. Now I will give you some methods to make money with cracking. #1 Sell cracked accounts – yes, that is a useful method, but... But don’t open shop with Spotify accounts, Grammarly accounts or something overraped like that. Shops like that are overraped. Try to search for country-targetted websites which provides premium subscription or paid tokens (look for sites like that in your country). Don’t sell them on cracking forums, because you will not get customers for country-targetted websites, sell them on auctions-related websites in your country. The only accounts that are worth to sell on cracking forums, in my opinion, are VPN’s and pornrelated accounts. #2 Sell combos – make your shop with private/semi-private combos that you got by SQLi Injection and sell them. You can make e-mail access targetted shop or simple shop with user:pass combos. Remember, don’t sell crap. You will only gain a negative reputation and scam reports. #3 Open a service – open a service about something related to cracking. If you have useful hashcat wordlists and you are sure that you will be able to crack most of the hashes (~85-90%) you can easily open a service about cracking hashes. You will be able to gain some money by cracking hashes and use dehashed combolists for your personal needs (don’t sell them). You can open something new, I will not sell you ideas, use your brain. #4 Sell dorks – if you are excellent dorks maker open a dorks shop. If you provide some vouches and your vouchers will be satisfied your sales will raise. You have to know what you are doing, again, don’t make crap, overraped dorks with public generators. Use your brain to make something delicious. #5 Sell your knowledge – if you are an advanced cracker you can sell your experience. Open a coaching service about gathering dorks, getting combolists, or open a configs shop in which you will be selling your hand-made configs for Sentry MBA or SNIPR. #6 Sell currencies – you can crack accounts to popular games and sell in-game currency. It is a really good business if you know that your customers will not get banned for it. You can sell gold, coins, items or whatever you want.
TE
AM
#7 Crack4you - if you have a good PC or RDP you can open crack4you service. Your customer will provide you combolist + config, and you will use the power of your PC to crack for him accounts. He will pay for hits that you will get for him, and you will have profit.
G
NGTEAM | GODLY - CRACKING GUIDE
Regex Disclaimer – only underlined functions are regular expressions. In this part, I will show you how to refresh your old combos. As I guess you want to know what is a regex (full name of it is a regular expression) – it is a sequence of characters that define search pattern. This definition might be hard for you, but it is easy. I will not go into advanced regex, because that is hard to understand, I will show you some methods to replace characters or add them to get pure new combolist. You will need a user:pass or e-mail:pass combo and EmEditor. Open your combolist with EmEditor and press Ctrl + F. Make sure you have checked Use Regular Expressions box. In find field type [.]*$ then press Select All button. Click on the main window and as you can see your cursor position is on the end of every line. Now you can add characters to every line. I recommend you adding characters like ! . - _, you can also add a random number on the end of every line. I remember that some of excellent League of Legends crackers were using this method to refresh their combos and they were getting HQ hits. Next method is about deleting some characters from your combo. For example, if you want to make a user:pass combo from e-mail:pass combo you have to use @.*: regular expression, then move to the main window and just click : on your keyboard to replace the selected string with this delimiter. You can also remove selected characters like _ or . from your combolist. It is simple, just replace it with nothing. Another thing is about deleting the numbers from nicknames. To do it use .*: regex, then move to replace tab and in find field type [0-9]. Make sure that you have In the Selection Only box checked. You can do the same thing with a password, but personally, I do not recommend it. That is all about it. You can make different combinations of regex and try your methods. Maybe you will obtain something new, and you will be making money off it, who knows.
RDP/VPS
TE
AM
Have you ever dreamed about cracking accounts 24/7? It is possible of course, and no, you don’t need to have your computer turned on 24/7. You can buy a RDP (remote desktop) or VPS (virtual private server) (I recommend you buying RPD if you are a rookie/newbie) which allows cracking and turn on your cracking software on it. By this way you won’t overload your own PC, so what is RDP/VPS. It’s like your virtual computer located somewhere on the world. Basically, someone gives you access to his computer/part of his computer (he creates your own account on it) and you can use it like a normal PC. You can buy RDP with admin access, so you will be able to configure almost everything on it, but RDP’s without it are much cheaper. Your RPD can be a dedicated machine, so no one except you will have access to it, or it can be a shared computer (you will have your own account, like other people using it). Remember that not every RDP/VPS provider allows cracking and SQLi Injection, so you will have to read their T.O.S. or something like “what is allowed”. I personally don’t recommend anything. You should do a research on cracking forms or in web about RDP’s and choose the best which fits to you. Why? Because if you want to (for example) crack hashes on it, you will need a very large disk space and a fast internet to download the wordlists. If you want to crack on it you will need a good CPU and about 8GB of RAM. As you can see it really depends on your own needs. Next thing – what you should install on your RDP? Well, it again depends on your needs. I am 100% sure that you will need basic things on it (if they’re not preinstalled) like a web browser,
G
NGTEAM | GODLY - CRACKING GUIDE
advanced text editors and other basic things. You won’t need a VPN (if you don’t have admin rights), because you are not using your own computer with your IP, so don’t worry. Sometimes if you have a admin access you can change IP with VPN, but if you don’t have it, don’t even bother to try. Your request will be blocked. If you don’t have enough funds, just don’t buy RDP. Start cracking on your own PC (of course, it’s risky) and gain enough money to buy the RDP.
The end Thank you for buying this guide. I hope that you learned a lot from it. If you have any questions, feel free to ask me on Discord. As you may know, this is the most advanced cracking-related e-book ever made, appreciate it. It is not excluded that it is the last version of this e-book. We will see. If you like it, please leave an honest vouch about it on Discord server or under forum’s thread. It took me like five months to start writing (LMAO) it and about three weeks to combine everything into one e-book and gain additional information. If there will be any updates of this e-book, you will get informed via Discord, so it is necessary to join our fantastic community. I would like to thanks everyone that helped me with this e-book, especially Edennn. Without him, it would not be possible to push this update.
TE
AM
Regards, NGTEAM.
G
NGTEAM | GODLY - CRACKING GUIDE