[Tutorial] Getting into cracking for first time

[Lily 17]

Be sure to leave a like after reading it, I spend 1 hour to write this and source individual information. 

 

 

Hi, looking to get start cracking for your first time? Look no where else, read this first. The little basics.

 

What is cracking?

Cracking or another term as credential stuffing is a type of cyberattack where stolen account credentials typically consisting of lists of usernames and/or email addresses and the corresponding passwords (often from a data breach) are used to gain unauthorized access to user accounts through large-scale automated login requests directed against a web application(usually on an application) like sentry mba. 

 

 

Types of account credential?

 When we talk about credential stuffing, we need one kind of thing to make it work. We call them "Combo-list". 

They consist of list of username/password or email:password combination. Below is an example.

 

 

Credential list example:

 crackedexample:12345678 (username:password) format

[email protected]:12345678 (email:password) format 

 

 

How credential are obtain?

 They are obtainable through a process called SQL Injection. It's a code injection technique to gain administrator access for databases. It works by extracting information like emails/username/password. But, it only works on site that are vulnerable for such attack.

 

 

How is the credential extracted?

 You should have heard of SQLi Dumper and other tools similarly to these. SQLi Dumper is an application that uses dorks to find sites and later on finding vulnerabilities in those sites and perform an SQL Injection on them, allowing you to extract the database.

 

 

 

Type of application?

 Commonly used and found are Sentry MBA, and other made software tools like SNIPR/BlackBullet/Standalone Checker.

Commonly used for Email Access are AIO/Woxy/Mailflow.

 

---

Usage

 Combos -  Combos are found extracted on site with SQL Injection attack and mostly on vulnerable site as such. The password may be hashed encrypted in sha or md5 thus requiring you to de-hashed them.

 

Web Application - SNIPR/STORM/SENTRYMBA typically use to acquire account from the credential list from breach site.

Storm:https://stormapp.org/

SNIPR/CRACKED:https://snipr.gg/ / Cracked version can found on this forum.

 

Proxy - Public Proxies(Low Quality) / Premium Paid Public List(Medium Quality) / Private Sources(High Quality)

 

Storm:

1. Download configuration file, https://cracked.to/Forum-Configs--82
   
2. Drag the configuration file and place it on the config folder, the same folder as storm.
   
3. Run Storm
   
4. Load your credential list
   
5. Load your proxy
   
6. Set the required thread based on the config, and start running
   

SNIPR:

1. Open up SNIPR.exe if you're using the paid version if not open up SNIPR Local.exe if you're using the cracked one.
   
2. Tick the configuration module you like
   
3. Choose the type of proxy you're using, HTTP/s or Socks 5 or Socks 4.
   
4. Choose the thread, recommend 150. Max 500 
   
5. Load the credential list and it will start the checking right away.
   

PROXY:

 First off from your first time of cracking, I would not highly recommend you to get a private proxy source right away.

 

 

 

Type of Proxy?

 Public proxy - free and can be found everywhere and they don't last long cause they're shared with everyone.

Paid public - proxies are constantly updated by verifying proxy ratio found on various sources. They last quite awhile and all of them have the speed of below 300ms 80% of them un-comparable to free public list. 

Private proxy - No explain is needed here, high-quality. 

 

 

Public Proxy:

Recommended you to use gatherproxy scrapper.

 

Paid Public List(CHEAP):

1. https://proxy-grabber.com/premiumproxy.php
   
2. https://good-proxies.ru/
   
3. http://premium.freeproxy.ru/
   
4. https://premproxy.com/
   
5. https://proxies24.com/
   
6. https://hide.services/
   
7. http://cmproxy.ru/
   
8. https://top-proxies.ru/
   
9. http://own24.ru/
   

Private Source:

1. http://stormproxies.com/
   
2. https://starproxies.com/
   
3. https://www.proxyrack.com/
   
4. http://www.vip72.com/
   
5. https://rsocks.net/
   
6. https://buy.fineproxy.org/eng/
   
7. https://moxyproxy.pw/
   
8. https://exproxy.ru/
   

List of good site to start cracking on without the need of good quality proxies :

1. Hulu
   
2. Spotify 
   
3. Minecraft
   
4. ExpressVPN
   
5. Fitbit
   
6. Crunchyroll
   
7. Deezer
   
8. Tidal
   

---

 

 

Email Access:

 Email access are email accessible account that is acquire on a email-checker tools like AIO/Woxy/MailFlow etc. Not only you have access to the account on the website, but you can also login to the email. This usually boosts the value of the account by a significant amount. Download thunderbird, https://www.thunderbird.net/en-US/. An essential tool for email accessible account. It can almost login with any domain 

 

 

Profits?

 There is many and various way of earning money through cracking. Let's say you can sell some VPN Account/Spotify/Netflix or anything you like on ecommerce site or forums. But, selling of runescape golds are even better.

 

What to do with the profits you earn?

 Do whatever you like. Supporting your own family ? Pretty much I'll say don't stop learning. Keep going.

 

[Joseph Mario 0]

Appreciate your hard work. Can I message you to know something about cracking in private.

[Lily 17]

Appreciate your hard work. Can I message you to know something about cracking in private.

 

Yes sure, why not

[fearnolust 3]

Appreciate your hard work.

[lickylickyuh 1]

Need for fitbit, thank you