GoldenEye: Basic Tutorial Part-1 Written by: =~Kat~= Greetings, well after much wondering I have decided to write a basic tutorial for GoldenEye, which is in my opinion needed. Thanks go to =mæÐmå´ = for the great prog and for allowing me to write this. I will be covering the basics of how to use GoldenEye as with any tutorial I will not be able to cover every single little aspect of the program, below you will find the functions I will cover with this tutorial: Access screen, the loading of sites and wordlist's. The different attacks i.e. Basic, HTML and single pass. Proxy use, loading a proxy and/or proxies. The proxy tester, proxy flow and socks. The history features and the various other tools that GoldenEye offers. This tutorial is not aimed at the experienced user it is designed for the beginner and those with limited experience. First lets take a look at the main reason you probably downloaded GoldenEye (GE for short). Access: In order to do an "attack" against any site you will need 3 things, a wordlist, a proxy and knowledge. The Knowledge is what I hope to impart with this tutorial, the rest is up to you. There are 3 different "Crack modes" with GE the first is Basic Authentication, next is HTML form-based attack and the final is Single Pass crack. We will start with Basic Authentication and move from there; all of these can be found under Crack mode at the top of the GE screen or by using Alt C. 1. Basic Authentication: (Either manually select Basic Authentication from the top of GE or use ALT C then select B or hit F5 key.) The basic authentication mode is the one that you will most likely use more than the others, this mode is used at any site that has a "pop up" verification prompt. The first thing to do before anything else is to CHECK the speed setting and make sure it is not set to "0", the speed setting is the little slider located just up and to the right of the URL box. This may sound stupid but you would be surprised how many times I have heard "GE wont run, no matter what I do" only to be followed by "hehe no prob speed was set to "0". Next copy the URL from the address window of your browser or drop the URL window on GE and find a stored URL. Next select the wordlist you wish to load, this can be done by either selecting file then open wordlist or by ALT F then "o", go to the location of your wordlist on your hard-drive and select it. With your wordlist and URL chosen there remains one last thing to set-up, your Proxy. If you wish to minimize the chances of getting into trouble with this program then the use of a proxy or proxies is highly recommended. There are numerous ways to obtain proxies which I am not going to go into here, I will assume that you already have one or more. To install your proxy/proxies for use with GE is rather a simple process; you can access the proxy options by any of the following means: A: Click options at the top of GE then select proxy set-up. B: ALT O and then select proxy set-up or hit the P key. C: Hit the "options button" the one with the little folder & tools then select the proxy tab. Either one of these will lead you to a screen that allows you to insert the proxy/proxies you wish to use. Put a tick in the little box that says "use proxy" Insert the proxy and the port then click the add proxy button and it should appear in the small window and your set. You can add as many proxies as you wish and I will cover further proxy features in the second part of this tutorial. Okay you have your sites members URL loaded, you have your wordlist ready to go and your proxy is on fire and waiting.... Okay before we go on lets cover a few of the reasons why GE may not run right. USE the checklist below. Speed? Make sure your speed setting is not set to "0". Make sure your list is loaded? Make sure you have the right list ready to go, most site require the use of "Combo" lists i.e., User:Pass. make sure you have a site loaded Okay everything is checked? Then hit the start button at the top it's the one with the 2 computers with a globe behind, sit back and enjoy. 2. Html Form-Based attack: (Either select it manually or ALT C them H or F6 key) Okay once you have the screen for this type of attack up you will notice several fields that need to be filled in: URL: enter the url for the site you wish to run. Form: either enter the information from the sites HTML or hit the analyze button at the bottom. Key words: these can be found by entering a wrong password at the site, when this is done you are sent to a page that say Access Denied or Invalid etc… when you find the sites keyword enter it into this field. Method: look at the sites html code, where it says "Method" this is where you will discover either GET or POST. Keep in mind that HTML-Logins are not as easy as your standard sites, you will get many that send fake passes and the like, this is not the fault of the program but a fact of life. 3. Single Pass crack: This method is used for sites such as Adult-check & Age Check. Either select it manually or ALT C then S or the F7 key. Before I go any further you will need to build lists specific to the site you wish to run, I will not say how here but reading the essays at http://www.icefortress.com is a good place to get info. Okay once you have your list ready load it, make sure your speed is not set to "0" and choose the title i.e. Adultcheck or Agecheck etc… hit the analyze button or just hit run. As with html form based attacks you may have to enter more information which can be gained by looking at the site html code. This ends Part-1 of the tutorial, I should have part 2 done some time in the near future, please keep in mind that this is not written for experienced users but for beginners. All through the program you will see a Yellow "?" if you get stuck hit this and if that along with this tutorial are not enough then there is a FAQ at http://www.deny.de/ge/ or feel free to email me @ kitty_kat@weedmail.com