[ ::: Dioxin’s  Tutorials ]

You go to an adult site and a gorgeous babe is on the cover of the site posing semi-nude and you thought “I’d like to see more of this chick!” If you have a credit card and wouldn’t mind paying a couple of bucks for porn then probably you don’t need to continue reading this further. On the other hand, if you’re like me who doesn’t even have a bank account then let’s do business.

When you click on the members link of that particular adult site, a small window pops up asking for your username and password and since you don’t have one you can’t enter the members area of that site and you never get to see that babe fully naked. You could  try guessing though because people are lazy and forgetful by nature and chances are some member of that site might be using easy to guess username and password such as britney and spears, repectively. Those which are easy to remember, another example would be getting it from the keyboard like qwerty for username and asdf for password. If you are lucky or probably you’re a descendant of Nostradamus then good for you. Otherwise, the possibilities are endless. Doing it manually would take time and probably at the third guess the site would log your IP and ban you from further guessing. 

There are tools that were made for automating the task of guessing described in the previous paragraph. Cracking is basically guessing the right username and password. For example: I use tom as username and jones as password in a particular site, that’s easy to remember right? But it’s also easy to guess. So for example, you the cracker has this wordlist having tom:jones typed in it then bingo you’re in. 

What are wordlists?  there’s a single wordlist and there’s the combo wordlist. 

Single wordlists is a text file containing words in this format:

abcd
dioxins
counter

Combo wordlists is a text file containing words in this format:

abcd:3465
dioxins:pass
tom:jones
counter:rtyio

Basically, wordlist is one of the things that you need to be able to crack/test (automated guessing) a site. For beginners, there are lots of wordlists available for downloads which are used for programs such as Accessdiver, Goldeneye, Ares, etc. For beginners, it is advisable to find those combo wordlist. Let’s discuss the example, take abcd:3645, abcd is the username and 3645 is the password, the list must be in this format. Say you’re using accessdiver (AD), AD will use these combinations and enter it in the username and password of that site until it gets a hit meaning that you have guessed a valid username and password. You’re success depends on the strength of your wordlist but you may think that the bigger the wordlist the better…hmmmm maybe not. You can run a wordlist of 100,000 lines and still not get a hit. It depends on the site that you are testing, there are wordlists made for sites depending on categories (i.e. wordlists for teen sites). Also, success depends on your proxies.

Proxies are in the form 

204.96.17.136:80
123.234.789:8080
321.123.243:3128

Proxies are used for you to remain anonymous providing that the proxy you are using is anonymous. In the example above you see 3 proxies. Most Bruteforcing Programs if not all require you to use proxies. You can also test the proxies using these programs if they are anonymous or not. Not only does it help you remain anonymous but it also speeds up your testing. Why? It will not be covered by this tutorial, read somewhere else about proxies. Accessdiver lets you test your proxies if they are anonymous and are functional. You mustn’t use non-anonymous proxies as this will spill your IP which will result in getting caught.

Now the question is where do I get proxies and wordlist? By the way, if you wish to use accessdiver as your testing tool then better read up on its manual, which is located in the tools section of http://dioxins.port5.com 

Back to the question of where to get the proxies and wordlist, I’ve posted links to wordlists in the wordlists section of http://dioxins.port5.com, use them on accessdiver and replace the default wordlists that comes with AD when you downloaded it. Proxies on the other hand, are not that hard to find. Go to the proxy dump section of the deny.de and securibox, the links to both are posted in the links section of http://dioxins.port5.com. You must register first before getting your hands on the proxy dumps. Registration is free, you just need a working e-mail. 

When testing a site, you must get the members url, for example: www.site.com/members.html or www.members.site.com 

How to get the members URL? When you click on the members link of a particular adult site, a box pops up asking for username and password. If you click on cancel, you will be redirected to a page where there might be something like unauthorized or forbidden etc. The address written above in the URL box of your browser upon seeing that unauthorized page is the members url. Copy that, that will be the URL to be tested that you will use on say Accessdiver.

Another thing, because you are reading this that means you’re a newbie and so when testing sites don’t start off with hard sites, take it one stride at a time, get the hang of it first and try those easier sites and then later on the hard ones because if you start off with a relatively harder site and didn’t get a hit you’ll get frustrated and tell yourself “this is not fun”. =P

If you didn’t quite get what this tutorial meant then read it again and again. =)