Go Back   Xisp.org Forums > Porn Password Cracking > Cracking Tutorials

Removing Exploiter's Combos From Your Lists, A tutorial by...ME! - Splendidly_null

Reply
Views: 2154 - Replies: 10  
Thread Tools Display Modes

Removing Exploiter's Combos From Your Lists, A tutorial by...ME! - Splendidly_null
Old 01-05-2005, 07:21 PM   #1
.WiZmAn.
The.WiS3
 
.WiZmAn.'s Avatar
 
.WiZmAn. is offline Offline
Join Date: Jan 2005
Location: Mexico
Posts: 903
Threads: 83
.WiZmAn. is on a distinguished road
Default Removing Exploiter's Combos From Your Lists, A tutorial by...ME! - Splendidly_null

A Basic Tutorial On Removing Exploiters' Combos From Your Wordlists.

Written By Splendidly_null.

Why Would I Want To Remove Xploiter's Combos?

In most cases, because of the commonality of these combos in wordlists, the frequency in which they are posted, and the fact that they often indicate a breach in security, these are the weakest logins you can crack. They are usually removed from the passfile when a new billing period begins or when maintence of the passfile is done, making these combos last for a very long time. The combos that exploiters post are less likely work for any other sites you are bruteforcing because the exploiter would have to exploit the other site too and use the same combo and the combo would still have to be valid, and if it is a common exploiter's combo on a quality site, it will have been killed because of how common the combo is.

Basically, your passes your BF will last longer if you don't use exploiter's combos that everyone uses and posts.

Creating A Wordlist That Makes Finding Xploiter's Combos Easy

Due to the fact that many exploiters' combos have the same username (and/or password) with a few digits changed, it is recommend that you combine your wordlists into one large one. This enables you to find groups of exploiter's combos and to remove them quickly.

To combine the wordlists you wish to search for exploiters' combo's, use Raptor 3. Load the first wordlist you wish to combine into the main Raptor window. Then, Click the "File Operations" Tab, and under the "add lists", select "Merge Lists with Active Wordlists", then select all the other lists you wish to merge. Click the "Add" button. Then remove the duplicates. Finally Click, "List Tools", then "Extended Sort". Select "Username", "Alphabetically", and "Ascending", and then click "ok".
This will sort the wordlist and make it much easier to spot series of exploiters' combos.

Determining Which Combos Are Xploiters' Combos

Now for the time consuming part. After you have combined your lists, load the list into your preferred text editor, I recommend ultraedit. Then, while keeping the combined list open, start a new text document (this will become the list of exploiter's combos).

Begin browsing or searching through your list for any signs of the following in a combo:

A Cracker's name that you may know (look at the names in forums and on IRC channels).
Combos containing the word allston as the username.
Combos That contain h4x0r3d.
Combos that contain "lovesyou" as the pass.
Combos that contain "washere" as the pass.
Combos that contain "zealots as the pass.
Combos that contain "ownzyou" as the pass or something similar.
Combos that contain "kicksass" as the pass.
Combos that contain the name of IRC cracking groups (Zima, XPW, etc).
Combos that contain "passfan"
Combos that contain "kume" as the pass
Combos that contain "passthief"
Combos that contain "wapbbs"
Combos that contain "natasha" or "zolushka"
combos that contain "rulez" or "rules" as the password, these are usually preceded by a cracker's name.
Names of Hacking groups (forxxxhq,XPW, Lawina, webcrackers, etc)
The words exploit, xploit, hacked, cracked, xxxpass or anything else that is cracking related.
Any passwords that suggest that whoever is listed in the username field deserves some praise (rulez, isthebest, kickass, etc.)
Combos that are very similar and come one after another (more than just one or two) in your alphabetically sorted wordlist.

Due to the fact that we sorted the list alphabetically, it makes it easier to find combos that come one after another alphabetically, such as natasha:zolushka1 followed by natasha:zolushka2.

You can then sort you list alphabetically by password and do the same process, looking for combos that are similar that come one after another in your wordlist.

This should take a while, but it will reduce the size of your wordlists dramatically, making your bruteforcing more efficient and producing combos that don't die quickly.

A Note For The Xploiters
As much respect as I have for someone who exploits one of those really high quality sites out there, I quickly lose it when decrypt a passfile and see 20 combos saying that soandsocracker:rulez over and over.

When you add passes to a passfile either try to make them a likely combo that could possibly be used on another site, or make them difficult so only you have access to the site via that pass. And don't flood the passfile with tons of your combos, it ruins the fun for the rest of us when the administrator fills the security hole (unless that is what you are trying to do).
__________________
*..*`*( XxXCrackers, Xisp CreW PoWeR of The XxX WORLD )*`*..*
  Reply With Quote

Old 03-16-2005, 11:25 AM   #2
agajan_m
Guest
 
Posts: n/a
Threads: 5107
Thumbs up

Quote:
these are the weakest logins you can crack.
yes u r right. and always bother me and wasting my time
Quote:
combos that contain "rulez" or "rules" as the password, these are usually preceded by a cracker's name.
Quote:
Due to the fact that we sorted the list alphabetically, it makes it easier to find combos that come one after another alphabetically, such as natasha:zolushka1 followed by natasha:zolushka2.
i ask myself...names are same but passes are different. how can it be?. now i see who made these them all ;) [... ers]
Quote:
When you add passes to a passfile either try to make them a likely combo that could possibly be used on another site, or make them difficult so only you have access to the site via that pass.
I like this :) ....
  Reply With Quote

Old 03-17-2005, 03:12 PM   #3
BiggyLew
Guest
 
Posts: n/a
Threads: 5107
Default

thanks man, will do this to my lists
  Reply With Quote

Old 03-18-2005, 07:25 AM   #4
ToRaZ
Special Friend
 
ToRaZ's Avatar
 
ToRaZ is offline Offline
Join Date: Jan 2005
Posts: 2,220
Threads: 259
ToRaZ is on a distinguished road
Default

very very sound advice : )
a good read
  Reply With Quote

Old 09-07-2005, 06:14 AM   #5
kapu
Guest
 
Posts: n/a
Threads: 5107
Default

this I like, thanks
  Reply With Quote

Old 09-07-2005, 06:50 AM   #6
daemon.azazel
Platinum Exploiter
 
daemon.azazel's Avatar
 
daemon.azazel is offline Offline
Join Date: Aug 2005
Location: Eastern Europe
Posts: 1,324
Threads: 104
daemon.azazel is on a distinguished road
Default

lol i see brother natasha kicked his way as unfamous in your tutorial ;)
yeah that was the times... he and protest had 20 customs in each
passfile allowing them to add...
  Reply With Quote

Old 10-29-2005, 06:10 AM   #7
figo07
Guest
 
Posts: n/a
Threads: 5107
Default

thanks! so complicated though for me!
  Reply With Quote

Old 02-07-2006, 09:22 AM   #8
security
Banned
 
security is offline Offline
Join Date: Jan 2006
Posts: 104
Threads: 7
security is on a distinguished road
Default

Great tutorial. Thanks.
  Reply With Quote

Old 04-22-2006, 04:24 PM   #9
thchog
Special Friend
 
thchog's Avatar
 
thchog is offline Offline
Join Date: Mar 2006
Location: California, USA
Posts: 319
Threads: 89
thchog is on a distinguished road
Default

I mentioned this to sly and he was unaware of one, but before I waste any more time on it I had a question. While cleaning a few guge wordlists I had like over 100k combos I was wrapping up by taking your advice and ridding my list of exploiter names when I noticed how many I had, pages and pages of them. I first wondered if there was a blacklist in Raptor like Charon for example but did not see one. Fresh from referencing sly's tut on cleaning wordlists i thought a master blacklist of users and pass's that could be removed before anything based on for 1 common exploiter names and pass's. I have compiled a little over 6,000 unique user and pass combo's and was curious if there already may be such a list, if not does anyone see as being useful, and does anyone have any suggestions or thoughts on how best to put it to use? You can see it here for review and thoughts should anyone have any. Keep in mind it is a rough draft, just to get a feel for it, so I know some things may need to come off and others added.

https://www.xisp.org/forum/showthread.php?postid=581834#post581834

Thanks,
THC
  Reply With Quote

Old 04-22-2006, 09:21 PM   #10
joechang
Guest
 
Posts: n/a
Threads: 5107
Default

great post
next time if i want to add pass, my password will be like this KJ2G83h0fL,maybe no one can crack it
  Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump



All times are GMT -4. The time now is 08:01 AM.


vBulletin skin developed by: Xisp.org Crew
Powered by vBulletin®
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
2005 Copyright Xisp.org