Go Back   Xisp.org Forums > Porn Password Cracking > Porn Password Cracking Help Section

Sentry (2.0)

Reply
Views: 2660 - Replies: 24  
Thread Tools Display Modes

Sentry (2.0)
Old 05-12-2005, 09:10 PM   #1
RiceDude
Silver Exploiter
 
RiceDude's Avatar
 
RiceDude is offline Offline
Join Date: Jan 2005
Posts: 871
Threads: 147
RiceDude is on a distinguished road
Arrow Sentry (2.0)

I am curious, what is the difference between "Head" and "Get" for Request Method? When should I use one and not the other?

Also, what is the difference between "Header" and "Source" Key Phrases? Likewise, when do I use one instead of the other?

The Header is where the title of the page is, right?

Thanks for helping a newb out
  Reply With Quote

Old 05-12-2005, 09:56 PM   #2
slysnake
Cheshire Cat
 
slysnake's Avatar
 
slysnake is offline Offline
Join Date: Jan 2005
Posts: 5,507
Threads: 315
slysnake is on a distinguished road
Default

http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html

Basicly when using Head method you are just going to look for the response code. Like 401, etc. Source is the body of the page after the Header. The source is what you see in your browser, HEAD is there, but not displayed.
__________________
"How do you know I'm mad?" said Alice.
"You must be," said the Cat, "or you wouldn't have come here."
  Reply With Quote

Old 05-12-2005, 10:05 PM   #3
RiceDude
Silver Exploiter
 
RiceDude's Avatar
 
RiceDude is offline Offline
Join Date: Jan 2005
Posts: 871
Threads: 147
RiceDude is on a distinguished road
Default

So when I crack sites with basic authorization (pop-up login boxes), it's better to use the Get method (if a Failure or Sucess key is used), correct?

As for the Header Key Phrases, they are only useful once you have already cracked the site (and thus gain the inside edge on what the Header code for that home member page or sucess key)?

Last edited by RiceDude; 05-12-2005 at 10:07 PM..
  Reply With Quote

Old 05-13-2005, 04:18 AM   #4
sPlico
The sPlicster
 
sPlico's Avatar
 
sPlico is offline Offline
Join Date: Jan 2005
Location: Croatia
Posts: 9,486
Threads: 407
sPlico is on a distinguished road
Default

Use head only if you use the "afterfingerprint" option. Other then that, there's no need. Also, if you have a fairly good connection, you don't even have to use HEAD ever, as it's the same for you speedwise. For me on 56k, HEAD is much more of a priority then GET. (ofcourse, GET takes up more bandwidth from sites aswell, but we don't talk about that aspect anyway :) ).
  Reply With Quote

Old 05-13-2005, 10:40 AM   #5
RiceDude
Silver Exploiter
 
RiceDude's Avatar
 
RiceDude is offline Offline
Join Date: Jan 2005
Posts: 871
Threads: 147
RiceDude is on a distinguished road
Default

Ahhh the answer I am looking for. Thanks guys for the fast replies. You guys are
  Reply With Quote

Old 05-14-2005, 11:49 AM   #6
jamonit444
Guest
 
Posts: n/a
Threads: 5107
Default

I didn't want to create another thread for this, so i hope this gets seen.......I was testing with Sentry 2.0 and the first 30sec or so i was getting 401s then i was getting 404s, i looked at all my settings, and i thought i had them right. Is there a Tut for 2.0, i found a Tut for the older version, tried to use it but the interface, is so different, any help would be great, and yes i'm new to Sentry, i was reading how you guys like it more over AD, and i'm a AD user with success, any help would be great.
  Reply With Quote

Old 05-14-2005, 12:21 PM   #7
slysnake
Cheshire Cat
 
slysnake's Avatar
 
slysnake is offline Offline
Join Date: Jan 2005
Posts: 5,507
Threads: 315
slysnake is on a distinguished road
Default

My suggestion would be to use sentry 1.4 for a while to get use to it. To me sentry 2 is a little harder to navigate around. A couple of important things to look for in sentry 2. There is a section called settings with a sub category of HTTP headers. This is where you can set sentry to do either basic or form type sites. for basic just tick "URL Requires Basic Authentication" and "Auto Build Header" Choose GET or Head ( I recommend GET most of the time). In request method. And most of the time none is OK for a referer.

The other thing (that I have complained to sentinal about) is the proxy testing situation. Under list you see your working proxy list. But proxy checker is under tools tab. At proxy analyzer you have to click the little hammer and wrench to get the options. Ther you must put in a working judge, put the url of your site to check proxies against, and define the correct response (generally 401 for basic and 200 for forms).

Everything else is pretty much the same. In fake detection you will see a globle keyword box. It just applies key words you always want. That way you can have a set list and use the other boxes for site specific lists only. But you don't have to use this. You can ignore that and it will still work like old version.
__________________
"How do you know I'm mad?" said Alice.
"You must be," said the Cat, "or you wouldn't have come here."
  Reply With Quote

Old 05-14-2005, 12:25 PM   #8
jamonit444
Guest
 
Posts: n/a
Threads: 5107
Default

Thanks for the info, i really did think about using the older version and working my way up, and according to the Tut, the older version do seem a litle easier use, once again thank you.
  Reply With Quote

Old 05-15-2005, 12:00 PM   #9
RiceDude
Silver Exploiter
 
RiceDude's Avatar
 
RiceDude is offline Offline
Join Date: Jan 2005
Posts: 871
Threads: 147
RiceDude is on a distinguished road
Default

I have some little questions about the global keyword box. I have compiled a list of about 30 failure keywords and use it in that box. The question are:

Should I also list the failure keyword(s) in Source for that specific site (the keyword is already included in the Global box)?? Do extra keywords (the site never display these) hurt my chances of getting a hit?

Lastly, how come when a Failure Keyword is found, it also made its way into the Hits window? Shouldn't the Hits window only contain legitimate hits that doesn't have Failure keywords on the page?

Last edited by RiceDude; 05-15-2005 at 12:25 PM..
  Reply With Quote

Old 05-15-2005, 02:43 PM   #10
sPlico
The sPlicster
 
sPlico's Avatar
 
sPlico is offline Offline
Join Date: Jan 2005
Location: Croatia
Posts: 9,486
Threads: 407
sPlico is on a distinguished road
Default

1st. IF it's in global, no need to put it in source or anywhere else.
2nd. Extra failure keywords might hurt your chances. yes.
3rd. If it contains a failure keyword, it can't be in the hit window. You did something wrong.

:)
  Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump



All times are GMT -4. The time now is 01:02 AM.


vBulletin skin developed by: Xisp.org Crew
Powered by vBulletin®
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
2005 Copyright Xisp.org