Go Back   Xisp.org Forums > Porn Password Cracking > Cracking Tutorials

Fake Pass, By Xtremet

Reply
Views: 1973 - Replies: 9  
Thread Tools Display Modes

Fake Pass, By Xtremet
Old 06-30-2005, 04:24 PM   #1
Elena
Guest
 
Posts: n/a
Threads: 5107
Default Fake Pass, By Xtremet

...FAKES WHAT ARE THEY, WHY DO THEY HAPPEN AND HOW TO AVOID THEM...

...By Xtremet...

-=Edited and additions by Snowski - June 2002=-

Ever wondered why all those hits you have been getting using your favourite cracking utility just dont seem to work when you try to login? Well the answer is that the site you are trying to gain access to is using a security script to protect itself by returning valid hits to all your attempts.

There are a few reasons for getting fakes, in order of importance:

1. This "Fake Pass Protection" is becoming very popular amongst webmaster's and admin's to reduce the amount of bandwidth that is used by "Non Paying" clients due to the utilization of cracked passes.
2. You are not using the correct member URL
3. You are using Proxies that produce fakes: Use a ton of fast proxies, anonymous, and delete all gatways
4. You are not rotating proxies fast enough, set proxy rotation to 1
5. You are attacking too fast, lower bot speed


1. WHAT ARE FAKE PASSES?

These are the passes you get when you are running your favourite cracking utility against a site and all the hits you get dont work when you try to login.


2. WHY DO THEY HAPPEN?

As said earlier, Fake Passes are the result of a script that is designed to send a "simulated hit" to a login attempt. The way this script works is that it detects the number of login attempts by an I.P over a certain period of time. For example: Say if an IP is sending more than 15 requests in 5 seconds, the script would be actuated and every request after that, from that IP would be returned as a valid hit. The time frame can be defined by the admin or webmaster or whoever is setting up the script. Prime example is using Pennywize protection. Obviously the shorter the period of time, the more difficult the site would be to crack.


3. HOW TO AVOID FAKES

Obviously with the requirements for the script to actuate being a certain amount of requests by a single I.P over a time period, the way to get around this is to use proxy rotation (multiple proxies, rotate every 1 try) and to slow down your attack speed (bot speed). Use fast, anonymous proxies, and delete all gateways in your proxy list.

All the latest cracking utilities support proxy rotation so they make getting around this very simple. First thing to do is get yourself a list of good anonymous proxies, (the more the better, but around 500 is a good number), verify them, then load this list into your cracking program. Set the option to rotate proxies after every attempt and set the speed (the number of connections or bots) to say a range of 1-5. You can start out with a higher number than this, and reduce it if you start to receive fakes. remeber to remove all the gateways.

Remember to set your settings in your AD or GE correctly...tell it how to handle fake replies and redirects, and what to block in your history file (use keywords such as Pennywize). Then test the fakes again with the same proxy...some redirects are actually valid weak logins!

Here is a short Check List:
- Set up all the needed data in your BF proggie (wordlist, URL, etc)
- Go to the proxy checker, and make a backup of your working proxies
- Check button 'test if proxy gives fakes'
- Test proxies against the main URL of the target site. Delete all non-anonymous, very slow, and gateway proxies
- Start BF process
- Monitor progress and replies...lower bot speed if necessary

Please note that some proxies are banned from site A, but might work very well on site B...hence the backup you made..!


4. CONCLUSION

All sites which use the Fake Pass Protection Script can vary in the time and speed at which the script will actuate. Some can be as tough as having to set you cracking program speed to one bot, and to rotate proxies every attempt. This as you can imagine can be very time consuming and is where the importance of having good wordlists come into it. I recommend keeping a detailed log (Site, Speed of Attack and Proxy Rotation Details) of all sites that "throw fakes", so that for future reference you can adjust the settings on your programs without having to go back and test what settings work for each site.

Thanks!

Xtremet
  Reply With Quote

Old 07-08-2005, 03:24 PM   #2
resdog201
Guest
 
Posts: n/a
Threads: 5107
Default

thanks for the tut!
  Reply With Quote

Old 07-08-2005, 10:50 PM   #3
Final Sephiroth
Guest
 
Posts: n/a
Threads: 5107
Default

well, the best way to detect fake logins is the "Fake Content-Lenght Detector" in AD but the latest Version of AD is filtering a lot on his own
  Reply With Quote

Old 12-16-2005, 06:37 AM   #4
javey
Guest
 
Posts: n/a
Threads: 5107
Default

Wow, I was wondering why I was getting those. Thanks for the post.
  Reply With Quote

Old 01-13-2006, 02:17 AM   #5
playingmax
Banned
 
playingmax's Avatar
 
playingmax is offline Offline
Join Date: Jan 2006
Posts: 142
Threads: 5
playingmax is on a distinguished road
Default

nice, I was wondering why I was getting those. Thanks for the post
  Reply With Quote

Old 01-22-2006, 03:47 AM   #6
inv001
Guest
 
Posts: n/a
Threads: 5107
Default

kool really helps
  Reply With Quote

Old 02-01-2006, 03:40 PM   #7
Bono
Guest
 
Posts: n/a
Threads: 5107
Default

thanks for the post. would help me out alot.
  Reply With Quote

Old 02-01-2006, 04:13 PM   #8
odimoski
Poor Replier
 
odimoski's Avatar
 
odimoski is offline Offline
Join Date: Dec 2005
Posts: 188
Threads: 0
odimoski is on a distinguished road
Default

thank for this
  Reply With Quote

Old 02-05-2006, 11:49 AM   #9
d1player
Regular Member
 
d1player's Avatar
 
d1player is offline Offline
Join Date: Jan 2005
Posts: 819
Threads: 72
d1player is on a distinguished road
Wink

Quote:
Originally Posted by Final Sephiroth
well, the best way to detect fake logins is the "Fake Content-Lenght Detector" in AD but the latest Version of AD is filtering a lot on his own
I think the best fake detection is Sentry keywords or C-Force. That last is the slowest, but has the best fake engine.

But people use various tools they like and adapted
  Reply With Quote

Old 02-14-2006, 02:13 PM   #10
josee
Banned
 
josee is offline Offline
Join Date: Jan 2006
Posts: 307
Threads: 2
josee is on a distinguished road
Default

thanks for this info
  Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump



All times are GMT -4. The time now is 09:17 AM.


vBulletin skin developed by: Xisp.org Crew
Powered by vBulletin®
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
2005 Copyright Xisp.org