Hacking protected sites for dummies

Hacking protected sites for dummies. v1.0

By: KaWaIiNeKo

Alright, I'm gonna make this as short and simple as possible, Hacking password protected sites isn't really what it sounds like, Were gonna be doing what's typically called the "Brute-force" Approach which is trying every possible combination for a word and a password till we get one that's correct which will typically give us access to the site and it's content.. Sounds simple huh? Well it's not as easy as that, Sometimes as many things we could try to do to get a working pass from a site there are as many things they could do to stop us which ill be explaining as we continue.

Tools needed:

1. A program to crack the website. This is your brute forcer, It will constantly try usernames/passwords till it finds a working one for you to use. I recommend Goldeneye because it will be the one explained in the tutorial. There are others such as brutus, access diver which basically do the same thing and you might take time to learn them also. You can also download Goldeneye here.

2. Proxy servers. These are basically systems for you to use so that you can hack password protected site without being caught by the site admin. If you happen to be caught your ip will be banned from the site and you wont be able to access it anymore. There are 2 kinds of proxy's, Secure and Non-Secure. With secure proxy's the site wont know who's trying to hack it because they wont give out your ip. But with non secure proxy's they let your ip be seen by the site and without any notice they can ban you which is bad. You can find proxy's anywhere. Some of them have restrictions and things like on certain ports and multiple request to a site can cause you to be banned and even parental filters which will block access to any site that contains adult content. Anyways i wont be listing any proxy's being that they disappear everyday and keeping up with a working list can be a job in itself. You can find proxy's here.

3. Wordlist. This contains... Words.. alot of them. This is essential to cracking password protected sites because the more words you have and the better your list the better chance you have at a working username and password. I use raptor to create wordlists. How do you find words well. With raptor it can be from text files or ripped through html files it shouldn't need any explanation. Here's a sample list i made. You can find lists anywhere just search google for "wordlist" and something might come up.

First off. Once you have everything together start goldeneye.

First off in the toolbar click on "File" then "Open Wordlist" After you select your list in the "URL" Put in the site you wish to crack usually http://members.site.com/ or http://site.com/members/ This is where the little box pops up asking you for a Username/Password. After that click on "Wordlist options"

Then "General Wordlist Options" Where it says convert make sure they are both set to lowercase because most usernames and passwords are lowercase. Also where it says "Wordlist Style" this depends of your preference where "Use single list" Means the user name is the same as password, "All possible combinations" will use all available words to make as many possible combinations as it can. Next click on "Options" in the toolbar Then "Proxy Setup"

Here's where you add your proxy's. You can also make a text file that you can just load each time it needs to be in the format of "proxy.somesite.com:8080" In single line format. Where it says "Change proxy after 50 attempts" I'd make that 3 attempts so that your proxy stands a chance of not being banned if the site your trying to crack puts a limit on the number of try's you can make. And select "Change proxy on proxy-error" So that if for some reason your proxy doesn't respond it wont keep using it till the next time it rotates back. Alright you should be ready to go. Click on "Access" Then on the connect button and watch as it tries to crack the site. It could take as long as a few days or a few minutes depending on your wordlist the speed of your connection to the site and how many users they have in there database. This should be about everything you needed to know. if you have any question or if there is an error in this tutorial feel free to email me.