DISCLAIMER: IN THIS GUIDE I AM USING SANDBOXIE TO OPEN THE PROGRAMS FOR MAXIMUM SECURITY. I HIGHLY RECOMMEND USING SANDBOXIE TOO OR A VIRTUALBOX/RDP. I AM NOT RESPONSIBLE FOR ANYTHING THAT HAPPENS TO YOU FROM THESE PROGRAMS. MOST OF THE ANTIVIRUSES WILL FLAG THE FILES AS VIRUSES AND DAMN RIGHT THEY ARE, MOST OF THE CRACKED PROGRAMS ARE FULL OF VIRUSES. JUST ADD AN EXCEPTION AND ALWAYS RUN IN SANDBOXIE/VB/RDP. DOWNLOAD AT YOUR OWN RISK.
Now this is long but you can make $$ profit
Making the dorks.
Dorks are used in SQLi to create a list of URLs where we can analyze and find which ones can be exploited. So, let’s learn how we can create our own dorks, shall we?
Firstly, open the two dork generators by N3rox and JohnDoe, as well as the Notepad++.
Step 1: Go to the dork generator by JohnDoe and click the letter D, If they are already clean, skip this step.
Step 2: Now go to the Grabber tab and press Load.
Step 3: Load the URL text I included in the zip file. (The program interface sucks, sorry for that, it’s JohnDoe to blame)
Step 4: Wait for the program to complete loading.
Step 5: Copy the Page types p.2 contents.
Step 6: Go to Notepad++ and make two new files.
Step 7: Paste in the contents of the box we copied just a second ago.
Step 8: Go to Search > Replace.
Step 9: Press the “Space” button on the first box and “Backspace” on the second box, so we can remove all the spaces from the lines. Click Replace All.
Step 10: Now, search all the lines and remove any weird marks, until there are only words like “example=”.
Step 11: Now go to the Page Types box in JohnDoe’s generator and copy all the contents, and paste them into the second file you created in Notepad++, search all the lines, and delete all the bad types until there are only good ones left. Just like we did before, we keep only the good lines. If you didn’t understand what “bad types” meant, just write down the same page types like mine.
Step 12: Now go to the N3rox’s generator and write down some words in the first box on the left, for example, “steam, money, LoL, bf1… etc” and separate them into their own lines. Also, copy and paste the clean page types and page types p.2 we made a while ago from Notepad++ to N3rox generator, in their own boxes Click Generate. (i used translated page types p2 and keywords to German, so I had German dorks. Use any language you like, the best and most common is English. I will also show you how to translate them in a few steps below.)
Step 13: The dork’s file should be in the folder where you placed the n3rox generator. If it isn’t there, check the Sandboxie folder, as I showed you a few steps above. Congratulations, you just made your own dorks and you didn’t even pay for them.
Step 14: If you want to make dorks in other languages so you can get accounts of that nationality, go to the Translator tab in JohnDoe’s generator and write your keywords in the Name of Pages tab, select the language, press Translate and wait for the process to finish. After that, you can copy the translated contents and paste them into N3rox’s generator.
So, what we did basically generated the Page Format and Page Types from the URL and we used them to make new dorks. We cleaned them and we also translated them so they are even better. We used JohnDoe’s generator to generate the Page Formats and Page Types, and we used N3rox’s dork generator to generate the dorks, with those Page Formats and Page Types. You can also import your own URLs after finishing with SQLi Dumper, as i will show you later on, so you can generate more Page Formats and Page Types. This is the hardest part of all the process of account cracking and it’s not even that hard lol. What you need is some imagination for the keywords and that’s all the fuss. Let’s move on to the next chapter.
Making the combo lists.
Now is the time to use the dorks we made, to make our combo list. We will be using SQLi Dumper to make some good combos so we can test them later on. Let’s begin.
Step 1: Open SQLi Dumper
Step 2: Now, open your dork’s text file with Notepad++ and copy your dorks. (Don’t copy more than 15k because your SQLi Dumper will crash 100%). Now click Start Scanner and wait until you have about 10-20k URLs. If your SQLi dumper does not get any URLs, make sure you have it unblocked from your firewall and antivirus and restart the program. If it still doesn’t load any URLs, load the ones I gave you in the .zip file by clicking the Import button and pressing Start Scanner. If it still doesn’t work, then GG. See you in a while, after you get some URLs.
After you see it has about 10-20k Valid Added, press the Cancel button. It doesn’t stop at 100%, that’s why we have to do it manually, based on the Valid URLs added. If the valid added stay the same number after 15 mins, click cancel. If you Loaded 20k dorks and you got 1k URLs after 3012831280441279410274 days, you have bad dorks.
Step 3: Now go to the Exploitables tab and press Start Exploiter. Use as many threads as you want, I use about 30.
Step 4: After it has completed exploiting, (you can see if a process has been completed by looking at the bottom of the SQLi Dumper, it says Exploited thread done, exploitable detected: X. If you don’t see such message, then you need to wait until it’s done. ) it should look like this. (keep in mind that antivirus messages may pop up, saying that a webpage was blocked. That’s ok, nothing to worry about.)
Step 5: Go to the Injectables tab and press Start Analyzer. I use about 30 threads again. Wait for the process to complete. Note that your SQLi Dumper may crash during any of these processes. If it does so, just recovers the files in Sandboxie and reopen the program and continue from where you were left.
Step 6: After the Analyzing process is complete, your Dumper should look like something like this.
Step 7: Click the Method tab, until we have all the Unions sorted from the Errors.
Step 8: Click The [+] box in the bottom left corner of the dumper.
Step 9: Check 2 boxes out of 4. Write in what you want your combo lists to be about. I used username and password because I want my combo lists to be of usernames and passwords. You can also have 1 box checked. You can also write in anything you want, such as email and password, name and last name, credit card name and credit card number, etc
. Also, make sure Current DB is checked and Columns as default.
Step 10: Select all the Unions with the SHIFT button and click Start. A new window will pop up. Wait for the process to finish. Don’t close this window. EVER.
Step 11: Scroll down until you find a database with a good number of Username or Password rows. If both Username and Password have the same number, it’s perfect. If you only see Username or Password, it’s okay too, but the database may not have good combos. Its all about luck here. Select a database with more than 5k rows.
Step 12: After you found what database you want to crack, select the URL’s name and click Go to Dumper > Dumper Form.
Step 13: This is the time where you need to guess. Click on a column you think the combo lists will be at and press Get Columns.
Step 14: I found mine, so now I click on what I want to dump. In this case, I only want to dump usernames and passwords. Check on anything you want to dump and press Dump Data. If you had a large number of rows, this is gonna take a while to complete. Also, if the Dumper crashes here, I feel sorry for you son, you cant do something about that, you need to restart dumping the data from the beginning.
Step 15: As you can see, I got very shit combos. If you get bad combos too, press X which is under the Schema tab, and search for a new URL.
Step 16: After you dump your data, press Export data. A new window will pop up, just make sure it is mine. Press start when you are done.
Step 17: Click save and find the text document you just saved. Check the Sandboxie location if you can’t find where you saved it. Open the text file and remove the first lines until you only have your combos in there. If your passwords are not encrypted, you can skip chapter three and you can go straight to chapter four. If your passwords have a weird format like mine, we need to find out which type of Hash it is and we need to rehash it.
Dumping data from a database is all about luck. If your SQLi Dumper keeps crashing, you can dump databases with SQLMap, which never crashes (i cannot post how to do it because SQLMap keeps updating and the commands keep changing all the time. You can search on google or youtube on how to install SQLMap and how to use it. I am currently using it on Kali Linux 2016 on VMWare Workstation 12). You will either get good combos or you will get shit. Just never give up, and always keep trying. You can also save your Trashed URLs to generate new combos with JohnDoe’s generator.
Dehashing the passwords from a combo list.
Step 1: Open ORHT ad click Ok. If you have opened ORHT and you can’t find the window or you minimized it accidentally, you can find it in the tray menu.
Step 2: Click Main Menu > Start From File and load the Combo you dumped. My hash encryption was MD5, so i have checked MD5 as Hash Type on the window.
Step 3: Make sure your ORHT looks like mine. Click OK and after some time, a message will pop up saying how many hashes were decrypted. Click OK again.
Step 4: Go to Main Menu > Save to File and make sure your OHRT looks exactly like mine. Click Ok and wait for the process to finish. A message will pop up that will say success. Click OK and save your DEHASHED combolists.
Basically, that’s it, if you dumped 100k combos, it’s most likely that 30% of it to be dehashed, but that’s on luck again.
There is also another method to dehash combos that is a lot faster and has a much more success rate on dehashes (I have 98% most of the time). Though it requires MANY Gigabytes of your drive (mine is currently 115Gigs). There is already a guide on Nulled made by Calix and can be found here so I will not rewrite how to do it. If your combos were not encrypted then what are you doing in this chapter?
Checking the combos.
Before we start checking the combos with the sentry, we need some proxies.
Step 1: Make a new text document and name it proxies. Then open Gather Proxy and go to the Advanced tab and change the settings same to mine.
Step 2: Go to the Gather Proxy tab and press Start and wait for the program to finish. After it’s done, press SHIFT to select all combos and copy and paste them into your proxy’s text document.
Step 3: Open Sentry MBA and go to Settings > General > Load Settings from Snap Shot and load the config of the site you want to check your combos. In my case, I will be using the NA League of Legends server because my database was from a site from the US Wink. In the .zip file, I have all the League of Legends configs. If you don’t want to check your combos for a league or if your combolist is email and password (emailass) form, you can find all the configs you need here from Nulled. I will not be posting them here.
Step 4: Go to Lists > Proxylist > Clear List and then Load the proxies from the text document you made earlier.
Step 5: Go to Lists > Wordlist and press clear combo if the upper left box is not clear. Press Open a Combolist and choose the combolist we dehashed a while ago.
Step 6: Go to Progression, set the bots to a high number (i go for about 90-110), and click Start and Click start one more time.
Step 7: Wait for the program to finish, when all combos were checked as we can see from the bottom of the window, we can click Stop. Press SHIFT and select all the contents from the Hits tab and right-click and save them to the clipboard. Make a new text document and paste them there. Congratulations, you have your ready combos that work for that specific website/game, etc… In my occasion, it was for League of Legends.
The whole process is similar to the oil process. We take all the shit we can find and we filter it to a good result. If you read carefully this whole tutorial, you have now learned to:
1) Make your OWN dorks.
2) Dump your OWN data.
3) Make some good out of it
You can also buy instant:
Cashapp Money Transfer Click here
Paypal Money Transfer Click here
Western Union Money Transfer Click here
Venmo Money Transfer Click here
Bank Money Transfer Click here to Contact Us