home *** CD-ROM | disk | FTP | other *** search
-
- [ Frequently asked questions ] [ http://www.subreality.net ] [ November 7th, 2000 ]
-
-
-
- TABLE OF CONTENTS
- -----------------
- 1. CrackWhore
- 1.a. Introduction
- 1.b. Getting started
- 1.c. Bugs
-
- 2. Proxies
- 2.a. What is a proxy
- 2.b. The proxy.txt file
-
- 3. Exploits
- 3.a. What is an exploit
- 3.b. The exploits.txt file
-
- 4. What do these things mean?
-
-
-
-
- 1. CRACKWHORE
- -------------
- 1.a. Introduction
- -----------------
- CrackWhore is an application built to test web site security. It is not meant to be used for
- illegal purposes. The user, and JUST the user is responsible for results of using it for
- breaking into a web site that doesn't belong to him or her.
- CrackWhore is available for download on http://www.subreality.net
-
- 1.b. Getting started
- --------------------
- Getting started using CrackWhore in three simple steps:
- 1. Decide which site you want to get into.
- Paste the URL of the proteted area into the textbox next to the 'Go' button.
- The protected area is the area that requires a password (usually the URL is
- located under the 'Members enter here' button or something similar.)
- Note: CrackWhore is built to crack Basic HTTP verification,
- NOT form-based logins like Hotmail!
- 2. Select the wordlist you want to use.
- On the 'Wordlist' tab, click the 'Browse' button, and select a wordlist.
- CrackWhore comes standard with an example wordlist called 'ultimate.txt',
- but you can also create your own wordlists, or download them from the web.
- 3. Press 'Go'.
-
- CrackWhore will now automatically do the following things:
- - test if the URL you provided exists and is protected
- - load the wordlist
- - check if you already have passwords for this site
- - open a number of connections to the target site
- - start cracking :)
-
- By now, the response codes should be flying by in the 'Realtime info' box.
- These response codes should be 401 (which means the password didn't work),
- and if you are lucky, an occasional 200 (password worked).
- Have fun and good luck!
-
- 1.c. Bugs
- ---------
- Q: How do I report a bug?
- A: You can email webmaster@subreality.net, there is a button for that in CrackWhore, and
- you can also fill out the 'contact' form on http://www.subreality.net
-
- Q: CrackWhore isn't working.
- A: Please be more specific.
- I need to recreate the bug in order to fix it. I can only help you if I know:
- - what the problem is (Error message, not just the number)
- - how often it occurs (always, sometimes, only if you press 'a button' first etc...)
- - when it occurs (during startup, when cracking a site, when loading exploits, etc...)
- - other details, like what OS you are running and stuff
-
-
-
- 2. PROXIES
- ----------
- 2.a. What is a proxy
- --------------------
- A proxy is a server in between you and the 'target' site. CrackWhore sends the requests to the
- proxy and the proxy sends a request to the target site.
- Therefore, the target site will NOT receive a request from YOU, leaving you anonymous.
-
- 2.b. The proxy.txt file
- -----------------------
- Q: Can I add new proxies to the proxy.txt file?
- A: If you plan on adding dozens of proxy servers, you might choose to paste them directly into
- the proxy.txt file, instead of typing them in one by one in CrackWhore.
- This is perfectly okay, as long as you are sure the proxies are working before you insert them,
- and stick to the format 'hostname:port'
- Example: proxy.server.com:8080
-
- Q: I added new proxies and now CrackWhore is really slow or giving me lots of red 'ERROR' responses.
- What's up?!?
- A: Most likely, one or more of the proxies you added is not responding, or responding very slowly.
- It might also be, that the proxy server doesn't understand the request.
- Be sure to test every proxy before adding it to CrackWhore, since it doesn't have an extensive
- proxy-checker, just a simple speed-test. Don't rely on it.
-
-
-
- 3. EXPLOITS
- -----------
- 3.a. What is an exploit
- -----------------------
- An exploit is a server-side vulnerablility that can be taken advantage of in some cases,
- but ONLY if you know exactly what you're doing.
- If you don't know what you're doing, just don't use this feature or get some advice.
-
- 3.b. The exploits.txt file
- --------------------------
- Q: Can I add new exploits to the 'exploits.txt' file?
- A: Sure, it's pretty simple actually, you just have to follow these rules:
- - ALWAYS start with '/'
- - if it's a directory and not a file, END with '/' as well !
-
- Q: Shouldn't you add '/members/.htaccess' to the 'exploits.txt' file??
- A: NO. CrackWhore will check for each of these exploits in the root directory,
- but also (if you have a password) in the members directory :)
-
-
-
- 4. WHAT DO THESE THINGS MEAN?
- -----------------------------
- Simultaneous Connections
- - This is the number of simultaneous connections CrackWhore will open to the
- target server.
- More connections doesn't necessarily mean FASTER, since your internet connection
- can only handle a certain amount of traffic at once.
- Top performance is usually reached with these numbers of connections:
- 28k modem - 8 to 20 connections
- 56k modem - 15 to 25 connections
- ISDN - 18 to 30 connections
- ADSL - 20 to 40 connections
- T1 or faster - 20 to 50 connections
-
- Forced TimeOut
- - This is the maximum number of seconds CrackWhore waits to receive a package
- from the target server.
- Set this 1 or 2 seconds higher if you have a lot(more than 5%) of TimeOut errors.
-
- Ignore Redirects
- - Sometimes the target server redirects you to another page after a 'bad password'.
- Check this box to keep attacking the old address, uncheck it to try to attack the
- page you are being redirected to.
-
- Send Hits To SubReality
- - Check this box if you want every password you are going to crack to be automatically
- posted on SubReality dot Net.
-
