How to Get your own ComboLists – Updated Hacking Guide
Introduction
In the digital age, having access to ComboLists can be a game-changer for businesses and individuals alike. ComboLists consist of a username and password combinations, providing valuable data for various purposes such as testing security vulnerabilities, optimizing marketing campaigns, or performing research. In this guide, we’ll explore the ins and outs of obtaining your own ComboLists. From understanding their significance to finding reliable sources, we’ve got you covered. Let’s dive in!
Hacking Guide – Get your own ComboLists. The programs we will be using are:
1) SQLi Dumper
2) Notepad++
3) Dork Generators by N3rox and JohnDoe
4) Sentry MBA
5) Gather Proxy
6) Online Reverse Hash Tool
7) Sandboxie (You can get if from Here because i don’t have it included in the .zip file)
DISCLAIMER:
IN THIS HACKING GUIDE I AM USING SANDBOXIE TO OPEN THE PROGRAMS FOR MAXIMUM SECURITY. I HIGHLY RECOMMEND USING SANDBOXIE TOO OR A VIRTUALBOX/RDP. I AM NOT RESPONSIBLE FOR ANYTHING THAT HAPPENS TO YOU FROM THESE PROGRAMS. MOST OF THE ANTIVIRUSES WILL FLAG THE FILES AS VIRUSES AND DAMN RIGHT THEY ARE, MOST OF THE CRACKED PROGRAMS ARE FULL OF VIRUSES. JUST ADD AN EXCEPTION AND ALWAYS RUN IN SANDBOXIE/VB/RDP. DOWNLOAD AT YOUR OWN RISK.
Use this hacking guide for Educational Purposes Only!
DOWNLOAD
https://drop.me/oXKrOy
Just for a heads-up:
Sandboxie will frequently pop up a window and ask to recover files for future use. Just recover each one for them. Don’t forget to clean your Sandboxie contents from time to time. You will also need to have .Net Framework 3.5 and 4 installed on your machine for the programs to work correctly. Search Google how to get them.
To open the programs, Right Click > Run Sandboxed.
http://prntscr.com/hasprk
The default Sandboxie location should be this. So you can know where the text files created from the programs are stored. http://prntscr.com/hasqf2
CHAPTER ONE: Making the dorks. – HACKING GUIDE
Dorks are used in SQLi to create a list of URLs where we can analyze and find which ones can be exploited. So, let’s learn how we can create our own dorks, shall we?
Firstly, open the two dork generators by N3rox and JohnDoe, as well as the Notepad++.
Step 1:
Go to the dork generator by JohnDoe and click the letter D, as shown in the image below, until the boxes are clean. If they are already clean, skip this step.
http://prntscr.com/hassnr
Step 2:
Now go to the Grabber tab and press Load.
http://prntscr.com/hassz3
Step 3:
Load the url text i included in the zip file. (The program interface sucks, sorry for that, its JohnDoe to blame)
http://prntscr.com/hasth2
Step 4:
Wait for the program to complete loading.
http://prntscr.com/hatrff
Step 5:
Copy the Page types p.2 contents.
http://prntscr.com/hatrmb
Step 6:
Go to Notepad++ and make two new files.
http://prntscr.com/hats4c
Step 7:
Paste in the contents of the box we copied just a second ago.
http://prntscr.com/hatsen
Step 8:
Go to Search > Replace.
http://prntscr.com/hau0ic
Step 9:
Press the “Space” button on the first box and “Backspace” on the second box, so we can remove all the spaces from the lines. Click Replace All.
http://prntscr.com/hau0q3
Step 10:
Now, search all the lines and remove any weird marks, until there are only words like “example=”.
http://prntscr.com/hau118
Step 11:
Now go to Page Types box in JohnDoe’s generator and copy all the contents, and paste them in the second file you created in Notepad++, search all the lines, and delete all the bad types until there are only good ones left. Just like we did before, we keep only the good lines. If you didn’t understand what “bad types” meant, just write down the same page types as mine.
http://prntscr.com/hau1h0
http://prntscr.com/hau1pn
Step 12:
Now go to the N3rox’s generator and write down some words in the first box on the left, for example “steam, money, LoL, bf1… etc” and separate them in their own lines. Also, copy and paste the clean page types and page types p.2 we made a while ago from Notepad++ to N3rox generator, in their own boxes, as shown in the image below. Click Generate. (i used translated page types p2 and keywords to German, so i had German dorks. Use any language you like, the best and most common is English. I will also show you how to translate them in a few steps below.)
http://prntscr.com/hau22c
Step 13:
The dork’s file should be in the folder where you placed the n3rox generator. If it isn’t there, check the Sandboxie folder, as I showed you a few steps above. Congratulations, you just made your own dorks and you didn’t even pay for them.
http://prntscr.com/hau2cz
Step 14:
If you want to make dorks in other languages so you can get accounts of that nationality, go to the Translator tab in JohnDoe’s generator and write your keywords in the Name of Pages tab, select the language, press Translate and wait for the process to finish. After that, you can copy the translated contents and paste them in N3rox’s generator.
http://prntscr.com/hau3cc
http://prntscr.com/hau3m6
So, what we did basically generated the Page Format and Page Types from the URL and we used them to make new dorks. We cleaned them and we also translated them so they are even better. We used JohnDoe’s generator to generate the Page Formats and Page Types, and we used N3rox’s dork generator to generate the dorks, with those Page Formats and Page Types. You can also import your own URLs after finishing with SQLi Dumper, as i will show you later on, so you can generate more Page Formats and Page Types. This is the hardest part of all the process of account cracking and it’s not even that hard lol. What you need is some imagination for the keywords and that’s all the fuss. Let’s move on to the next chapter.
<strong style=””><font color=”#ff9933″>CHAPTER TWO: Making the combo lists.</font></strong>
Now is the time to use the dorks we made, to make our combolist. We will be using SQLi Dumper to make some good combos so we can test them later on.
Let’s begin the hacking guide
Step 1:
Open SQLi Dumper and make sure it looks exactly as the image below.
http://prntscr.com/hau69o
Step 2:
Now, open your dork’s text file with Notepad++ and copy your dorks. (Don’t copy more than 15k because your SQLi Dumper will crash 100%). Now click Start Scanner and wait until you have about 10-20k URLs. If your SQLi dumper does not get any URLs, make sure you have it unblocked from your firewall and antivirus and restart the program. And If it still doesn’t load any URLs, load the ones i gave you in the .zip file by clicking the Import button and pressing Start Scanner. If it still doesn’t work, then GG.
See you in a while, after you get some URLs. After you see it has about 10-20k Valid Added, press the Cancel button. It doesn’t stop at 100%, that’s why we have to do it manually, based on the Valid URLs added.
If the valid added stays the same number after 15 mins, click cancel. If you Loaded 20k dorks and you got 1k URL’s after 3012831280441279410274 days, you have bad dorks.
http://prntscr.com/hau6q7
Step 3:
Now go to the Exploitables tab and press Start Exploiter. Use as many threads as you want, i use about 30.
http://prntscr.com/hau71l
Step 4:
After it has completed exploiting, (you can see if a process has been completed by looking at the bottom of the SQLi Dumper, it says the Exploited thread is done, exploitable detected: X. If you don’t see such a message, then you need to wait until it’s done. ) It should look like this. (keep in mind that antivirus messages may pop up, saying that a webpage was blocked. That’s ok, nothing to worry about.) hacking guide
http://prntscr.com/hau7g1
Step 5:
Go to the Injectables tab and press Start Analyzer. I use about 30 threads again. Wait for the process to complete. Note that your SQLi Dumper may crash during any of these processes. If it does so, just recover the files in Sandboxie and reopen the program and continue from where you were left.
http://prntscr.com/hau7p4
Step 6:
After the Analyzing process is complete, your Dumper should look something like this.
http://prntscr.com/hau82n
Step 7:
Click the Method tab, until we have all the Unions sorted from the Errors.
http://prntscr.com/hau8fm
Step 8:
Click The [+] box in the bottom left corner of the dumper.
http://prntscr.com/hau8qh
Step 9:
Check 2 boxes out of 4. Write in what you want your combolists to be about. I used username and password because i want my combolists to be of usernames and passwords. You can also have 1 box checked. You can also write in anything you want, such as email and password, name and last name, credit card name and credit card number, etc. Also, make sure Current DB is checked and Columns as default.
http://prntscr.com/hau90t
Step 10:
Select all the Unions with the SHIFT button and click Start. A new window will pop up. Wait for the process to finish. Don’t close this window. EVER.
http://prntscr.com/hau99t
Step 11:
Scroll down until you find a database with a good number of Username or Password rows. If both Username and Password have the same number, it’s perfect. If you only see the Username or Password, it’s okay too, but the database may not have good combos. It’s all about luck here. Select a database with more than 5k rows.
http://prntscr.com/hau9p7
Step 12:
After you found what database you want to crack, select the URL’s name and click Go to Dumper > Dumper Form.
http://prntscr.com/hau9yg
Step 13:
This is the time when you need to guess. Click on a column you think the combolists will be at and press Get Columns.
http://prntscr.com/haua70
Step 14:
I found mine, so now i click on what i want to dump. In this case, I only want to dump usernames and passwords. Check on anything you want to dump and press Dump Data. If you had a large number of rows, this is gonna take a while to complete. Also, if the Dumper crashes here, i feel sorry for you son, you cant do something about that, you need to restart dumping the data from the beginning.
http://prntscr.com/hauafm
Step 15:
As you can see, i got very shit combos. If you get bad combos too, press X which is under the Schema tab, and search for a new URL.
http://prntscr.com/hauay2
Step 16:
After you dump your data, press Export data. A new window will pop up, just make sure it is as mine. Press start when you are done.
http://prntscr.com/haub5l
Step 17:
Click save and find the text document you just saved. Check the Sandboxie location if you cant find where you saved it. Open the text file and remove the first lines until you only have your combos in there.
If your passwords are not encrypted, you can skip chapter three and you can go straight to chapter four
. If your passwords have a weird format like mine, we need to find out which type of Hash it is and we need to dehash it.
http://prntscr.com/haubhk
Dumping data from a database is all about luck.
If your SQLi Dumper keeps crashing, you can dump databases with SQLMap, which never crashes (i cannot post how to do it because SQLMap keeps updating and the commands keep changing all the time. You can search on google or youtube how to install SQLMap and how to use it. I am currently using it on Kali Linux 2016 on VMWare Workstation 12).
You will either get good combos or you will get shit. Just never give up, and always keep trying. You can also save your Trashed URLs to generate new combos with JohnDoe’s generator.
http://prntscr.com/haubu0
CHAPTER THREE: Dehashing the passwords from a combolist After Hacking – hacking guide
Step 1:
Open ORHT ad and click Ok. If you have opened ORHT and you can’t find the window or you minimized it accidentally, you can find it in the tray menu.
http://prntscr.com/hauf3e
Step 2:
Click Main Menu > Start From File, and load the Combo you dumped. My hash encyption was MD5, so i have checked MD5 as Hash Type on the window.
http://prntscr.com/haufcc
Step 3:
Make sure your ORHT looks like mine. Click OK and after some time, a message will pop up saying how many hashes were decrypted. Click OK again.
http://prntscr.com/haufmy
Step 4:
Go to Main Menu > Save to File and make sure your OHRT looks exactly like mine. Click Ok and wait for the process to finish. A message will pop up that will say success. Click OK and save your DEHASHED combolists.
http://prntscr.com/haufzk
http://prntscr.com/haugob
Basically, that’s it, if you dumped 100k combos, it’s most likely that 30% of it to be dehashed, but thats on luck again.
CHAPTER FOUR: Checking the combos.
Before we start checking the combos with the sentry, we need some proxies.
Step 1:
Make a new text document and name it proxies. Then open Gather Proxy and go to the Advance tab and change the settings same to mine.
http://prntscr.com/havn2b
Step 2:
Go to the Gather Proxy tab and press Start and wait for the program to finish. After its done, press SHIFT to select all combos and copy and paste them in your proxies text document.
http://prntscr.com/havn9v hacking guide
Step 3:
Open Sentry MBA and go to Settings > General > Load Settings from Snap Shot and load the config of the site you want to check your combos. In my case, I will be using the NA League of Legends server because my database was from a site in the US
. In the .zip file, I have all the League of Legends configs. If you don’t want to check your combos for a league or if your combolist is email and password (email: pass) form, you can find all the configs you need here from Nulled. I will not be posting them here.
http://prntscr.com/havnjy
http://prntscr.com/havnr2
Step 4:
Go to Lists > Proxylist > Clear List and then Load the proxies from the text document you made earlier.
http://prntscr.com/havo2g
http://prntscr.com/havobm
Step 5:
Go to Lists > Wordlist and press clear combo if the upper left box is not clear. Press Open a Combolist and choose the combolist we dehashed a while ago.
http://prntscr.com/havoon
http://prntscr.com/havozn
Step 6:
Go to Progression, set the bots to a high number (i go for about 90-110), click Start, and Click start one more time.
http://prntscr.com/havpb3
http://prntscr.com/havphu
Step 7:
Wait for the program to finish, when all combos were checked as we can see from the bottom of the window, we can click Stop. Press SHIFT and select all the contents from the Hits tab and right-click and save them to the clipboard. Make a new text document and paste them there. Congratulations, you have your ready combos that work for that specific website/game, etc… On my occasion, it was for League of Legends.
http://prntscr.com/havpu2
http://prntscr.com/havpyw
So here is the results:
http://prntscr.com/havq8f
The whole process is similar to the oil process. We take all the shit we can find and we filter it to a good result. If you read carefully this whole tutorial, you have now learned to:
1) Make your OWN dorks.
2) Dump your OWN data.
3) Make some good out of it.
ENJOY hacking guide
Henceforth, WE WISH TO ANNOUNCE THAT OUR SERVICES ARE NOT AVAILABLE TO PEOPLE FROM NIGERIA AND INDIA. THESE ARE USELESS TIME WASTERS AND THIEVES TRYING TO BEG OR SCAM US OF OUR PRODUCTS. OUR SERVICES ARE NOT FREE AND PAYMENT IS UPFRONT
A LOT OF FOOLS FROM NIGERIA AND INDIA. on the off chance that YOU DON’T TRUST TO USE OUR SERVICES, DON’T CONTACT US AS WE HAVE NO FREE SERVICE
CONTACT US FOR PURCHASE/INQUIRIES, WE RESPOND ALMOST INSTANTLY
HI BUYERS, WE ARE A PROFESSIONAL CARDING AND HACKING TEAM. HOVATOOLS HAS BEEN AROUND SINCE THE TIME OF EVO MARKET, ALPHABAY, WALLSTREET MARKET AND MORE. WE REMAIN STRONG AND RELIABLE IN THE INDUSTRY, ALWAYS PROVIDING YOU WITH THE BEST QUALITY TOOLS TO HELP YOU MAKE MONEY AND MAXIMIZE PROFIT IN THE FRAUD GAME.
TO GET STARTED, YOU CAN VISIT OUR ONLINE SHOP/STORE TO BUY EVERYTHING YOU NEED TO START CASHING OUT. AT THE SHOP YOU GET Accounts & Bank Drops CVV & CARDS DUMPS PERSONAL INFORMATION & SCAN.
BANK HACKING SOFTWARE – WIRE/ACH DARKWEB MONEY TRANSFER HACKERS
Buy Fresh Credit Cards for Carding, BIN LIST Buy Bank Login, RDP, Buy Hacked Paypal accounts. Contact us to buy all tools and carding software. CLICK HERE TO VISIT OUR SHOP
Buy Socks 5, Email Leads, Buy Latest CC to Bitcoin Cashout Guide, Buy Hacked Zelle transfer , Western Union Money Transfer Hack, Buy Hacked Money Transfer service to your bank account.
Enroll for Paid private Carding Class.