INTRODUCTION TO SENTRY MBA – UPDATED GUIDE FOR BEGINNERS
Keep in mind, I have not viewed other tutorials on this as I would have to post to view them and frankly I wouldn’t want to post on a thread useless to me, so, I don’t know what this tutorial will be different but I’m hoping its use either ways.
` This is a beginners’ guide, hence I’ll only be explaining how to do this at a beginner’s level. With that being said : `
` I will not be using proxies `
` I will not be using variables `
` I will not be using HTTPFOX or FIDDLER `
` If you are interested in learning anything I will not be teaching, don’t waste your time reading this. `
What is Sentry MBA?
Sentry MBA is a hacking/cracking tool used for either malicious or cyber security purposes. Today, we will be using it for malicious purposes.
How to obtain it?
You can download Sentry MBA from here. Don’t trust? Don’t download from this source.
After downloading Sentry MBA, create a new folder in your desktop naming it Sentry. Extract all the files into that folder.
Upon opening Sentry MBA, you will see many many different things. Dont worry, you’ll understand soon enough
On the left-hand side, you will see this : http://prnt.sc/f5694a
If it does not show the general, http header, etc please click settings and then general.
The only thing you need to worry on this page as a beginner is the following circled in red : http://prntscr.com/f56arq
The site will obviously be the site we wish to hack into and snapshots are configs. Configs are basically a .ini file that is created to help Sentry MBA obtain unique characteristics of the site being targeted. By placing the site url, you are already almost 20% done with making a config.
Now, here’s where it gets serious.
Step 0) Close Sentry MBA and turn on your VPN if youre using it from your actual computer. If you’re using it from a vps, just move onto step 1.
NOTES:
The reason we need a vpn is that when Sentry is sending bots to login, your ip will be sent among those bots. So unless you dont give a fuck and want your ip to be shown, keep reading
Step 1) Open Sentry and Navigate to HTTP Header under “Settings”.
Step 2) Get the login url page of the site you wish to hack
NOTES:
When hacking into a site, you will always want to find a login page. So, lets pretend we went into google and typed in IMVU login. Google will give us the following link : www.imvu.com/login but, we need “http://www.imvu.com/login/”. Or else, you’ll get a “sintax error” from sentry. SO, click on it and then copy the link
Also, you will always want to do this method as it will give you the original login url versus a login page on the home page. In other words, you want to log in from the actual login page which would be “www.imvu.com/login” instead of a login page appearing on “www.imvu.com/home” or some shit.
Step 3) Copy that link, and paste it where I showed you originally, “the “site” section”. http://prnt.sc/f56jkk
Step 4) Check where it says MW and then the Wand. http://prnt.sc/f56hn9
Step 5) You’ll arrive @ this http://prnt.sc/f56k7a
Step 6) Click the Analyze Login Page button http://prnt.sc/f56kwe
Step 7) Woah, a bunch of shit appeared: http://prnt.sc/f56q9p
Step 8) Notice how it shows your ip along with other data, thats the reason we want a VPN. http://prnt.sc/f56qap
Step 9) Lets see, as you can see in the screenshot, next to the ip, there’s some data circled. I want you to click the analyze login page again and see whether or not that data changed.
Step 10) Yes it did change, if that happens, I want you to click the “refresh cookie” data. http://prntscr.com/f56ssq
Step 11) Now lets look @ the bottom half. I’m going to explain what each of these things is.
You will see that “Action URL, User, Pass, and Additional Data” all have data in them. The action url is the url where the data is sent. The user and password is how the site interprets a username or password as. In this scenario, IMVU sees the username as “avatarname” versus it being “username”. The additional data is all the extra data that is sent along with the username and password. You will see there is a “email” section which is labeled “-1”. That simply means that wont be used. And this does not mean you will use the email section in a “email password” combo. (I’ll explain combos later)
NOTES:
Listen, and listen carefully. The analyze login page only works on sites with shitty security. Don’t think you can hack McDonalds with this button. You will learn more about “what to do if analyze login button doesn’t work” than in ADVANCED tutorials
Step 12) You’re done for now but don’t exit out of the configuration
Step 13) Create an account on IMVU
For some reason, IMVU takes you to a different homepage when you register versus when you log in. When you log in it should take you to this URL : http://www.imvu.com/…g/web_index.php, if it doesn’t, just go on the page anyway.
Now, this page has everything we want, the username and credits.
Here’s where it gets more complicated, we’re going to start using “captures”.
“Captures are basically keywords or data that you want. In this scenario, we want to capture the number of credits a person has and/or their username for people who like nice usernames”
Step 14) Go back to Sentry, enable stage in “keywords capture stage”. and hit the wand again : http://prnt.sc/f56zkw
Step 15) Wtf, more shit popped up.
Step 17) Highlight the data you want, right-click, and inspect the element. ( We’ll be highlighting the credits)
Step 18) Look for the data that is being used to display the number of credits.
Step 19) As we can see in this picture, http://prnt.sc/f572oz The ” id=”credits_real_value ” is displaying the data we want.
Step 20) Go to view-source:http://www.imvu.com/…g/web_index.php
Step 21) Copy everything in there and paste it into “HTML SOURCE” : http://prnt.sc/f573u2
Step 22) Go back to that page and do “ctrl+f”. And find the data that was displaying the credits, which would be id=”credits_real_value.
Step 23: http://prnt.sc/f574st We found it.
Step 24:Now heres where it gets really simple. Go back to Sentry and at the top it will say “field name”. Simply put credits. (The field name could be whatever you want it to be, it could be “daddy101” or w.e)
Step 25: For the left string, you want it to be everything to the left of the data you want. For the right string, you want everything to the left of the data you want.
So, in this screen shot http://prnt.sc/f5774d, we see that the credits value is 0. The data we want is that number. So we want the code to the left of 0 and the code to the right. This way, when sentry logins in with bots, it’ll narrow the data down all the way to that number and only show you that number.
For example, the code to the left of 0 is ” <strong id=”credits_real_value”><span class=”notranslate”> “
and the thing right to is “</span>”. You would put
<strong id=”credits_real_value”><span class=”notranslate”> in the left string field
and
</span> in the right.
It should end up looking something like this in the end : http://prntscr.com/f57ee0
NOTES: you can literally put the entire code to the left it and to the right of it, but thats just going extra
Step 26: After you’ve done that, simply just click “update”.
Step 27: The reason we put all that data in the “HTML Source” is to test it. After you’ve clicked it, a bunch of data will appear. on the bottom of the button. When it appears, click “test updated parsing code”.
You should get this : http://prntscr.com/f57ewv
If it shows “credits: 0”, your capture successfully works! Simply click use data afterwards.
If you want to capture username also, simply repeat steps 17-27 for the username part.
Now, our configuration is 80% done. Click use data once again http://prntscr.com/f57g9r
Ok, now, we will not be using proxies in this tutorial. Go to Settings > Proxy settings and check “do not use proxies”
http://prnt.sc/f57gzm
Now, lets move on to fake settings. Simply uncheck “Enable AlterfingerPrint” and check “Follow Redirects”
http://prnt.sc/f57i0l
Now, here is the 2nd most easiest part. Defining keywords.
For this part, all you have to do is put in a failure and a success keyword. A failure keyword is a keyword found in the source when the login information is incorrect. A success keyword is a keyword found in the source when the login information is correct. So, lets try logging into imvu with some fake details.
We get this result : http://prntscr.com/f57jvg We can literally just take the word invalid and put it in the failure source key.
So, head over to Settings > keywords > check the box and right click the bottom red box. http://prnt.sc/f57kx2
Click add basic and type “invalid” and click ok.
Now for the success key, lets log back in and look for a success keyword.
The one I found was “sign out”. This is because you will only get that keyword IF you logged into an account.
http://prntscr.com/f57lxe
Right, so now check the success keyword and add “sign out”.
Should look like this in the end : http://prntscr.com/f57mkz
We are officially done with our configuration.
Head back to “general” and click “save settings to snapshots”. This will save your config
Head on over to Lists > Wordlist http://prntscr.com/f57vgl
A wordlist is a combo list. A combo list is basically data that consists of email passwords or usernames passwords.
You can obtain a combolist from anywhere in nulled.
After you have a combolist, upload it to sentry by clicking this button. http://prnt.sc/f57xf2
Ok, you’re has done. Now, let’s test it before we start it.
Head on over to “Tools > HTTP Debugger > Settings”
Put the site we’re hacking into the site field
Then for the username, put a random username and password. Also check “debug from snapshot” http://prntscr.com/f57zsw
After you’ve done that, click debug and the lightning bolt. And watch the magic happen. http://prntscr.com/f580nl
Boom, it found our failure keyword. http://prnt.sc/f581bd – This shows that it can detect accounts that don’t work
Now put in your actual username and password in the settings and try again.
Boom, it found our success keyword and the data we want (the number of credits this user has). http://prntscr.com/f5825b
Now, let’s start. Simply just click the “progression” button, move the bots to 9 and start. http://prnt.sc/f584nr
When you click start, more shit will pop up just click “start bruteforce engine” http://prntscr.com/f584q4
Within a few seconds, I already got 6 hits ( hits are successful accounts ) and 2 accounts that are ‘to-check’. http://prnt.sc/f586lz
(Please note you may or may not get hits that fast, you need a good combolist)
Lets see what happens when we try logging in with the accounts that need to be checked.
Woah, we found two more errors : http://prnt.sc/f588md
As you can see in the screenshot, the word disabled is in the error. So lets add “disabled” to our failure keywords. After we’ve done that, make sure to save settings again.
Now, lets start again.
Within about a minute, I got more successful hits and captures and 0 to checks! http://prntscr.com/f58cig
(They’re all poor but its a shopping combolist, not a gaming)
If you enjoyed this tutorial and found it helpful and would like to donate, it would be appreciated.
Blockchain : 1Gq2GC1Lp3bX4MWJH7ug2K7yXrjE13cDkn
Otherwise, a thank you and an upvote will suffice!
Anyways, there you have it. This is the end of the tutorial. I hope it helps somebody at least. If you have any questions please feel free to pm me.
Henceforth, WE WISH TO ANNOUNCE THAT OUR SERVICES ARE NOT AVAILABLE TO PEOPLE FROM NIGERIA AND INDIA. THESE ARE USELESS TIME WASTERS AND THIEVES TRYING TO BEG OR SCAM US OF OUR PRODUCTS. OUR SERVICES ARE NOT FREE AND PAYMENT IS UPFRONT
A LOT OF FOOLS FROM NIGERIA AND INDIA. on the off chance that YOU DON’T TRUST TO USE OUR SERVICES, DON’T CONTACT US AS WE HAVE NO FREE SERVICE
CONTACT US FOR PURCHASE/INQUIRIES, WE RESPOND ALMOST INSTANTLY
HI BUYERS, WE ARE A PROFESSIONAL CARDING AND HACKING TEAM. HOVATOOLS HAS BEEN AROUND SINCE THE TIME OF EVO MARKET, ALPHABAY, WALLSTREET MARKET AND MORE. WE REMAIN STRONG AND RELIABLE IN THE INDUSTRY, ALWAYS PROVIDING YOU WITH THE BEST QUALITY TOOLS TO HELP YOU MAKE MONEY AND MAXIMIZE PROFIT IN THE FRAUD GAME.
TO GET STARTED, YOU CAN VISIT OUR ONLINE SHOP/STORE TO BUY EVERYTHING YOU NEED TO START CASHING OUT. AT THE SHOP YOU GET Accounts & Bank Drops CVV & CARDS DUMPS PERSONAL INFORMATION & SCAN.
BANK HACKING SOFTWARE – WIRE/ACH DARKWEB MONEY TRANSFER HACKERS
Buy Fresh Credit Cards for Carding, BIN LIST Buy Bank Login, RDP, Buy Hacked Paypal accounts. Contact us to buy all tools and carding software. CLICK HERE TO VISIT OUR SHOP
Buy Socks 5, Email Leads, Buy Latest CC to Bitcoin Cashout Guide, Buy Hacked Zelle transfer , Western Union Money Transfer Hack, Buy Hacked Money Transfer service to your bank account.
Enroll for Paid private Carding Class.