Making Use Of AccessDiver

Making Use Of AccessDiver

By ghost | 16221 Reads |

0     0

Ever wondered how porn-site cracking rings do what they do? Ever wanted to break into a remote password protected folder or test the security of your own protected folders? Here I'll walk you through a typical dictionary attack with Accessdiver.

First, you will need to download the program, naturally: http://www.accessdiver.com/downloads.htm

Also download or create some wordlists: http://www.theargon.com/achilles/wordlists/ http://wordlist.sourceforge.net/

Now, you need to find a target. AccessDiver can handle both Basic Authentication and HTML Form methods, but for today we'll be focusing on Basic Authentication, since it's rare to find vulnerable HTML Form logins.

So what is Basic Authentication? When you go to view a password protected folder, a box will pop up with a username and password input. You've probably seen this already in one of the basic challenges (but don't even think about applying the methods taught here to this site, as they are STRICTLY prohibited in the rules!).

Alright, so lets get to the dirty work. Fire up your shiny new program. First thing you should do is go to the "My Skill" tab and set it to "Expert". Don't get scared now, its not as difficult as they make it out to be. Now, enter the URL of the folder you're trying to crack into the green field named "Server".

For Example: http://www.vulnerablesite.com/foldertocrack

Sometimes it may not be a folder, but a subdomain.

For Example: http://members.vulnerablesite.com

Next, load in your wordlists. Their default list is an interesting experiment, but won't always produce the stunning results a much better one will yield. If you know the username, you can fill a wordlist with just that username and try to match that against a wordlist of passwords. Otherwise, you can try matching two of the same wordlists together to take advantage of situations where the username and password may be the same (more common then you would think!). Be creative!

Now, DON'T GO TESTING ANYTHING YET!

Think now, as to how you might feel if you had tested that server with thousands of requests from your OWN IP ADDRESS, and showed up clear as day in the servers logs where your intentions would be obvious to even the dumbest of webmasters. Before you can say "hello officer" you're slapped with a fine or a possible jail sentence.

So as you've probably already guessed, we're going to get around this using PROXIES. AccessDiver has a very nice way to collect, test, and apply proxies from the web. The success of your operation relies heavily on the proxies you choose. Make sure "Use web proxies" is checked in the "Proxy" tab.

GETTING PROXIES: Click on the "Proxy" tab and then "Web Proxy Leecher". You can also use the "Proxy Hunter", but that's more difficult and I rarely use it. Type in the "URL" field any of your favorite proxy listing sites (www.proxy4free.com/page1, etc), add them in to the list and press "Start Leeching". If all worked as it should have, you should see a sizable list of proxies in the black field to the right. Otherwise, try another web page. Click on "Add these proxies in" and make sure to press the "Add to PROXY ANALYZER" tab, as testing your proxies is the next crucial step.

TESTING PROXIES: You should see your list of proxies labeled "leeched" in the "Accuracy" field. Make sure they're all selected, and press the "Speed/Accuracy Tester" button. When those are finished testing, right click the selected block and press "Remove timeouts and bad results". Now, and this is crucial, REPEAT THIS PROCESS AT LEAST THREE MORE TIMES. Some of the proxies may be unstable, and you need to pick the cream of the crop for your high demand needs. Once you have some good proxies, you should check them for anonymity with the "Confidentiality Tester". Make sure you have a checking site selected in the "Anonymity Checker" tab before you go about doing this. Good, now you have some fast, anonymous proxies. Select them and press "USE Proxy" and "Add into my proxy list".

I'm not going to write about the "Settings" tab here, you should be able to read up and figure out which settings work for your particular situation.

Alright, you're ready! Wasn't so bad was it? Click the "Test Basic-Authentication" button and watch your strings scroll! When a weak login is found you will hear a noise and the corresponding username and password will be listed under "Found Logins". On some sites, redirections will also be weak logins, and then again sometimes all tries will return redirections, it depends on who you're trying to crack. Sometimes you may receive FAKE replies, which usually means the basic authentication is set to lock-out IP addresses after a certain number of incorrect tries. Pay close attention to the response you're getting from the server and act accordingly. You will learn a lot from trial and error.

Most problems with cracking will come from the proxies you are using, the program will remove them after enough timeouts during cracking, but this means you're losing possible weak logins that didn't get through. Make sure again that your proxies are the best of the best and remove them when they start to act up during cracking.

Hope you enjoyed this, keep in mind that this is only a tool, not a complete substitution for knowledge. Read up on exactly what you're doing before you go pushing buttons and clogging up information pipes. And I will restate that you should NOT apply the methods shown in this article to anything on HBH. Ever.

Regards, LLOH