|
|
 | written by Murder Mouse
Section 1: Introduction
-----------------------
After my last tutorial, I decided to write something a little less
technical. This tutorial covers methods that can be used to break into p0rn
sites.This tutorial will cover basically two methods that can be utilized for
breaking into p0rn sites.. Section 2 will cover cracking into p0rn sites by
breaking into an existing member account, while Section 3 will cover traversing
through the internal database via a redundant directory scheme. Hope you all
enjoy...
Section 2: Cracking Member Accounts
-----------------------------------
Well what you need here is of course a password cracker. AccessDiver
is probably your best choice. It's fast, reliable, and doesn't give you
false positives like a lot of other crackers. So what you will want to first
do is download AccessDiver. Just do a google search for "accessdiver
download" and you should quickly find a download page to get
AccessDiver. Now once you have downloaded AccessDiver, the layout
should be pretty simple to understand, however I'll go through it
anyways for those of you who may be having trouble. First off you
should see a green bar at the top that says "Server:" beside it. This
is where you type in your target. To do this, go to the site that you are
targeting, then find the link where you would login if you were a
member. If it is just a link (no picture), then just right click the link
and look in properties. The url that is given to you in the properties
window will be the page that you are targeting. If it is a picture link
however, then you will actually click the link and try and copy the url
from your address bar. Then once you have the address for the login
page, copy this url into the green bar. Now that we have our target
selected, we will want to set up a proxy. To do this click on the proxy
tab, check on the "Use WEB proxies" box. Then type in the "Proxy"
bar the ip address of the proxy you are going to use (the xx.xx.xx.xx
address), then in the smaller "Port" bar type in the port number that
the proxy is using. If you do not know, you can get proxies from
several sources. multiproxy.org and proxyblind.org and two examples
of sites that you can get a list of proxies from (I usually use proxyblind
since they usually have a larger selection). Then you will want to check
the proxy that you are going to use. Though they are checked before
they are posted on the site, frequent use of these proxies from visitors
make most of these proxies get shut down almost as soon as they
are posted up. You can use aatools (again, do another google search)
to scan the proxy list you get from these sites for proxies that are
still active. Then just choose a good proxy, and punch it into the fields
described above. All right, now that we have all that taken care of, we
will want to set up a list. A dictionary file is already available with
AccessDiver, but you might want to use some others just in case
you hit nothing with the combo list given. If you can take the time to
download WebHammer, then you can use the "dict.txt" file given with
the tool as a backup list, just in case the combo list given with
AccessDiver doesn't hit anything (however, don't use WebHammer for
actually cracking the site, it's still in it's early stages of development
so it's got quite a few bugs). Now that we have all that taken care of,
we can simply click the "Standard" button on the top left hand corner
with the little lightning bolt below it, and let her rip. Don't expect to
hit some results with your first try. These things take time. Just try
out different wordlists, and try them against different sites. Eventually
you will get the hang of it, and have plenty of xxx passwords to go
around. A helpful thing to know is common password schemes to look
for. Basically there are two common password schemes I've noticed
in p0rn sites that you can use to your advantage. One is the all too
common username same as the password scheme, like john:john.
There are also variations of this scheme like john1:john. Then there
are the passwords that in some way coorelate with the username. For
example, cookie:monster, or tarzan:jane. So keep this in mind when
you are taking a crack at a site. Whatever you do, just don't give up
hope. Trust me, the harder you try, the better you will get.
Section 3: Figuring out the Directory Scheme
----------------------------------------------
This section will be short and sweet, considering the method for which
is rather obvious. There is a way you can view material from within
the site itself, without breaking into an existing member account. This
is possible because a lot of sites have a fairly standard directory
scheme for storing their material. So let's discuss how such a
standardized directory scheme can be exploited to our advantage. There
are sites on the internet like www.thehun.net that offer free previews
to different p0rn sites. Different sites contribute preview pages to
the site, to give potential members a preview of the material within.
However, these preview pages are set up within the internal database
of the site. This allows us to get a preview of much more than the
administrator wants us to, like a look into the directory scheme
utilized within the p0rn site. Now, most administrators will be smart
enough to randomize their directory scheme, so that the only way to
really traverse through the directories, is to go through the member
section. However, many other sites however use a incremential
directory scheme, which allow for one to very easily traverse through
the internal database. For example, say the address is something like
p0rn.site.address/some_other_directory_paths/34/ when you click the
preview page. Well, we can very simply increment or decrement the
numbered directory, to transverse through the internal database (i.e.
/33/, /32/, etc.). We can try this with any numerical directory scheme
that is in place to potentially tranverse through the internal
database. You just have to use your brain.
Section 4: Conclusion
----------------------
Well that covers it for this tutorial. Once again, I hope you enjoyed
reading this as much as I enjoyed writing this. By now you should know
enough to start breaking into different p0rn sites of choice, and
maybe get into the whole xxx-cracker scene and start submitting
passwords up on xxx-cracker forums. But that's all up to you. Anyways,
until next time.... | |
|  |
|
|
|
Forgotten your password? Request a new one here.
| |
|
|
|
v6.01.15 © 2003-2005 | Original style by yassineb :: Ported for PHP-Fusion by: 
