kaisimmer17
Slice-of-Life Specialist
LEVEL 1
300 XP
Okay im going to try and explain how to get combos using SQLi dumper and crack the hashed passwords after with steps (:
( recommend using SQLi dumper on a RDP or VPS or using a VPN )
FORGOT TO MENTION SQLI DUMPER HAS A PRETTY DECENT PROXY CHECKER IN "TOOLS & SETTINGS" USE IT
!lqc24sfnnug-8zb3n0GE9wSHzbySRJ8CjzO2l2f53A8
Step 2: Find Dorks, use adork generator, or buy some privately made ones or paid dork gen. link tofree dork generator - ez dork gen -
Combo# Here
Step 3: Use the program Combo# To scrape some elite proxiesIf desired.
Step 4: Open up SQLi Dumper. Now load your dorks to SQLI dumper by copying and pasting right here like this.
Example:
Step 5: (Optional) Load yourelite proxylist into SQLi by clicking the "Tools&Settings" Tab, Then "Proxy"Tab.Copy and paste your proxies or try using a VPN on your desktop to change your ip so you dont get temp ip banned when scanning dorks and stay safer also.( if using a windows VPS or RDP you dont need a proxylist or VPN unless you are temp ip banned, its usually faster without them though)
Step 6: On SQLi Dumpers Main page where the dorks are. Click "Start Scanner". Wait for dorks to finish scanning and collect all urls for you. note: it will go even further then 100% don't freak out. i think it stops at 150% you can always stop when you think its collected enough dorks. For enough urls to get a good Database try having at least2000-5000.
Step 7: Once urls are finished being collected click "exploitables" tab then click "start exploiter" wait for it to scan through all urls and find the exploitable ones.
Step 8: Once you have all exploitables go to"Injectables" tab and click"Start Analizer" wait for it to finish finding the injectables out of all the exploitables.
Step 9: When done You should now see all yourinjectables and the countries, where they are from and more info. highlight all your injectable & at BOTTOM LEFT where it says"Search Columns\Tables Names (MySQL and MS SQL)" (enlarge it by clicking + symbol) make sure "email, password and user and admin or whatever u have typed" are all checked, then click the bottom rightstart (not the top right one) using 10 threads. It will scan all yourinjectables for ones that haveuser email and password files or whatever you have typed. then all you need to do is look at them and match up ones that say 100,000 user and 100,000 passwords or 100,000 emails, that means you just found a good 100k Database that contains both 100k email and user pass combos and you now want to go and Dump the data to text file (: ( it even says which files the passwords/usernames/emails are located )
Step 10:right click the injectable that had the the big Database on it and click "Go To Dumper"
Step 11: once in dumper click get database,once database appears click on it and click get tables, oncetablesappear click on the "user" table (sometimes has different name like "members") and click "get columns" wait for them to appear thencheck on "user and password boxes or email"then click "Dump Data" button and watch them all start dumping. If no database appears retry once or twice then just move on ( sometimes they just wont dump )
Step 12: after the long wait and you are finished dumping the usernames or emails ( or both ) and passwords you can nowextract them to you desktop as a txt file. clickExport Data and name the file and place it where ever you choose.
Example should look like this when exporting:
( note: there is thread options in each section Cracking Hashed Passwords (MD5 Hashed)
Step 1: To crack passwords download, hashcathttps://hashcat.net/hashcat/ (choose hashcat binaries download) click on "v2.00" to download
EXAMPLE:
Step 2: Extract hashcat to a folder on your desktop using 7zip. Once extracted, go into hashcat folder and create 2 new .txt filesand 1 new folder file. Name one .txt file "hashes" and the other "cracked". Name the folder"wordlists".
Step 3: Go get some wordlists to put into your wordlist folder. type"hashcat wordlist" into google and grab all you can (: any word or password can be used in your wordlist. make it nice and big lots of gigs if possible the more the better.
Step 4: Once you have wordlists in your wordlist folder you created, you are ready to start and trycracking. go grab a combo you got from SQLi Dumper that was hashed and copy and paste it into the "hashes.txt" file you created.
Step 5: opencmd by going to yourstart button on your desktopandclick it then type "cmd"thenright click the one that says cmd & open as administrator ( I needed to for my pc, you might not need to for yours )
Step 6: when the cmd window is open. first thing is type CD then click space. anddrag your main hashcat folder right onto the cmd window then press enter.
hashcat.exe-m 0 --usernamehashes.txtwordlist.folder
( Blue color is what gets dragged not typed )
Step 7: cmd is now inside hashcat, if you are using a 32 bit PC drag hashcat-cli32.exe into the cmd window now. if you are64 bit drag hashcat-cli64.exe instead. press space and type-m 0 --username press space and drag your "hashes.txt" over, press space again and drag your wordlist folder over into cmd windows as well.press space then enter it will startCracking the hashed combo you had in your hashes.txt with the wordlists you have in yourwordlist folder.
hashcat.exe-m 0 --username --showhashes.txt--outfile-format=2 -ocracked.txt
( Blue color is what gets dragged not typed )
Step 8: once it has finished. justkeep cmd window open and again drag your 32 or 64 bit exe over first. then press space and type-m 0 --username --show press space and drag your "hashes.txt" file over press space and then type --outfile-format=2 -o press space anddrag your "dehashed.txt" file over then press space and press enter. your combo should now appear in your cracked.txt file with theusernames:passwords dehashed (:
Step 9: If theylook like a mess in the cracked.txt file, like "user:passuser:passuser:pass" then just download Notepad++ https://notepad-plus-plus.org/download/v6.9.1.html
and open notepad++ and copy and paste the cracked.txt file combos into notepad++ and they will all look all in neat order now (: then just click save as and save it as something new and it will come out as user:pass Instead so you can now run it on a combo checker.
user:pass
user:pass
THERE ALL DONE
LIKE PLEASE :feelsgood:
( recommend using SQLi dumper on a RDP or VPS or using a VPN )
FORGOT TO MENTION SQLI DUMPER HAS A PRETTY DECENT PROXY CHECKER IN "TOOLS & SETTINGS" USE IT
You must upgrade your account or reply in the thread to view the hidden content.
Step 2: Find Dorks, use adork generator, or buy some privately made ones or paid dork gen. link tofree dork generator - ez dork gen -
You must upgrade your account or reply in the thread to view the hidden content.
Step 3: Use the program Combo# To scrape some elite proxiesIf desired.
Step 4: Open up SQLi Dumper. Now load your dorks to SQLI dumper by copying and pasting right here like this.
Example:
Step 5: (Optional) Load yourelite proxylist into SQLi by clicking the "Tools&Settings" Tab, Then "Proxy"Tab.Copy and paste your proxies or try using a VPN on your desktop to change your ip so you dont get temp ip banned when scanning dorks and stay safer also.( if using a windows VPS or RDP you dont need a proxylist or VPN unless you are temp ip banned, its usually faster without them though)
Step 6: On SQLi Dumpers Main page where the dorks are. Click "Start Scanner". Wait for dorks to finish scanning and collect all urls for you. note: it will go even further then 100% don't freak out. i think it stops at 150% you can always stop when you think its collected enough dorks. For enough urls to get a good Database try having at least2000-5000.
Step 7: Once urls are finished being collected click "exploitables" tab then click "start exploiter" wait for it to scan through all urls and find the exploitable ones.
Step 8: Once you have all exploitables go to"Injectables" tab and click"Start Analizer" wait for it to finish finding the injectables out of all the exploitables.
Step 9: When done You should now see all yourinjectables and the countries, where they are from and more info. highlight all your injectable & at BOTTOM LEFT where it says"Search Columns\Tables Names (MySQL and MS SQL)" (enlarge it by clicking + symbol) make sure "email, password and user and admin or whatever u have typed" are all checked, then click the bottom rightstart (not the top right one) using 10 threads. It will scan all yourinjectables for ones that haveuser email and password files or whatever you have typed. then all you need to do is look at them and match up ones that say 100,000 user and 100,000 passwords or 100,000 emails, that means you just found a good 100k Database that contains both 100k email and user pass combos and you now want to go and Dump the data to text file (: ( it even says which files the passwords/usernames/emails are located )
Step 10:right click the injectable that had the the big Database on it and click "Go To Dumper"
Step 11: once in dumper click get database,once database appears click on it and click get tables, oncetablesappear click on the "user" table (sometimes has different name like "members") and click "get columns" wait for them to appear thencheck on "user and password boxes or email"then click "Dump Data" button and watch them all start dumping. If no database appears retry once or twice then just move on ( sometimes they just wont dump )
Step 12: after the long wait and you are finished dumping the usernames or emails ( or both ) and passwords you can nowextract them to you desktop as a txt file. clickExport Data and name the file and place it where ever you choose.
Example should look like this when exporting:
( note: there is thread options in each section Cracking Hashed Passwords (MD5 Hashed)
Step 1: To crack passwords download, hashcathttps://hashcat.net/hashcat/ (choose hashcat binaries download) click on "v2.00" to download
EXAMPLE:
Step 2: Extract hashcat to a folder on your desktop using 7zip. Once extracted, go into hashcat folder and create 2 new .txt filesand 1 new folder file. Name one .txt file "hashes" and the other "cracked". Name the folder"wordlists".
Step 3: Go get some wordlists to put into your wordlist folder. type"hashcat wordlist" into google and grab all you can (: any word or password can be used in your wordlist. make it nice and big lots of gigs if possible the more the better.
Step 4: Once you have wordlists in your wordlist folder you created, you are ready to start and trycracking. go grab a combo you got from SQLi Dumper that was hashed and copy and paste it into the "hashes.txt" file you created.
Step 5: opencmd by going to yourstart button on your desktopandclick it then type "cmd"thenright click the one that says cmd & open as administrator ( I needed to for my pc, you might not need to for yours )
Step 6: when the cmd window is open. first thing is type CD then click space. anddrag your main hashcat folder right onto the cmd window then press enter.
hashcat.exe-m 0 --usernamehashes.txtwordlist.folder
( Blue color is what gets dragged not typed )
Step 7: cmd is now inside hashcat, if you are using a 32 bit PC drag hashcat-cli32.exe into the cmd window now. if you are64 bit drag hashcat-cli64.exe instead. press space and type-m 0 --username press space and drag your "hashes.txt" over, press space again and drag your wordlist folder over into cmd windows as well.press space then enter it will startCracking the hashed combo you had in your hashes.txt with the wordlists you have in yourwordlist folder.
hashcat.exe-m 0 --username --showhashes.txt--outfile-format=2 -ocracked.txt
( Blue color is what gets dragged not typed )
Step 8: once it has finished. justkeep cmd window open and again drag your 32 or 64 bit exe over first. then press space and type-m 0 --username --show press space and drag your "hashes.txt" file over press space and then type --outfile-format=2 -o press space anddrag your "dehashed.txt" file over then press space and press enter. your combo should now appear in your cracked.txt file with theusernames:passwords dehashed (:
Step 9: If theylook like a mess in the cracked.txt file, like "user:passuser:passuser:pass" then just download Notepad++ https://notepad-plus-plus.org/download/v6.9.1.html
and open notepad++ and copy and paste the cracked.txt file combos into notepad++ and they will all look all in neat order now (: then just click save as and save it as something new and it will come out as user:pass Instead so you can now run it on a combo checker.
user:pass
user:pass
THERE ALL DONE
LIKE PLEASE :feelsgood: