Blamph
Quip Generator
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1
300 XP
Welcome, before you leave a comment, I'm new with making my own dorks.
I just want to give out the information I got within 2 weeks of researching and testing!
If you're still interested, give a comment and like the post please, trynna get the contributor award
So in this thread, I will go over almost everything I've learned, where I began and where I am now.
So I was searching on how to make my own combolists, since I'm researching how I can get my own Databases which are targeted to Social Club (Rockstar Games).
I came across a thread talking about "Dorks", I didn't have any clue about what "Dorks" are neither.
What I learned about Dorks, is that they are basically codes which we abuse to get vulnerable URLs, there are different type of dorks, but I will tell more about the best type in my opinion.
In my first week of getting my own Databases, I always tried to get keywords with ScreamFrog, this is a HUGE MISTAKE i've learned.
Most of the keywords you get, will be available for other people aswell.
So I quickly learned, this is not the way :uganda:
Also, I tried free Parsers, which are basically shit, they don't give you as many Private URLs as you should get, I really suggest you guys to get Swiss Parser (which you can buy here: https://discord.gg/CRN3GvReVp )
It's proxyless, quick and just amazing, even though I don't have alot of sense about this like the pro's, I fell in love with this parser, also when you buy it tell me you got redirected by me, discord tag: Mr. Ghost#0918
So what I suggest you guys, is to learn Google Commands, I will name the most important ones now.
Google Command Example:
Related:
Inurl:
Allinurl:
Intitle:
Intext:
Site:
Allintext:
Source:
These are important commands to know, lets say you are looking to get dorks for something like a game, for example if I would like to get ARK.
You could use something like this
Related: "ARK" + "2" site:com intext:Release
What this command will do,
is get you content Related to Ark 2
With the site form of .com
Within all those sites, the text "Release" is found.
So it's all targeted onto the game, ark.
After you get alot of those, you have to parse them, I only have parsed those straight away without Parameters, I'm not sure if we need them with those commands.
After you parse them for example in SwissParser, you have to check for vulnerable URLs, I really suggest you to get SiteHunter, this is the one I use to look for vulnerable URLs, we use this program to get urls where we basically can hack into the databases.
But getting only vulnerable URLs instead of all URLs, saves us alot of time.
After you got those URLs, you can extract them in a dumper, I personally use SQLi 8.5, which is the best version aswell, you can find a cracked version on C.io.
Go into the SQLi folder, go to the TXT folder within the SQLi folder and make a txt file named "URL List", paste all your vulnerable URLs into this txt file, save it and close it.
Go back to the SQLi folder and open SQLi 8.5 DO THIS WITH SANDBOX!!!
After you've opened it with SandBox, go to the exploitable section, I personally put the threats on 10 and click "start exploiter"
After you got the exploitable URLs, go to the injectable section, put the threats on 10 and start the analizer.
After that process finished, click the box with "+ Search Columns\Tables Names (MySQL and MS SQL)
Tap the first three boxes, get "email" in the first box, "pwd" in the second one and "password" in the third box.
After this, select all URLs, Ctrl + A doesn't work, so hold your left mouse button on the bottem of it and scroll to the top till everything is blue.
at the place with the "email", "pwd" and "password", on the far right there will be standing "Start" click that.
Wait for the column to finish fill up.
Afterwards, search for colums with a same amount of Emails and Passwords, like this one.
https://imgur.com/a/ouM5Z6h
(example picture)
After you've found one in your databases, click the link where the emails and passwords belong, then click "Go to Dumper" -> "New Dumper Instance"
The one with the 240k, says this "optr_interpass.clients_users", but in the dumper instance it will only say "clients_users", go to the right top, click the "Threads" box and put it on 50, click "Clients_users" (in my situation) and click "Get Colums".
I suggest you to make the window "Full Screen"
You will find alot of boxes with names, just find the ones you need, for example Email/Username and password, tap the boxes you need and click "Dump Data"
List with Email/Usernames and passwords will pop up on the bottom, you can make those boxes bigger so you can see the full mails/usernames and passwords.
After it's finished, at the far left side of Username/email and password, there will be a white box, click this one and do CTRL+C to copy.
Go to your desktop, make a txt file and paste them, you will see alot of spaces, but we will remove those.
Mark a full space spot between email/username and password, Click CTRL+H, keep the "Find what" the same as the spaces it gives and for "Replace with" you should put ":" without the " ofcourse Cl
After that, click "Replace All"
And this was my full journey till now, I will continue and you know alot more about Dorks now, I hope, put alot of effort and time in this.
LEAVE A COMMENT AND LIKE, DON'T LEECH, I WILL PERSONALLY REPORT LEECHERS, ALOT OF EFFORT IN THIS!!!
LETS GET ME THE CONTRIBUTOR AWARD TOO!
I just want to give out the information I got within 2 weeks of researching and testing!
If you're still interested, give a comment and like the post please, trynna get the contributor award
So in this thread, I will go over almost everything I've learned, where I began and where I am now.
So I was searching on how to make my own combolists, since I'm researching how I can get my own Databases which are targeted to Social Club (Rockstar Games).
I came across a thread talking about "Dorks", I didn't have any clue about what "Dorks" are neither.
What I learned about Dorks, is that they are basically codes which we abuse to get vulnerable URLs, there are different type of dorks, but I will tell more about the best type in my opinion.
In my first week of getting my own Databases, I always tried to get keywords with ScreamFrog, this is a HUGE MISTAKE i've learned.
Most of the keywords you get, will be available for other people aswell.
So I quickly learned, this is not the way :uganda:
Also, I tried free Parsers, which are basically shit, they don't give you as many Private URLs as you should get, I really suggest you guys to get Swiss Parser (which you can buy here: https://discord.gg/CRN3GvReVp )
It's proxyless, quick and just amazing, even though I don't have alot of sense about this like the pro's, I fell in love with this parser, also when you buy it tell me you got redirected by me, discord tag: Mr. Ghost#0918
So what I suggest you guys, is to learn Google Commands, I will name the most important ones now.
Google Command Example:
Related:
Inurl:
Allinurl:
Intitle:
Intext:
Site:
Allintext:
Source:
These are important commands to know, lets say you are looking to get dorks for something like a game, for example if I would like to get ARK.
You could use something like this
Related: "ARK" + "2" site:com intext:Release
What this command will do,
is get you content Related to Ark 2
With the site form of .com
Within all those sites, the text "Release" is found.
So it's all targeted onto the game, ark.
After you get alot of those, you have to parse them, I only have parsed those straight away without Parameters, I'm not sure if we need them with those commands.
After you parse them for example in SwissParser, you have to check for vulnerable URLs, I really suggest you to get SiteHunter, this is the one I use to look for vulnerable URLs, we use this program to get urls where we basically can hack into the databases.
But getting only vulnerable URLs instead of all URLs, saves us alot of time.
After you got those URLs, you can extract them in a dumper, I personally use SQLi 8.5, which is the best version aswell, you can find a cracked version on C.io.
Go into the SQLi folder, go to the TXT folder within the SQLi folder and make a txt file named "URL List", paste all your vulnerable URLs into this txt file, save it and close it.
Go back to the SQLi folder and open SQLi 8.5 DO THIS WITH SANDBOX!!!
After you've opened it with SandBox, go to the exploitable section, I personally put the threats on 10 and click "start exploiter"
After you got the exploitable URLs, go to the injectable section, put the threats on 10 and start the analizer.
After that process finished, click the box with "+ Search Columns\Tables Names (MySQL and MS SQL)
Tap the first three boxes, get "email" in the first box, "pwd" in the second one and "password" in the third box.
After this, select all URLs, Ctrl + A doesn't work, so hold your left mouse button on the bottem of it and scroll to the top till everything is blue.
at the place with the "email", "pwd" and "password", on the far right there will be standing "Start" click that.
Wait for the column to finish fill up.
Afterwards, search for colums with a same amount of Emails and Passwords, like this one.
https://imgur.com/a/ouM5Z6h
(example picture)
After you've found one in your databases, click the link where the emails and passwords belong, then click "Go to Dumper" -> "New Dumper Instance"
The one with the 240k, says this "optr_interpass.clients_users", but in the dumper instance it will only say "clients_users", go to the right top, click the "Threads" box and put it on 50, click "Clients_users" (in my situation) and click "Get Colums".
I suggest you to make the window "Full Screen"
You will find alot of boxes with names, just find the ones you need, for example Email/Username and password, tap the boxes you need and click "Dump Data"
List with Email/Usernames and passwords will pop up on the bottom, you can make those boxes bigger so you can see the full mails/usernames and passwords.
After it's finished, at the far left side of Username/email and password, there will be a white box, click this one and do CTRL+C to copy.
Go to your desktop, make a txt file and paste them, you will see alot of spaces, but we will remove those.
Mark a full space spot between email/username and password, Click CTRL+H, keep the "Find what" the same as the spaces it gives and for "Replace with" you should put ":" without the " ofcourse Cl
After that, click "Replace All"
And this was my full journey till now, I will continue and you know alot more about Dorks now, I hope, put alot of effort and time in this.
LEAVE A COMMENT AND LIKE, DON'T LEECH, I WILL PERSONALLY REPORT LEECHERS, ALOT OF EFFORT IN THIS!!!
LETS GET ME THE CONTRIBUTOR AWARD TOO!