reddot
Fan Subber
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1
400 XP
So people kept asking me for help in shoutbox, I've only been doing this for a couple of weeks but heres my method on quickly getting combos from sqli injection. This tutorial will show you to efficiently sqli dump by checking 1000s of injectable sites at a time and focusing on ones that will actually have passes. If you are reading this, you already know the basics but want to get combolists faster. If you dont understand something here, post and I will explain and edit the thread, please do not PM me.
First you need some Sqli Dorks, if you dont know how to find your own I suggest buying generator I dont own it but I bought dorks from Challenger and they were good quality, (still working through the lists).
Once you get your dorks, you want to run them through once, then twice. This may not happen on every set of dorks, but i find running a second time usually generates an extra 1-2k urls. If you have a HUGE list of dorks (1k+, try deleting the top 100 or so dorks and running again, you may get more hits once again. These may not work with all dorks Im just saying what works for me. If you are getting bad amounts of urls with good dorks, try changing proxies or not using if you are on vps.
Once you have ran these dorks for the second time, you want to begin writing keywords on top of these domains, not a lot but this can help you get dorks even more closesly related to the niche you are cracking. So for example you just ran some gaming dorks, well people who play LoL also play minecraft, cs:go, etc (think random games here) but if you just put these game names you wont find many sites, but if you use a popular plug-in or type of server mod etc, (google adwords keytool is great here) you will find vuln sites and if these vuln sites have usernames/passwords/emails these have a much higher chance of getting hits.
Next, before you even THINK about going to the exploiter tab, you should have ATLEAST 10K dont worry i will show you how to sort later in this tutorial. Let the exploiter, then the injector run. Now you should have a pretty good list of injectable sites, but how do you know which ones have passwords? What if they only have emails, or only usernames? Checking these sites one by one is obviously going to be time consuming.
So to quickly check which sites contain passwords, we go to the injectables tab. Near the bottom you should see "search current columns/table names" tick passwords, untick current DB. Now go to the top of the list of injectable urls click the first url scroll to the last one hold shift and click that last url. Now click start on the search column/tables name. A list will pop of the injectable sites with passwords and how many entries there are under them.
Next, you know which urls to dump first, obviously the ones with the passwords. So start a dumper with one of these urls, the pathway to the passwords will be discovered so dump the columns, then the data. Depending on what you are trying to crack you are looking for email/passwords or users/passwords. But you can dump all three of these if they are there and export them separately when you are done. Heres how to quickly get combos without cracking hashes ( i will post a thread on how i crack hashes later). I just go to the passwords table and dump, if i see hashes I move on to the next url with passwords. Do not waste time dumping hashes, you can do this when you have no more plain texts.
Now that you have find a couple of injectables with plain text passwords, you want to dump all of them with the usernames/emails (if there is both stored). Export them and save them, keep doing this and then put them all into one text file and put them into sentry. If you followed my tutorial you should get more hits because these accounts are linked to something in a similar niche as what you are cracking.
This is a more efficient way because you are checking through thousands of sites at a time instead of being excited of getting a couple of injectables and wasting your time dropping the db just to find there is no passwords.
Extra Tips:
If you are cracking something with usernames but the db is only email:passwords, STILL DUMP you can remove the @ using online text tools and if that persons username is just their email @ you can still get some hits.
Pay attention to what country your dumps are coming from, if there is a huge db and all the usernames are V1@ sales:password1 this was prob a non active site that got spammed.
Use common sense, this is the number on thing I noticed people around here do not do. "How come I dont get any hits with my combos" hmmm is a site about moms talking about parenting going to have a lot of overlap with steam accounts? Probably not, but would a "gaming moms" forum or something of the like have some overlap? Ding ding ding.
Some of the mistakes I have made is dumping huge dbs of users and passes that wont get his because they are from third world countries, spammed or have NOTHING to do with what im cracking. Im not saying not to get all the combos you can, but run those kinds of combos when you having nothing else to do.
First you need some Sqli Dorks, if you dont know how to find your own I suggest buying generator I dont own it but I bought dorks from Challenger and they were good quality, (still working through the lists).
Once you get your dorks, you want to run them through once, then twice. This may not happen on every set of dorks, but i find running a second time usually generates an extra 1-2k urls. If you have a HUGE list of dorks (1k+, try deleting the top 100 or so dorks and running again, you may get more hits once again. These may not work with all dorks Im just saying what works for me. If you are getting bad amounts of urls with good dorks, try changing proxies or not using if you are on vps.
Once you have ran these dorks for the second time, you want to begin writing keywords on top of these domains, not a lot but this can help you get dorks even more closesly related to the niche you are cracking. So for example you just ran some gaming dorks, well people who play LoL also play minecraft, cs:go, etc (think random games here) but if you just put these game names you wont find many sites, but if you use a popular plug-in or type of server mod etc, (google adwords keytool is great here) you will find vuln sites and if these vuln sites have usernames/passwords/emails these have a much higher chance of getting hits.
Next, before you even THINK about going to the exploiter tab, you should have ATLEAST 10K dont worry i will show you how to sort later in this tutorial. Let the exploiter, then the injector run. Now you should have a pretty good list of injectable sites, but how do you know which ones have passwords? What if they only have emails, or only usernames? Checking these sites one by one is obviously going to be time consuming.
So to quickly check which sites contain passwords, we go to the injectables tab. Near the bottom you should see "search current columns/table names" tick passwords, untick current DB. Now go to the top of the list of injectable urls click the first url scroll to the last one hold shift and click that last url. Now click start on the search column/tables name. A list will pop of the injectable sites with passwords and how many entries there are under them.
Next, you know which urls to dump first, obviously the ones with the passwords. So start a dumper with one of these urls, the pathway to the passwords will be discovered so dump the columns, then the data. Depending on what you are trying to crack you are looking for email/passwords or users/passwords. But you can dump all three of these if they are there and export them separately when you are done. Heres how to quickly get combos without cracking hashes ( i will post a thread on how i crack hashes later). I just go to the passwords table and dump, if i see hashes I move on to the next url with passwords. Do not waste time dumping hashes, you can do this when you have no more plain texts.
Now that you have find a couple of injectables with plain text passwords, you want to dump all of them with the usernames/emails (if there is both stored). Export them and save them, keep doing this and then put them all into one text file and put them into sentry. If you followed my tutorial you should get more hits because these accounts are linked to something in a similar niche as what you are cracking.
This is a more efficient way because you are checking through thousands of sites at a time instead of being excited of getting a couple of injectables and wasting your time dropping the db just to find there is no passwords.
Extra Tips:
If you are cracking something with usernames but the db is only email:passwords, STILL DUMP you can remove the @ using online text tools and if that persons username is just their email @ you can still get some hits.
Pay attention to what country your dumps are coming from, if there is a huge db and all the usernames are V1@ sales:password1 this was prob a non active site that got spammed.
Use common sense, this is the number on thing I noticed people around here do not do. "How come I dont get any hits with my combos" hmmm is a site about moms talking about parenting going to have a lot of overlap with steam accounts? Probably not, but would a "gaming moms" forum or something of the like have some overlap? Ding ding ding.
Some of the mistakes I have made is dumping huge dbs of users and passes that wont get his because they are from third world countries, spammed or have NOTHING to do with what im cracking. Im not saying not to get all the combos you can, but run those kinds of combos when you having nothing else to do.