brevz
Crypto Compliance Officer
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 2
800 XP
People have been asking me to make a tutorial about dorks.
So I decided to make a rather informative guide on how to understand dorks, instead of "creating" them
If you came here to get some dorks to use on your generator or to copy paste some ready dorks...Then you came to the wrong thread
I will not be teaching how to use SQLI to dump in this thread maybe I will make a new one if it is requested
I will start with Q&A since people told me it is more understandable and less boring.
Q:Why did you make this Q&A red and green?
A:So that if you are colorblind you cant see shit nigga
(here Ihave linked sqli dumper 9.2 cracked along with its perquisites). But the most valuable of all is your precious time.
Can you recommend me good VPN for scanning Injectables ? Firstly I think HMA is the best because it had IP Shuffle after x minutes feature. But they keep my log, so not secure.
The best is expressVPN,
if you don't want to pay for it you can buy a cracked account or even better crack one, though to download it don't go through the website download it from an external download link
NordVPN also works for me, if you don't want to pay for its subscription you can also crack an account or buy one. (good and simple but not as fast download speed as expressVPN)
CyberghostVPN , if you don't want to pay to get it, you can download a cracked version of the program,
Don't use hma and VyprVPn, they keep logs you will go to
!7RIKkoYdyZZk17Iw6ThmQItZ4GIHFt8m0KN9bBRj74Y, (if you dont like this tool https://hostr.co/cEaR9CsrCkak are some alternatives )it is different from generator guys know the difference(although the program we will use is called generator despite it actually being a maker).
If you and I put the same keywords to a generator we will get same dorks, so we get same combo, so the combo we get is shared, therefore it is considered Public
With the maker on the other hand, we can use same keywords, and depending on the creativity and thinking of each of us we will get different dorks, and so different combo which will be considered Private
wait a second man, I asked you one question and now I got two. What are the keywords you are talking about and what is a combo?
A1:I will explain what keywords are few steps later
A2:Combo is the sort term for combolist, combolist is the sort term for combinations list, and this list is nothing more than a list with possible logins and password combinations.
I see people posting and selling combos that are different for gaming and different for shopping how do they know which combo is for each without checking the combolist?
you can create different types of dorks for gaming, using specific formats, so everything apart from that is considered "shopping"
I bought a combo, is there any way to see what dorks were used for its creation?
This question is dumb af for 2 reasons or more. Even if you could the dorks you would get would be public already , and you can not do it cause the dorks give URLs and from the injectable/exploitable ones you get the combolist, so it is literally impossible to reverse dorks
What is the "threads" option in sqli dumper and other programs, and what is it used for? I have checked a few tutorials for dorks but they never really explained a reasoning behind the numbers they used, and also, how would I know how many threads should?
A thread is merely an ordered sequence of instructions that tells the computer what to do
since the new processors are multithreaded we need to take the most out of them
for the SQLI dumper you should use as many threads as the dork types you have selected
For example if you choosed google and yandex you should have 2 threads. On the program i linked max threads allowed are 10, but you can select up to 12 dork types, so better stick to 10
Now on how many threads you should really use. If you are doing this on your PC and you want to use your pc at the same time, better run around 5 threads. but if you have an rdp, or you want to dedicate your pc to this go with the 10 thread option
With the basic questions being answered lets get to work
Well dorks are composed by 3 things.
1.Keyword ( what we were talking about earlier )
2.PageFormat ( I will refer to it as pafo )
3.PageType ( I will refer to it as paty )
A dork for Fortnite could look like this:
I will stop you right there. What is fortnite? what is this .php? and what is this item_id equal to?
A1: (some people gonna hate me for saying that) Fortnite is a 3rd person shooting game of the type battle royal that is played by virgins and gay people.
A2: ".php?" well this one is the page format. You do not need to know the php programming language or something if you are asking that, and don't worry my man, I will be providing all page formats below
A3: "item_id=" this is the paty I was talking about. NO you do not have to remember it I will also be providing all paty types
A4: You can make it equal to whatever you want it to, using Page Parameters. But the best solution is to leave it empty for now
What are Page Parameters?I don't want to leave the Page Parameters empty, i wanna try my luck, how do i fill it out?
Unfortunately we CANNOT SQLi attack on all websites. The websites need a SQLi vulnerability in order to do attacks like this
Website URL needs a parameter like php?id=4 / php?id=any number to inject
To Find these type of websites we use our dorks and this is what the whole tutorial is about
In our example we could add country site, or an id at the end of our dork as Page Parameterand it would look like this
Or like this if we used a number
By using page parameters you may reduce the amount of exploitable sites by a huge numbers.
Pros:you will have to check less sites and the procedure will be faster with fewer results
Cons:you could be left with no sites so no combo or, a very small one and you will have to go the procedure from the beginning.
Conclusion about Page Parameters: If you dont know exactly what sites and what vulnerabilities exist better not try it out and go with the safe solution of leaving them empty
PaTy
PaFo
if i tell you keywords you will prolly think of the keywords i tell you. It will stop your imagination from working
It is like me telling you. Think of an animal, but don't think about an elephant
The chances are really high that you will think of an elephant
with that being said i should give you some examples no how to think of keywords and work with workarounds on thinking them
ex. Fortnite is a game
it contains axes and fortnite weapons
as far as i know it also has some fortnite characters
and somefortnite dances as well
it is made with unreal engine
it is battle royale
it has season passes
u cal also use special skin names or special weapons to make keywords
find popular youtuber channels and get their used tags
Creativity is no1 in this section
Hmm since all these paty and pafo stay the same you are implying that HQ keywords make HQ dorks?
hell no, keywords are necessary in the creation of dorks but the most important thing that will make the dork HQ are these two, pafo and paty.
What's good type of keyword in dork ?
For clearly, I have example with keyword : good game
So we will have many types:
all of the keywords will work with dork types, so depending on the pafo and paty you will use, you will get different results for each one of them.
So if you want me to answer you which one is better I prolly cant since I have not tested them.
I can tell you that the first one will get more pages. But they will also be more secure so there wont be lots of injectables so things are kinda complicated. why don't you go ahead and give them a test
If we want to get specifically gaming dorks we should use these gaming patys
So in the proccess on creating them now
Go to the maker , it should look like this
and add the PaFo and PaTy of your choice
add keywords and click generate dorks
how many dorks should I make?
Well that's totally up to you, but on the dumper you should use around 10K of them or less each time
I am more of a chameleon guy, give me a dorklist and i will try to understand how its made
Well since you choose the hard way ,https://hostr.co/lIPz58TkKFJK
I have another question that is not listed above what can I do?
Simply reply to this thread and add this code in your reply along with your answer
I would prefer that you leave some feedback, for what is it missing or if you liked it, or for what you wanna see next instead of giving upvotes
So I decided to make a rather informative guide on how to understand dorks, instead of "creating" them
If you came here to get some dorks to use on your generator or to copy paste some ready dorks...Then you came to the wrong thread
I will not be teaching how to use SQLI to dump in this thread maybe I will make a new one if it is requested
I will start with Q&A since people told me it is more understandable and less boring.
Q:Why did you make this Q&A red and green?
A:So that if you are colorblind you cant see shit nigga
Can you recommend me good VPN for scanning Injectables ? Firstly I think HMA is the best because it had IP Shuffle after x minutes feature. But they keep my log, so not secure.
The best is expressVPN,
if you don't want to pay for it you can buy a cracked account or even better crack one, though to download it don't go through the website download it from an external download link
NordVPN also works for me, if you don't want to pay for its subscription you can also crack an account or buy one. (good and simple but not as fast download speed as expressVPN)
CyberghostVPN , if you don't want to pay to get it, you can download a cracked version of the program,
Don't use hma and VyprVPn, they keep logs you will go to
If you and I put the same keywords to a generator we will get same dorks, so we get same combo, so the combo we get is shared, therefore it is considered Public
With the maker on the other hand, we can use same keywords, and depending on the creativity and thinking of each of us we will get different dorks, and so different combo which will be considered Private
wait a second man, I asked you one question and now I got two. What are the keywords you are talking about and what is a combo?
A1:I will explain what keywords are few steps later
A2:Combo is the sort term for combolist, combolist is the sort term for combinations list, and this list is nothing more than a list with possible logins and password combinations.
I see people posting and selling combos that are different for gaming and different for shopping how do they know which combo is for each without checking the combolist?
you can create different types of dorks for gaming, using specific formats, so everything apart from that is considered "shopping"
I bought a combo, is there any way to see what dorks were used for its creation?
This question is dumb af for 2 reasons or more. Even if you could the dorks you would get would be public already , and you can not do it cause the dorks give URLs and from the injectable/exploitable ones you get the combolist, so it is literally impossible to reverse dorks
What is the "threads" option in sqli dumper and other programs, and what is it used for? I have checked a few tutorials for dorks but they never really explained a reasoning behind the numbers they used, and also, how would I know how many threads should?
A thread is merely an ordered sequence of instructions that tells the computer what to do
since the new processors are multithreaded we need to take the most out of them
for the SQLI dumper you should use as many threads as the dork types you have selected
For example if you choosed google and yandex you should have 2 threads. On the program i linked max threads allowed are 10, but you can select up to 12 dork types, so better stick to 10
Now on how many threads you should really use. If you are doing this on your PC and you want to use your pc at the same time, better run around 5 threads. but if you have an rdp, or you want to dedicate your pc to this go with the 10 thread option
With the basic questions being answered lets get to work
Well dorks are composed by 3 things.
1.Keyword ( what we were talking about earlier )
2.PageFormat ( I will refer to it as pafo )
3.PageType ( I will refer to it as paty )
A dork for Fortnite could look like this:
Code:
fortnite axe .php? item_id=A1: (some people gonna hate me for saying that) Fortnite is a 3rd person shooting game of the type battle royal that is played by virgins and gay people.
A2: ".php?" well this one is the page format. You do not need to know the php programming language or something if you are asking that, and don't worry my man, I will be providing all page formats below
A3: "item_id=" this is the paty I was talking about. NO you do not have to remember it I will also be providing all paty types
A4: You can make it equal to whatever you want it to, using Page Parameters. But the best solution is to leave it empty for now
What are Page Parameters?I don't want to leave the Page Parameters empty, i wanna try my luck, how do i fill it out?
Unfortunately we CANNOT SQLi attack on all websites. The websites need a SQLi vulnerability in order to do attacks like this
Website URL needs a parameter like php?id=4 / php?id=any number to inject
To Find these type of websites we use our dorks and this is what the whole tutorial is about
In our example we could add country site, or an id at the end of our dork as Page Parameterand it would look like this
Code:
fortnite axe .php? item_id= site:.ru
Code:
fortnite axe .php? item_id= "+92"Pros:you will have to check less sites and the procedure will be faster with fewer results
Cons:you could be left with no sites so no combo or, a very small one and you will have to go the procedure from the beginning.
Conclusion about Page Parameters: If you dont know exactly what sites and what vulnerabilities exist better not try it out and go with the safe solution of leaving them empty
PaTy
PaFo
if i tell you keywords you will prolly think of the keywords i tell you. It will stop your imagination from working
It is like me telling you. Think of an animal, but don't think about an elephant
The chances are really high that you will think of an elephant
with that being said i should give you some examples no how to think of keywords and work with workarounds on thinking them
ex. Fortnite is a game
it contains axes and fortnite weapons
as far as i know it also has some fortnite characters
and somefortnite dances as well
it is made with unreal engine
it is battle royale
it has season passes
u cal also use special skin names or special weapons to make keywords
find popular youtuber channels and get their used tags
Creativity is no1 in this section
Hmm since all these paty and pafo stay the same you are implying that HQ keywords make HQ dorks?
hell no, keywords are necessary in the creation of dorks but the most important thing that will make the dork HQ are these two, pafo and paty.
What's good type of keyword in dork ?
For clearly, I have example with keyword : good game
So we will have many types:
Code:
good game
good_game
good-game
good+game
/ good / game
good/game
or keyword come with "", so we will have
"good game"
"good_game"
"good-game"
"good+game"
"/ good / game"
"good/game"So if you want me to answer you which one is better I prolly cant since I have not tested them.
I can tell you that the first one will get more pages. But they will also be more secure so there wont be lots of injectables so things are kinda complicated. why don't you go ahead and give them a test
If we want to get specifically gaming dorks we should use these gaming patys
So in the proccess on creating them now
Go to the maker , it should look like this
and add the PaFo and PaTy of your choice
add keywords and click generate dorks
how many dorks should I make?
Well that's totally up to you, but on the dumper you should use around 10K of them or less each time
I am more of a chameleon guy, give me a dorklist and i will try to understand how its made
Well since you choose the hard way ,https://hostr.co/lIPz58TkKFJK
I have another question that is not listed above what can I do?
Simply reply to this thread and add this code in your reply along with your answer
Code:
[member='Effervescence']