Okay im going to try and explain how to get combos using SQLi dumper and crack the hashed passwords after with steps (:
( recommend using SQLi dumper on a RDP or VPS or using a VPN )
FORGOT TO MENTION SQLI DUMPER HAS A PRETTY DECENT PROXY CHECKER IN "TOOLS & SETTINGS" USE IT 
Step 1: Download SQLi Dumper CLICK HERE
Step 2: Find Dorks, use a dork generator, or buy some privately made ones or paid dork gen. link to free dork generator - ez dork gen - Click Here or Combo# Click Here
Step 3: Use the program Combo# To scrape some elite proxies If desired.
Step 4: Open up SQLi Dumper. Now load your dorks to SQLI dumper by copying and pasting right here like this.
Example:
Spoiler
Step 5: (Optional) Load your elite proxylist into SQLi by clicking the "Tools&Settings" Tab, Then "Proxy" Tab.Copy and paste your proxies or try using a VPN on your desktop to change your ip so you dont get temp ip banned when scanning dorks and stay safer also.( if using a windows VPS or RDP you dont need a proxylist or VPN unless you are temp ip banned, its usually faster without them though)
Step 6: On SQLi Dumpers Main page where the dorks are. Click "Start Scanner". Wait for dorks to finish scanning and collect all urls for you. note: it will go even further then 100% don't freak out. i think it stops at 150% you can always stop when you think its collected enough dorks. For enough urls to get a good Database try having at least 2000-5000.
Step 7: Once urls are finished being collected click "exploitables" tab then click "start exploiter" wait for it to scan through all urls and find the exploitable ones.
Step 8: Once you have all exploitables go to "Injectables" tab and click "Start Analizer" wait for it to finish finding the injectables out of all the exploitables.
Step 9: When done You should now see all your injectables and the countries, where they are from and more info. highlight all your injectable & at BOTTOM LEFT where it says "Search Columns\Tables Names (MySQL and MS SQL)" (enlarge it by clicking + symbol) make sure "email, password and user and admin or whatever u have typed" are all checked, then click the bottom right start (not the top right one) using 10 threads. It will scan all your injectables for ones that have user email and password files or whatever you have typed. then all you need to do is look at them and match up ones that say 100,000 user and 100,000 passwords or 100,000 emails, that means you just found a good 100k Database that contains both 100k email and user pass combos and you now want to go and Dump the data to text file (: ( it even says which files the passwords/usernames/emails are located )
Step 10: right click the injectable that had the the big Database on it and click "Go To Dumper"
Step 11: once in dumper click get database, once database appears click on it and click get tables, once tables appear click on the "user" table (sometimes has different name like "members") and click "get columns" wait for them to appear then check on "user and password boxes or email" then click "Dump Data" button and watch them all start dumping. If no database appears retry once or twice then just move on ( sometimes they just wont dump )
Step 12: after the long wait and you are finished dumping the usernames or emails ( or both ) and passwords you can now extract them to you desktop as a txt file. click Export Data and name the file and place it where ever you choose.
Example should look like this when exporting:
Spoiler
( note: there is thread options in each section  )
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Cracking Hashed Passwords (MD5 Hashed)
Step 1: To crack passwords download, hashcat Click Here (choose hashcat binaries download) click on "v2.00" to download
EXAMPLE:
Spoiler
Step 2: Extract hashcat to a folder on your desktop using 7zip. Once extracted, go
into hashcat folder and create 2 new .txt files and 1 new folder file. Name one .txt file "hashes" and the other "cracked". Name the folder "wordlists".
Step 3: Go get some wordlists to put into your wordlist folder. type "hashcat wordlist" into google and grab all you can (: any word or password can be used in your wordlist. make it nice and big lots of gigs if possible the more the better.
Step 4: Once you have wordlists in your wordlist folder you created, you are ready to start and try cracking. go grab a combo you got from SQLi Dumper that was hashed and copy and paste it into the "hashes.txt" file you created.
Step 5: open cmd by going to your start button on your desktop and click it then type "cmd" then right click the one that says cmd & open as administrator ( I needed to for my pc, you might not need to for yours )
Step 6: when the cmd window is open. first thing is type CD then click space. and drag your main hashcat folder right onto the cmd window then press enter.
hashcat.exe -m 0 --username hashes.txt wordlist.folder
( Blue color is what gets dragged not typed )
Step 7: cmd is now inside hashcat, if you are using a 32 bit PC drag hashcat-cli32.exe into the cmd window now. if you are 64 bit drag hashcat-cli64.exe instead. press space and type -m 0 --username press space and drag your "hashes.txt" over, press space again and drag your wordlist folder over into cmd windows as well. press space then enter it will start Cracking the hashed combo you had in your hashes.txt with the wordlists you have in your wordlist folder.
hashcat.exe -m 0 --username --show hashes.txt --outfile-format=2 -o cracked.txt
( Blue color is what gets dragged not typed )
Step 8: once it has finished. just keep cmd window open and again drag your 32 or 64 bit exe over first. then press space and type -m 0 --username --show press space and drag your "hashes.txt" file over press space and then type --outfile-format=2 -o press space and drag your "dehashed.txt" file over then press space and press enter. your combo should now appear in your cracked.txt file with the usernames:passwords dehashed (:
Step 9: If they look like a mess in the cracked.txt file, like "user:passuser:passuser:pass" then just download Notepad++ Click Here
and open notepad++ and copy and paste the cracked.txt file combos into notepad++ and they will all look all in neat order now (: then just click save as and save it as something new and it will come out as user:pass Instead so you can now run it on a combo checker.
user:pass
user:pass
THERE ALL DONE
( recommend using SQLi dumper on a RDP or VPS or using a VPN )
FORGOT TO MENTION SQLI DUMPER HAS A PRETTY DECENT PROXY CHECKER IN "TOOLS & SETTINGS" USE IT 
Step 1: Download SQLi Dumper CLICK HERE
Step 2: Find Dorks, use a dork generator, or buy some privately made ones or paid dork gen. link to free dork generator - ez dork gen - Click Here or Combo# Click Here
Step 3: Use the program Combo# To scrape some elite proxies If desired.
Step 4: Open up SQLi Dumper. Now load your dorks to SQLI dumper by copying and pasting right here like this.
Example:
Spoiler
Step 5: (Optional) Load your elite proxylist into SQLi by clicking the "Tools&Settings" Tab, Then "Proxy" Tab.Copy and paste your proxies or try using a VPN on your desktop to change your ip so you dont get temp ip banned when scanning dorks and stay safer also.( if using a windows VPS or RDP you dont need a proxylist or VPN unless you are temp ip banned, its usually faster without them though)
Step 6: On SQLi Dumpers Main page where the dorks are. Click "Start Scanner". Wait for dorks to finish scanning and collect all urls for you. note: it will go even further then 100% don't freak out. i think it stops at 150% you can always stop when you think its collected enough dorks. For enough urls to get a good Database try having at least 2000-5000.
Step 7: Once urls are finished being collected click "exploitables" tab then click "start exploiter" wait for it to scan through all urls and find the exploitable ones.
Step 8: Once you have all exploitables go to "Injectables" tab and click "Start Analizer" wait for it to finish finding the injectables out of all the exploitables.
Step 9: When done You should now see all your injectables and the countries, where they are from and more info. highlight all your injectable & at BOTTOM LEFT where it says "Search Columns\Tables Names (MySQL and MS SQL)" (enlarge it by clicking + symbol) make sure "email, password and user and admin or whatever u have typed" are all checked, then click the bottom right start (not the top right one) using 10 threads. It will scan all your injectables for ones that have user email and password files or whatever you have typed. then all you need to do is look at them and match up ones that say 100,000 user and 100,000 passwords or 100,000 emails, that means you just found a good 100k Database that contains both 100k email and user pass combos and you now want to go and Dump the data to text file (: ( it even says which files the passwords/usernames/emails are located )
Step 10: right click the injectable that had the the big Database on it and click "Go To Dumper"
Step 11: once in dumper click get database, once database appears click on it and click get tables, once tables appear click on the "user" table (sometimes has different name like "members") and click "get columns" wait for them to appear then check on "user and password boxes or email" then click "Dump Data" button and watch them all start dumping. If no database appears retry once or twice then just move on ( sometimes they just wont dump )
Step 12: after the long wait and you are finished dumping the usernames or emails ( or both ) and passwords you can now extract them to you desktop as a txt file. click Export Data and name the file and place it where ever you choose.
Example should look like this when exporting:
Spoiler
( note: there is thread options in each section  )
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Cracking Hashed Passwords (MD5 Hashed)
Step 1: To crack passwords download, hashcat Click Here (choose hashcat binaries download) click on "v2.00" to download
EXAMPLE:
Spoiler
Step 2: Extract hashcat to a folder on your desktop using 7zip. Once extracted, go
into hashcat folder and create 2 new .txt files and 1 new folder file. Name one .txt file "hashes" and the other "cracked". Name the folder "wordlists".
Step 3: Go get some wordlists to put into your wordlist folder. type "hashcat wordlist" into google and grab all you can (: any word or password can be used in your wordlist. make it nice and big lots of gigs if possible the more the better.
Step 4: Once you have wordlists in your wordlist folder you created, you are ready to start and try cracking. go grab a combo you got from SQLi Dumper that was hashed and copy and paste it into the "hashes.txt" file you created.
Step 5: open cmd by going to your start button on your desktop and click it then type "cmd" then right click the one that says cmd & open as administrator ( I needed to for my pc, you might not need to for yours )
Step 6: when the cmd window is open. first thing is type CD then click space. and drag your main hashcat folder right onto the cmd window then press enter.
hashcat.exe -m 0 --username hashes.txt wordlist.folder
( Blue color is what gets dragged not typed )
Step 7: cmd is now inside hashcat, if you are using a 32 bit PC drag hashcat-cli32.exe into the cmd window now. if you are 64 bit drag hashcat-cli64.exe instead. press space and type -m 0 --username press space and drag your "hashes.txt" over, press space again and drag your wordlist folder over into cmd windows as well. press space then enter it will start Cracking the hashed combo you had in your hashes.txt with the wordlists you have in your wordlist folder.
hashcat.exe -m 0 --username --show hashes.txt --outfile-format=2 -o cracked.txt
( Blue color is what gets dragged not typed )
Step 8: once it has finished. just keep cmd window open and again drag your 32 or 64 bit exe over first. then press space and type -m 0 --username --show press space and drag your "hashes.txt" file over press space and then type --outfile-format=2 -o press space and drag your "dehashed.txt" file over then press space and press enter. your combo should now appear in your cracked.txt file with the usernames:passwords dehashed (:
Step 9: If they look like a mess in the cracked.txt file, like "user:passuser:passuser:pass" then just download Notepad++ Click Here
and open notepad++ and copy and paste the cracked.txt file combos into notepad++ and they will all look all in neat order now (: then just click save as and save it as something new and it will come out as user:pass Instead so you can now run it on a combo checker.
user:pass
user:pass
THERE ALL DONE
No comments:
Post a Comment