July 10, 2020

Step by step AccessDiver tutorial. this are only made for Athena and Energy. This tutorial is for complete beginners. I want to . access diver tutorial – posted in General talk: Got it from L A W I N A old server, just think should share here with yo all. Even though i didn’t. Now Go To Settings>>>>>Now Go To Proxy and Click>>>>Now All You Need Is To Load Proxies And Combolist>>>>>>>>To Load Proxies.

Author: Tuzilkree Bajin
Country: Romania
Language: English (Spanish)
Genre: Science
Published (Last): 13 November 2009
Pages: 29
PDF File Size: 12.98 Mb
ePub File Size: 7.17 Mb
ISBN: 883-3-62951-879-2
Downloads: 15757
Price: Free* [*Free Regsitration Required]
Uploader: Yojora

Ok, the accesseiver has come to share this wonderful technique with the rest of you. First up, this is pretty basic stuff; it’s not “hacking”, it’s not advanced, and it won’t work for anything like every website. But, it is pretty good considering it’s free and pretty easy to do. The method I use is called a brute-force security attack. As the name suggests, a brute-force attack relies on overpowering a website’s defences rather than sneaking in. The program we will be using is called Access Diver.

This program uses a list of proxy servers to attempt to log-in to private areas with a long list of user names and passwords. With a fast, functioning server and a good list of proxies, accwssdiver should tutlrial able to attempt more than combinations of log-ins and passwords per hour. Before we begin, it’s worth identifying the type of website that is vulnerable t o a brute-force attack.

Access diving won’t work to ttuorial you into a private area with only a few members; because we are trying to randomly guess a correct log-in, the more logins there are, the better out chances. If someone else can, please respond in this thread, but this tutorial will only cover non-HTML attacks.

However, we will be using each proxy thousands of times. A good, diligent Administrator should ensure that any IP trying to log-in more than a few times a day is blocked. However, standard security systems employed by most websites do not do this luckily for us. However, be aware that with some websites, even if they fulfil the previous two criteria, will not be vulnerable. We must accept this and move on. Don’t worry; the non-bundled release is clean.

Download and install version 4. The first accessdjver you run Access Diver, make tutoorial to set it to “Expert” mode by pressing F4. Setting up Access Diver: Here we come to the nitty gritty; Access Tktorial is a great program, but it’s success will depend entirely on two aaccessdiver your proxy list, and your word list.

The first thing you will need is a simple, unfiltered list of proxies, and you want it as big as possible. Simply typing Proxy List into Google will give you hundreds of free lists.

See Appendix I for proxy resources.

Copy a list of proxies into a text file, and remember, you need as many as possible; about 10 is a good place to start. Once you have your list, you need to import it into Access Diver; Click on one entry and press “a” to select all. Right click and choose “remove duplicates”. If you have a list of a proper size, tutkrial might take a few moments.

Acessdiver, once again select all the proxies.

Access diver will now check through all the proxies and work out which ones are operational. Once again, this will take quite some time with a properly long list. Make sure none of the boxes are checked Once the list has been checked, order the list by accuracy, so the working proxies are at the top.


Now, if you want, you can re-check all the proxies that are timed out or not found, just to make sure they don’t work. This step is optional, but often gets you a couple of hundred of extra proxies. Once you’ve finished checking the list, select all, right click and press “Delete bad results and timeouts”. What you should have now is a list of several thousand working proxies. We now need to filter out any non-anonymous proxies proxy servers that will spill your real IP to the target server Select the proxy judge tab.

Right click as shown below and select “Verify all scripts”. Once finished, right click and select “Sort list be speed”, and then select two or three working, fast scripts to use. Once again select all your proxies, and then click on the “Confidentiality tester”. Now leave Access Diver to check your proxies for anonymity.

Once finished, arrange your list by clicking on the “Anonymous” tab. Once again, you have the optional step of re-checking all the apparently non-anonymous proxies with different scripts. If you want to do this, go back to the Proxy judge tab and accessdiver one or two different scripts.

access diver tutorial

Then highlight and re-check any proxies that have any question marks in the “level” column, have a “NO” in the anonymity result or display a proxy judge error.

Now, select all your proxies, right click and select “Delete everything non-operational and not axcessdiver. Then, go through your list and manually delete and proxy that has a question mark anywhere in the “Anonymous” column e.

Delete all non-anonymous proxies Ok, so now you should have a list of a few hundred working, anonymous and safe proxies. Save your accesssdiver, then select all your proxies, right click and select “Update my LIST with selected proxies”.

You can also use individual lists, one for user names and one for passwords. A good word list contains commonly used words. Unlike the rest of life, size isn’t everything here; a list of username: A better bet is to have a reasonably short wordlist, but one full of tried and tested username: I’ve included some of my own in Appendix II.

For this walkthrough, we’ll be using http: When we try to log-in to the member’s section, we see; Let’s try to log in by clicking on the first link Ok, so we now know that that first link is a gateway to the member’s area, and we also know that this website uses non-form based security protocols. So, we copy the link to the members area to clipboard. Now, we need to see what else we can find out about this website.

So, we go to “Join by Credit Card” Note that user names and passwords must be over 6 characters Here we have some very useful information; we now know that all user names and passwords are over 6 characters, don’t contain special characters and are chosen by customers, so probably won’t be randomly generated character strings.

Ok, so now we fire up Access Diver and tutkrial the link into the target bar.


Tutorial To Crack XXX Sites Using Access Diver ~ hackerunderground

Now, we go to “Settings” and firstly make sure that the following boxes are checked; then, we go to “Search”, we activate “Word size control” and we set Access Diver to ignore any user names or passwords that are less than 6 characters long. OK; we have our proxy and word lists loaded, our settings are correct, we’ve identified the target and analyzed it; now let’s Access Dive The Attack; Press the “Standard” attack button next to the server bar.

We now arrive at the Progression screen; you’ll be seeing allot of this. How high you push this should be determined by how fast the server is, how fast your connection is, and how many working proxy servers you have. The higher the number of bots, the faster the attack, but you don’t want to overload the server or the attack is useless. I recommend starting at about 15 and working slowly up.

Want you want to be seeing in this window is the response ” – Authorization required”. This means that the proxy servers are successfully attempting to log-in, and getting rejected because the password or username is wrong. If you don’t get responses, your attack is not being successful. Perhaps your proxies aren’t working, perhaps the site has advanced protection, perhaps you’ve got the wrong URL for the member’s area, but whatever it is, your attack isn’t going to work.

The one exception to this is at the very start of an attack; at any one time, many of your proxies will be down. This is ok; Access Diver should filter out the ones that aren’t working.

However, if the number of working proxies doesn’t stabilise, something is wrong. The rest is more or less self-explanatory. Any found log-ins will be displayed in the yellow box at the bottom. The green box shows how many of your proxies are working; as you can see, you can still achieve good access rates with only ten or twenty working proxies out of your list.

Weak log-ins are saved in your “History”. Well, there are plenty of other more advanced functions tuyorial Access Diver, but hopefully this tutorial has given you enough information to get started. Let’s just sum up what we’ve been through; 1 Load, check and analyze a list of proxy servers 2 Load a username: Access Diver should only ever be used for security tests on your own servers. It should never be used to attempt to gain access to a server owned or paid for by another individual.

Using it in this way may be accessdver in your country of residence, and may tutoroal in criminal prosecution. All information in this thread is for educational purposes only, and should on no account be considered endorsed by the author, or by any server which links to this page.

All images are fake and used for illustrative purposes only.

Posted in Food