~ Let's investigate password protected sites ~
by Fravia+, March 2000
Let's investigate password protected sites: at times seekers have to find a solution
in order to solve some funny 'access' or
'protection' schemes, that are mostly
intended to hide knowledge from knowledge seekers. Well, you will soon see how easy it is
to disable them...
- Get a proxy (NOT in your own country). A good proxy will (try to)
hide your real IP address, just in case. There are huge proxies lists
out there, find and use them, else use Iefaf's altavista trick and collect
good working proxies on your own.
- Configure your browser to use the proxy (for this, see detailed
instructions elsewhere on my site).
- Check
that everything works... trusted proxy checkers should say "proxy not detected" (careful,
there are some 'trap' proxy checkers out there, used by our enemies to kill proxies).
-
Set up your password buster of choice: Entry Pro, wwwhack, webcracker, your own,
whatever.
-
"Set up" means, of course, not only uynpacking and running it, but also having the
password buster going through your proxy, DO NOT FORGET THIS STEP, mostly option menu and then
proxy setup.
-
Re-build the name list. The one you got with the wwhack distribution is NOT GOOD. It works
at times,
granted, and you'll be able to enter some 'password protected' sites, but
that lists are nevertheless FAR from being really useful.
- Simplest lists are just single words, that resolve BOTH to username and to password:
fred/fred james/james and so on. Single lists will seldom work. Anyway if you really are going
to use simple lists, use -at least- alphanumeric ones like fred34/fred34 or 69porn/69porn.
-
Combined lists are MUCH more useful and bingo-prone.