Page 23 of 23 FirstFirst ... 13212223
Results 331 to 338 of 338

Thread: The Help Me Find Thread

  1. #331
    Quote Originally Posted by anon View Post
    Proxy Judge... that name takes me back to the days when the first digit of my age was 1, and I was checking proxies, leeching combos, and cracking accounts both when I was awake and asleep
    Ah. Wow, you brought up certain memories for sure! Cracking accounts was fun at one point in time. Nowadays, the security measures such as DDoS Protection, Captcha, ReCaptcha, and so forth make it difficult for newbies (take note here I said for newbies and script kiddies). I still crack accounts with OpenBullet (an excellent tool for brute-force and dictionary attacks) but not as much as I use—mainly services related to my work industry. (My employers are too cheap to pay for the services, and without them (services), you can't get that edge you need to surpass your competition. So I dabble in it time and again.

    Quote Originally Posted by anon View Post
    but if you're using an automated checker for this (Charon or ProxyFire? Coke or Pepsi?),
    I am using Unfx Proxy Checker.
    [CODE]https://github.com/assnctr/unfx-proxy-checker[CODE]
    ProxyFire was something I used too (cracked version, though). I still use it to scrape proxies from Yahoo when I need some public proxies for Black Hat activities (once again relating to work and cracking weak-ass security sites). On a side note, public proxies, no matter what type they are Http, Https, and Socks 4 or 5, end up revealing your IP to the server.

    Anyway, back to Proxyfire, since the last release, there seems to be no more activity on developing or maintaining it. For those looking for it, here's the link.
    Code:
    http://proxyprivate.org/program/programproxy/proxyfire.html
    Plus, I don't like how Proxyfire sorts your proxies out into lists, which you have to open up. As for Charon, I've heard of it before but never gave it a try.

    Quote Originally Posted by anon View Post
    you'll only care about headers.
    Do you please care to explain here? I don't have much knowledge regarding this.

    Quote Originally Posted by anon View Post
    Code:
    https://azenv.net/azenv.php            # Very reliable, has existed for 10+ years; no Cloudflare
    https://proxyjudge.biz/azenv.php        # Same
    https://proxyjudge.us/azenv.php            # Same
    https://proxyjudge.info/azenv.php        # Self-signed and expired cert (not recommended); no Cloudflare
    Thank you, 1000. I've tried the first one, a.k.a "https://azenv.net/azenv.php." It works with Unfx Proxy Checker. For those that want to use this tool, I've made a little image tutorial on how you can do so.
    Image 1: - Screenshot_3.png
    Image 2: - Screenshot_4.png
    Image 3: - Screenshot_5.png

    Quote Originally Posted by anon View Post
    Note that it's not possible to know what their log policies are.
    I guess there's a downside to everything.

    Quote Originally Posted by anon View Post
    In the past, people have set up proxy judges as honeypots to get proxy IPs and then "steal" working public ones, which is why I highlighted long-lived instances in my above list (as they can reasonably be considered trustworthy).
    Once again, thank you very much for this list. I honestly don't know how you managed to get them. My searches brought up only Http Judges.

    Quote Originally Posted by anon View Post
    If privacy is a critical requirement for you
    Yes, Sir, it very much is. I could care less about public proxies. However, the proxies I plan on checking are not public ones. The provider's TOS (Terms of Service) clearly states that if I, for some reason, cause them to turn otherwise, my membership will be revoked as well as my IP blacklisted.

    Quote Originally Posted by anon View Post
    you should use either 1. only leech and check tunnel proxies,
    Thanks for the tip. I heard about this term before but still have no idea what it means. Anyway, I guess now I have something to research.

    Quote Originally Posted by anon View Post
    2. self-host.
    Question: - Will a shared server be adequate enough to handle this?

    Quote Originally Posted by anon View Post
    Semi-relevant: azenv.php does not sanitize the values in request headers, so they can be used to inject HTML code in the response body. In practice, this has little abusability, as malicious proxies are already able to do that everywhere if HTTPS isn't used, and proxy checkers don't render the code, only parse it.
    Thank you for this information too (second topic to research here).
    ~cloud99

    Author's note: - Please remove the tutorial for adding SSL Proxy Judge for Unfx Proxy Checker if it doesn't comply with the rules of SBI. If not ignore this part of the post.
    Reply With QuoteReply With Quote
    Thanks

  2. #332
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    36,829
    Activity Longevity
    14/20 19/20
    Today Posts
    5/5 ssss36829
    Quote Originally Posted by cloud99 View Post
    I still crack accounts with OpenBullet (an excellent tool for brute-force and dictionary attacks) but not as much as I use?mainly services related to my work industry. (My employers are too cheap to pay for the services, and without them (services), you can't get that edge you need to surpass your competition. So I dabble in it time and again.
    A part of me wants to get back into this stuff again, and I have done some reading already. OpenBullet seems amazing and I wish we'd had something like it ten years ago. Back then you had to use a dedicated program for each site, because the generic crackers were not so good. The truly elite had private tools like Tony Vegas and Sentry which could solve captchas (of the time) and had more features, but were very difficult to obtain if you weren't connected.

    Using cracked accounts in a commercial setting is like running pirated software; the simplicity and cost saving are very tempting, but you can get in serious trouble if word ever gets out. Then again, I suppose your employer knows that already.

    Plus, I don't like how Proxyfire sorts your proxies out into lists, which you have to open up. As for Charon, I've heard of it before but never gave it a try.
    Back in the day it was Charon vs. ProxyFire, since the other checkers sucked. I was on team Charon because it was freeware, had no limitations, did everything I wanted and worked very well... all of which remains true to this day. Author Rhino retired from the scene and shut down his Web site years ago, but mirrors are available.

    Do you please care to explain here? I don't have much knowledge regarding this.
    prxjdg.cgi was the first script of this kind, and the one the name "Proxy Judge" comes from. It showed a listing of the request headers it received from you and gave a point-by-point explanation of each along with an anonymity rating. Very educational, but nobody checks proxies one by one using a browser now, so they'll never see it.

    azenv.php does the same job, but it's PHP (Perl version also available) and only shows a list of headers with no commentary. Proxy checkers already know their meaning, so the rest is unnecessary.

    Once again, thank you very much for this list. I honestly don't know how you managed to get them. My searches brought up only Http Judges.
    I tried to recall the proxyjudges from my youth and added an "S" to the protocol scheme. Surprisingly, all of them worked! If my memory hadn't been as good, I would have instead done a quick search...

    Code:
    # Self-explanatory
    https://www.google.com/search?q=%22AZ+Environment+Variables%22+inurl%3ahttps%3a%2f%2f&safe=images&num=100&complete=0&newwindow=1&pws=0&filter=0&nfpr=1
    # Google favors HTTPS results, so we can tweak the query to reduce spam
    https://www.google.com/search?q=%22AZ+Environment+Variables%22+inurl%3aazenv&safe=images&num=100&complete=0&newwindow=1&pws=0&filter=0&nfpr=1
    ...and then filtered and validated results.

    Thanks for the tip. I heard about this term before but still have no idea what it means. Anyway, I guess now I have something to research.
    A tunnel proxy uses itself another proxy to forward traffic. That exit IP won't be in any lists and usually survives port scans, making these much more stealthy and highly sought-after. Unfortunately, few public or even private ones fall into this category. Charon flags these as "gateway" and gives them a score boost.

    Question: - Will a shared server be adequate enough to handle this?
    As long as you can install a trusted TLS certificate on it, then sure. If you have your own (sub)domain, Let's Encrypt offers those for free after a fairly easy validation process, so there shouldn't be any problems.

    Thank you for this information too (second topic to research here).
    Okies, I'll leave it as homework for you. Unsanitized input is a ton of fun, I promise you'll never look at a router's ping/traceroute page the same way again
    "Come visit sometime, okay? We'll always be here for you. We... we all love you."
    Reply With QuoteReply With Quote
    Thanks

  3. Who Said Thanks:

    cloud99 (20.10.20)

  4. #333
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    36,829
    Activity Longevity
    14/20 19/20
    Today Posts
    5/5 ssss36829
    Here's a blast from the past. Fileserve once took action against one of my hacked accounts.

    "Come visit sometime, okay? We'll always be here for you. We... we all love you."
    Reply With QuoteReply With Quote
    Thanks

  5. #334
    Quote Originally Posted by anon View Post
    The truly elite had private tools like Tony Vegas and Sentry, which could solve captchas (of the time) and had more features but were very difficult to obtain if you weren't connected.
    Sentry 2.0 by Sentinel was openly available to users, as I remember.
    Code:
    https://github.com/Rootmarm/sentry-2.0
    I had the archived link of the original website (I can't find it to show it to you now). Note that this version didn't have the OCR anti-captcha abilities within it. I used this version for 1.5 years (1.5 is not a typing mistake for 15).
    Anyway, Netflix was something that recently took off then, and that was all people could talk about. I vaguely remember buying a Netflix account from someone (who messaged me regarding Netflix) who was selling it for more than half its original price on a porn forum. After building a relationship with the person, he introduced me to Sentry 2.0 and SQL injections to website databases (for combos). Once the cracking forums grew, I joined one (believe it or not, I rose to the level of Co-Administrator from cracking accounts and sharing them with paying members) and then learned about the MBA version. The only problem with the Sentry MBA version modded by Astaris was that it could only simulate 250 bots to do the brute force work. So I kept cracking until I stumbled upon the Sentry MBA version from Leakforums, which was a mod of a mod. This could simulate 2500 bots in place of 250. Anyway enough of the history lesson.

    Side note: - The Sentry MBA version (Sentry MBA) modded by Astaris was released publicly (has the OCR anti-captcha abilities) in the year 2012 or 2013 (I think).

    Quote Originally Posted by anon View Post
    Using cracked accounts in a commercial setting is like running pirated software; the simplicity and cost-saving are very tempting, but you can get in serious trouble if word ever gets out.
    There's litterally nothing I can do as the services I crack are way too expensive (for my employer and me). I surmise that others in my industry must be doing the same thing to keep ROIs at a significantly high level.

    Quote Originally Posted by anon View Post
    Then again, I suppose your employer knows that already.
    Yes, my employer does know and doesn't care as long as the work gets done, and ROIs are high.
    Side note: - The country I come from has more than 51% of the people paying bribes to get their work done. Corruption is high, and no one cares as long as the work gets done.

    Quote Originally Posted by anon View Post
    Back in the day, it was Charon vs. ProxyFire since the other checkers sucked. I was on team Charon because it was freeware, had no limitations, did everything I wanted, and worked very well... all of which remains true to this day. Author Rhino retired from the scene and shut down his Web site years ago, but mirrors are available.
    I did download a copy of Charon from
    Code:
    http://proxyprivate.org/program/programproxy/charon.html
    . I am waiting for some free time to check whether the copy I have, logs any data.

    Quote Originally Posted by anon View Post
    prxjdg.cgi was the first script of this kind, and the one the name "Proxy Judge" comes from. It showed a listing of the request headers it received from you and gave a point-by-point explanation of each along with an anonymity rating. Very educational, but nobody checks proxies one by one using a browser now, so they'll never see it.
    Ah, thanks for the clarification. I assumed it was some sort of "Proxy Judge," and what do you know? It turns out it actually is one.

    Quote Originally Posted by anon View Post
    azenv.php does the same job, but it's PHP (Perl version also available) and only shows a list of headers with no commentary. Proxy checkers already know their meaning, so the rest is unnecessary.
    So to cut things short, the "azenv.php" version is better than "prxjdg.cgi" to self-host?

    Quote Originally Posted by anon View Post
    I tried to recall the proxy judges from my youth and added an "S" to the protocol scheme. Surprisingly, all of them worked! If my memory hadn't been as good, I would have instead done a quick search...
    Gosh, darn it. Now, why didn't I think of that?

    Quote Originally Posted by anon View Post
    ...and then filtered and validated results.
    You make these "Google Search Operators" easy. I still have a hard time remembering some of these.
    Code:
    https://support.google.com/websearch/answer/2466433?hl=en
    Quote Originally Posted by anon View Post
    A tunnel proxy uses itself another proxy to forward traffic. That exit IP won't be in any lists and usually survives port scans, making these much more stealthy and highly sought-after. Unfortunately, few public or even private ones fall into this category. Charon flags these as "gateway" and gives them a score boost.
    Thanks, I now know that Charon and tunnel proxies are something I should replace for my Proxy checker and proxies. Thanks, @anon; your knowledge of these things reminds of "KnowsMore" from the 2018 movie "Ralph Breaks the Internet." Please consider this a compliment and not a sarcasm.

    Quote Originally Posted by anon View Post
    As long as you can install a trusted TLS certificate on it, then sure. If you have your own (sub)domain, Let's Encrypt offers those for free after a fairly easy validation process, so there shouldn't be any problems.
    My hosting provider has the option of unlimited (sub)domains, so I guess I have to get one now. Never had a reason to register a domain before for personal use.

    Quote Originally Posted by anon View Post
    I promise you'll never look at a router's ping/traceroute page the same way again
    Now I guess I have no more excuses to keep postponing this research.

    Quote Originally Posted by anon View Post
    took action against one of my hacked accounts.
    Happens to the accounts I cracked quite often. Usually, when there are more than two people logged in simultaneously with the same account with different IPs. However, I never connect to these cracked services with my real IP. I always use a VPN, so my real IP doesn't get blacklisted. VPN and Proxies are something my employer pays for, as its use involves quite a large portion of our work daily. So this doesn't concern me one bit.
    ~cloud99
    Last edited by cloud99; 20.10.20 at 21:50.
    Reply With QuoteReply With Quote
    Thanks

  6. Who Said Thanks:

    anon (21.10.20)

  7. #335
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    36,829
    Activity Longevity
    14/20 19/20
    Today Posts
    5/5 ssss36829
    Quote Originally Posted by cloud99 View Post
    Anyway enough of the history lesson.
    Sentry MBA is the one I was talking about. I didn't know there were two programs by that name, so thanks for the history lesson. I was on a cracking forum too, the biggest and best of the time, and made it to Elite by being very active. Sadly, they no longer exist and I've lost contact with all but one of the friends I made there. Oh, and SQL injection is a way of exploiting unsanitized input

    Side note: - The country I come from has more than 51% of the people paying bribes to get their work done. Corruption is high, and no one cares as long as the work gets done.
    Ah, the almighty bribe.



    I did download a copy of Charon from
    Code:
    http://proxyprivate.org/program/programproxy/charon.html
    . I am waiting for some free time to check whether the copy I have, logs any data.
    I don't have the original archive on this computer, but I'd consider the Softpedia download at https://www.softpedia.com/get/Intern...s/Charon.shtml to be trustworthy. I'll create a mirror in the software forum as soon as I'm able to.

    So to cut things short, the "azenv.php" version is better than "prxjdg.cgi" to self-host?
    Yes, and more compatible, since it's a very short PHP script. It will run even under the smallest and most restrictive hosting.

    Thanks, I now know that Charon and tunnel proxies are something I should replace for my Proxy checker and proxies. Thanks, @anon; your knowledge of these things reminds of "KnowsMore" from the 2018 movie "Ralph Breaks the Internet." Please consider this a compliment and not a sarcasm.
    I haven't watched the movie, but I suppose Ralph either failed to break the Internet or put it back together afterwards

    My hosting provider has the option of unlimited (sub)domains, so I guess I have to get one now. Never had a reason to register a domain before for personal use.
    Make sure your registrar hides WHOIS data, or else you'll be exposing your details to the entire world... fortunately that's the rule and not the exception these days.

    Happens to the accounts I cracked quite often. Usually, when there are more than two people logged in simultaneously with the same account with different IPs. However, I never connect to these cracked services with my real IP. I always use a VPN, so my real IP doesn't get blacklisted. VPN and Proxies are something my employer pays for, as its use involves quite a large portion of our work daily. So this doesn't concern me one bit.
    With few exceptions, all cracked accounts die eventually. If you were able to crack something, that means the username and/or password were in a combo list or dictionary... in which case others will eventually find it too, then log in from IPs all over the world, then the service owners will notice and take action. But well, building good dictionaries and continuing to find new accounts is part of the game.
    "Come visit sometime, okay? We'll always be here for you. We... we all love you."
    Reply With QuoteReply With Quote
    Thanks

  8. Who Said Thanks:

    cloud99 (22.10.20)

  9. #336
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    36,829
    Activity Longevity
    14/20 19/20
    Today Posts
    5/5 ssss36829
    Quote Originally Posted by JohnareyouOK View Post
    It's down for everyone now. these 2 years it's down every few months and duration of every time is not short. personally I don't use it often but having alternative sites is always good. rly hope it won't gone like tehparadox.

    btw here're my 1st choices, just for you guys' reference (you know, sharing info is always good ):
    warez -> nnmclub.to
    Was told about this one a few days ago, it seems good.

    https://forum.dirtywarez.com/
    "Come visit sometime, okay? We'll always be here for you. We... we all love you."
    Reply With QuoteReply With Quote
    Thanks

  10. Who Said Thanks:

    JohnareyouOK (28.10.20)

  11. #337
    JohnareyouOK's Avatar
    Join Date
    31.01.19
    Location
    Earth
    P2P Client
    qBittorrent
    Posts
    152
    Activity Longevity
    9/20 3/20
    Today Posts
    1/5 ssssss152
    Quote Originally Posted by anon View Post
    Was told about this one a few days ago, it seems good.

    https://forum.dirtywarez.com/
    thanks anon! it's INDEED a good place! btw if rumor about warez-bb said in this post is real, I totally agree with "The sooner the site shuts down the better off everyone will be." this dirtywarez or sanet's forum would seem good alternatives.

    Edit: hey, they even have a Top Warez Sites List, love this attitude.
    Last edited by JohnareyouOK; 28.10.20 at 12:26.
    Reply With QuoteReply With Quote
    Thanks

  12. #338
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    36,829
    Activity Longevity
    14/20 19/20
    Today Posts
    5/5 ssss36829
    Quote Originally Posted by JohnareyouOK View Post
    btw if rumor about warez-bb said in this post is real, I totally agree with "The sooner the site shuts down the better off everyone will be."
    For me, the loss of such an old and active community and the link archives it has amassed over the years, would far offset the gain(?) of some staff members I had never heard of until today losing control of it.

    Anyway, let's see what happens. Long downtimes like this one tend to be killers, but I'm confident things will take off again quickly when/if they return.
    "Come visit sometime, okay? We'll always be here for you. We... we all love you."
    Reply With QuoteReply With Quote
    Thanks

Page 23 of 23 FirstFirst ... 13212223

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •