Download Access Diver

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
Document related concepts
no text concepts found
Transcript 
ACCESSDIVER TUTORIAL
AccessDiver as a Web Site integrity tester. It can be downloaded from
http://accessdiver.com/downloads.htm. There you can also find patches for Windows XP
service pack two.
AccessDiver works by allowing the user to retrieve proxies and test them for speed and
confidentiality (anonymity). One can then use these proxies to connect to a web site
anonymously while testing/cracking. These proxies are placed in a list. There is also a list
of username and password combinations placed in a list used by AccessDiver. One places
a link to the desired members page that one wants to test/crack in the search/server field.
Once all the detailed specifications are chosen, like word size control (the min. and max.
of the username and password). The start button is clicked. AccessDiver then connects,
through an anonymous proxy, to the website to hide your IP address then places the first
combination in the list into the username and password fields of the member’s page that
it is trying to test/crack. The process is repeated over and over again until it finds a
working username and password. Nevertheless, the settings allow the program to stop
after one working combo or as many as one likes or until the whole word list is
exhausted. The working usernames and passwords are then saved to another file for
reference. AccessDiver is a hybrid cracker. It has many features for testing the integrity
of your websites. Many of these features can also be adjusted to the user’s needs and
preferences. It contains tools for creating wordlist, manipulating wordlists, getting
proxies and testing those proxies. You can change the characteristics of the usernames
and passwords. An example would be amelabe becomes AMELABE. You can randomize
the lists of usernames and passwords so that each username is paired with a different
password. On the other hand, you can use only one username in the search and try it with
every password in a list.
Getting Started
1.
After installation click the desktop shortcut
2.
THE FIRST TIME (ONLY) you start up AccessDiver you will receive an error
message. The .INF file will be created at shutdown and will not show the next time
AccessDiver is started.
o
"error image"
o
Click OK to continue
o
You should see:
1.
Click the Splash Screen to remove it:

To permanently remove: Settings Tab -- Extras Tab -- at bottom uncheck "Show
Info Box ...".
2.
3.
Click "My Skills"
Then Click "EXPERT" to open all the features/abilities:

AccessDiver should now look like this:
Initial Settings
1.
The "Search tab" is a search engine - not a very good one.
2.
The "Dictionary Tab" is used for creating and using wordlists. *We will come
back to this tab*
3.
The "History Tab" shows:
o
o
o
o
4.
Weak Logins found (self-explanatory)
Sever failures found (self-explanatory)
List of URLs used (self-explanatory)
Snapshots (never used)
The "Settings Tab" --> "Access Tab"
o



o
Place a check make in:
"Let a BOT retry ..."
"Always force a security check"
"Use GET method to do standard testing"
Leave the rest of the settings as they are. These are extra features that you can set
and use when needed.
5.
The "Proxy Tab" is used for finding and using proxies to hide your IP address
making you / your PC anonymous.
o
*We will come back to this tab*
6.
The "Exploiter Tab" is used to find known exploits.
o
*Not Applicable for this tutorial.*
7.
The "Extra Tools Tab" has:
o
A Net Kit used for sending PING packets and a DNS resolver.
o
A file splitter / merger
o
A HTTP Debugger
8.
The "Socks Tab" (I've never used)
9.
The Auto Pilot Tab" -- Here you can load a list of pages to crack and the attributes
for each page.
o
*Not Applicable for this tutorial.*
Using Proxies for anonymity
1.
Click the "Proxy" Tab and the "MyList" Tab
2.
Check the "Use WEB proxies" box. *We wont use this on a closed network*
3.
Check the "Rotate proxies..." box and place a 1 in the text box "...logins to try ...".
*we will come back to what these settings are.*
4.
Now click the "WEB proxy leecher" Tab.
1.
Click the Folder icon to open a list of websites to leech "anonymous proxies".
*Navigate to the AccessDiver folder select proxyLeechlist.txt *
2.
Shows the sites to be leeched
3.
Click the "Start leeching" button
4.
Shows the leeching status and ultimately how many proxies leeched for each site.
5.
Shows all the proxies found i.e. 165.34.76.10:8080
6.
Click add the proxies in..

then click "...Proxy Analyzer"

this will load all the proxies into the proxy analyzer and will open that tab
automatically.
5.
For this lab or to open a list of proxies gotten from another source. Click the tabs
Proxy and Proxy analyzer:
0.
Click the folder icon to open a list of proxies to test. *Navigate to the
AccessDiver folder and select the file proxylist.txt*
1.
Shows the server address and the port number.
2.
check "auto-deletion of bad ..."
3.
check "auto refresh..."
4.
check "auto delete proxies based on the proxy level..." (based on their anonymity)
5.
Proxy judge / anonymity checking sites
6.
Level of anonymity to auto delete. These levels (4,5) wont last as anonymous
very long.

Right click on a proxy address. Select remove duplicates, and remove FBI and
army proxies
7.
Click the "Speed / Accuracy tester". This will take some time to run.
8.
When finished click the "Confidentiality tester" button. This will take much time
also.
9.
Shows whether the proxy is valid / exists.
10.
Shows the level of anonymity.
11.
Shows the delay / speed of the proxy. How much of a delay between connecting
to the proxy.
12.
If you want, you can highlight a proxy address the click this explorer button. This
will make windows explorer connect through the proxy selected.
13.
Right click on a proxy address. We want to remove unwanted proxies. Click
"delete bad results and timeouts", and "Delete everything non-operational and not
anonymous".
14.
Right click the select "select all" to highlight all the proxies left.
15.
right click then select "add select proxies in your proxy list" -- this will
automatically open the "My List" tab
16.
"Rotate proxies 1 logins to try before swapping" --> this tries one username and
password for each proxy then switches username password and proxy. This will keep
accounts from being lock out.
17.
Shows the proxy addresses and the ports being used.
18.
Uncheck "use WEB proxies" for this lab or on a closed network.
Creating and Using a Wordlist
1.
Select the "Dictionary" tab.
2.
The "Manager" tab is a wordlist manager
3.
The "Generator" tab is a word generator. It allows for the use of macros. I suggest
using a word list manipulator like Raptor ("the Swiss-knife of wordlist manipulators").
4.
The "WEB Word leecher" tab is a username and password web leecher. It
searches and leeches usernames and passwords from websites just like the WEB proxy
leecher. Google search "passwords" to find websites to leech usernames and passwords
from.
5.
The "Currently used" tab is where we can open a combo list i.e
username:password format file. Or, a username only and a password only file. There are
advantages to loading as username and/or password only files. This would depend on
different options that are not covered in this tutorial.
6.
We will use the currently used / default wordlist.
7.
Now go to run a password integrity test.
Start A Standard Login Password Integrity Test
1.
First you have know the url of the web page that you want to test/crack. For this
lab we will use (removed). Copy and paste the link into the text box labeled server:
2.
Also very important is if the login is a pop-up or a .html page. The page created
for this lab is of the pop-up type. Requiring a username and password.
3.
Pop-up logins use the "Standard" test button and .html logins use, naturally, the
"HTML" test button.
4.
Click the "Settings" tab and the "Search" tab. Here you can set the minimum and
maximum characters in your search if you know them. You can also set some other
options here. Like why to load a username only and password only files.
5.
Now click the "Standard" button. This will start the testing process.
6.
Set the test speed
7.
Shows the username and password tried.
8.
Shows the response received - "401 not authorized" tells us that the username and
password are incorrect.
9.
Shows the proxy used for the test.
10.
Shows the weak login when found. These will also be saved in the "History" tab.
11.
There are many more options and features that are not covered in this tutorial.
Presentation time-constraints and keeping it simple are the contributing factors.
Related documents
Free Response Questions Climate Change Science
Free Response Questions Climate Change Science
iPod-Touch
iPod-Touch
World War II - Dover High School
World War II - Dover High School
Document
Document
Vigor2130 » Quick Start Guide
Vigor2130 » Quick Start Guide
Design - soufianeberouel
Design - soufianeberouel
Craigslist Marketing Updates
Craigslist Marketing Updates
Networking & Security
Networking & Security
07-Servers - dolinski.co.uk | home
07-Servers - dolinski.co.uk | home
Digestion Foldable - Mrs. Basepayne's Science Spot
Digestion Foldable - Mrs. Basepayne's Science Spot
The enemy within: Stop students from bypassing your defenses
The enemy within: Stop students from bypassing your defenses