Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: How to Use a Hash List

  1. #1
    Sneaky Sneakz Sneakz's Avatar
    Join Date
    Apr 2012
    Gender
    Location
    Antarctica
    Age
    27
    Posts
    276
    Thanks
    85
    Thanked 147 Times in 71 Posts


    Downloads
    14
    Uploads
    0
    Mentioned
    34 Post(s)
    Time Online
    4 h 57 m
    Avg. Time Online
    N/A
    Rep Power
    6

    How to Use a Hash List

    Due to the recent influx in the selling of hash lists, I decided to make this guide for those who wish to benefit from them, but may not be familiar with how to use them properly. Please note that although I have a decent understanding of how these work, I am by no means an expert and may use the incorrect terminology or have some things inaccurate. Please feel free to correct me as you see fit.

    We'll start off first and foremost with the most important question:
    What Is a Hash List?
    A hash list is, in simple terms, a list of usernames along with their encrypted passwords. These usually come along with an associated email. An mD5 hash is a string of 32 characters and is generated as a means of encrypting (or protecting) your password from people like us who wish to steal it. However, you can easily copy and paste the hash into an online database that will basically reveal to you the password. More info on this below.

    A hash usually looks something like this (this particular one was taken from one of Possible's hash lists:

    008235: 1. username = USERNAME123|-|-| 2. pass = b3726683365079da268d82dbde955066 () |-|-| 3. email = EMAIL@gmail.com |-|-|

    Where Can I Get Hash Lists?
    It seems that they have come into high demand recently here on the forum. These lists currently can be purchased from users such as Demo or Possible. Both have become rather reputable for their hash lists generating quite a bit of wealth.
    Chances are, you won't be able to generate your very own hash list. I'm sure there are ways to do it that I am not familiar with so I'll let you figure that out on your own.


    Decoding the Hash

    Let's take another look at our hash:

    008235: 1. username = USERNAME123|-|-| 2. pass = b3726683365079da268d82dbde955066 () |-|-| 3. email = EMAIL@gmail.com |-|-|

    Start by checking the username in Neopets to see if they exist. Use the following URL and simply copy and paste the username at the end. This will take you to the Userlookup if one exists.

    http://www.neopets.com/userlookup.phtml?user=USERNAME123

    If the account exists and is not frozen, I then move on to the password. Take your hash (in purple) and input it into the following database:

    http://www.md5decrypter.co.uk/

    Simply paste your hash into the box, type in the Captcha and hit "decrypt hashes." With any luck, a password will be generated.
    In this case the password was: sunn1d4y

    Now go back to Neopets, enter the username with this password and see if it works.

    If it asks for a birthday, this does not tell you if the password is right or wrong. Look at the URL. If the URL has the phrase "badpassword" in it at all, then the password is wrong. If, instead, it says "hi" in the URL, then you have a good password, you just need a birthday crack.

    Using the Emails
    So let's say you found an epic account, but the password didn't work. It's frustrating and oh so tantalizing to have the OLD password of a valuable account. Your next course of attack should be the email address. There's a few different things you can do:

    1. Check if the email is unregistered. If it is, bingo! You got the account (unless the email was changed).

    2. If the email is active, try the password you have for their email account. Just because they changed their Neopets password, they might have still left their email password the same.

    3. If the above fails, try the "forgot password" option on their email account. Try answering their secret questions and resetting their password. This has amazingly worked for me SEVERAL times. I have gone as far as stalking people on Facebook in order to find out answers to their secret questions LOL. This is even easier if you have Demo's hash lists, because they often come with a little more info about the person, perhaps giving you more clues.

    If all of the above fail, you should probably let it go. It sucks to see an epic account that you were so close to having access to, but if you don't have the password OR the email, you're pretty much SOL at this point. Move on to the next hash.

    Why Do I Keep Getting Failed Passwords/Non-existing Neopets Accounts?

    If my understanding is correct, hash lists are often harvested from forums, blogs, etc. THEREFORE (pay attention, this is important), these MAY OR MAY NOT be actual Neopets usernames and passwords. By taking the usernames and passwords from Neopets-RELATED sites, we are assuming that these people also have a Neopets account (or why else would they be on a Neo-related site, duh). However, they may or may not use the same username in Neopets as they do on this other site, and even if they do, this does not necessarily mean they will use the same password.
    However, this is not to say that hash lists are useless. Quite the contrary. While it is common for you to come across usernames that do not pull up an existing account in Neopets, much of the time you will find an account to match. There have been SEVERAL vouchers claiming to have found hundreds of millions of NPs, super rare UCs, etc from hash lists. Don't let the unsuccessful hashes deter you.

    Keep in mind, hash lists are a gamble. You may or may not strike it rich with these, it is all dependent on luck. It also depends quite a bit on how used your hash list was. Usually the seller will advise you if the hash list was previously looked through before. However, I have gotten pretty lucky even with used hash lists.


    Please feel free to post questions regarding hash lists or suggestions for improving this guide.
    Thanks for reading

  2. The Following 24 Users Say Thank You to Sneakz For This Useful Post:

    Ajones (07-20-2014),Ana (06-12-2012),Balletdancer (07-16-2012),Cody. (06-09-2012),Dan (08-12-2012),Daviid (07-03-2012),Dom~ (06-10-2012),Efron (01-13-2013),funnybell (03-29-2013),iamlilymay (03-19-2016),Ichimatsu (09-03-2012),james087 (09-07-2012),Jesusinn (06-21-2012),Joy (06-07-2012),Kay (01-03-2013),Leah (04-11-2013),Love (05-18-2012),Meercat (05-18-2012),Mouse (07-01-2012),Pixie (07-03-2012),Possible (06-04-2012),purekilla (04-20-2013),Ray-Chill (06-27-2012),Ryan~ (05-17-2012)

  3. #2
    robots's Avatar
    Join Date
    Jan 2012
    Gender
    Location
    Canada!
    Age
    22
    Posts
    500
    Thanks
    59
    Thanked 89 Times in 62 Posts


    Downloads
    15
    Uploads
    0
    Mentioned
    75 Post(s)
    Time Online
    1 d 5 h 20 m
    Avg. Time Online
    N/A
    Rep Power
    6
    woop! thanks for the guide! i haven't purchased one yet but i've always wondered about them ...

    one question
    when you buy a hash list, is this what the seller gives you, exactly

    008235: 1. username = USERNAME123|-|-| 2. pass = b3726683365079da268d82dbde955066 () |-|-| 3. email = EMAIL@gmail.com |-|-|

  4. #3
    Sneaky Sneakz Sneakz's Avatar
    Join Date
    Apr 2012
    Gender
    Location
    Antarctica
    Age
    27
    Posts
    276
    Thanks
    85
    Thanked 147 Times in 71 Posts


    Downloads
    14
    Uploads
    0
    Mentioned
    34 Post(s)
    Time Online
    4 h 57 m
    Avg. Time Online
    N/A
    Rep Power
    6
    Quote Originally Posted by robots View Post
    woop! thanks for the guide! i haven't purchased one yet but i've always wondered about them ...

    one question
    when you buy a hash list, is this what the seller gives you, exactly
    Yes, but a whole list of them. What they look like or how they are formatted may vary depending who you buy them from, but they always have the same three components: username, hash, email.

  5. The Following User Says Thank You to Sneakz For This Useful Post:

    robots (05-17-2012)

  6. #4

    Join Date
    Jan 2012
    Gender
    Posts
    591
    Thanks
    138
    Thanked 885 Times in 217 Posts


    Downloads
    6
    Uploads
    0
    Mentioned
    386 Post(s)
    Time Online
    1 d 18 h 21 m
    Avg. Time Online
    1 m
    Rep Power
    7
    Thank you for the guide, @Sneakz

  7. #5

    Join Date
    Jan 2012
    Gender
    Location
    Atlanta
    Age
    25
    Posts
    136
    Thanks
    1,372
    Thanked 1,399 Times in 817 Posts


    Downloads
    85
    Uploads
    4
    Mentioned
    628 Post(s)
    Time Online
    14 d 7 h 24 m
    Avg. Time Online
    10 m
    Rep Power
    6
    No, it depends on the hash list. Some formats are just straight form MYSQL databases and look SOMETHING like:


    ('1738732', 'username', 'password', 'email', ' randomthing here',' randomthing here',' randomthing here',' randomthing here',' randomthing here',' randomthing here',' randomthing here',' randomthing here',)

  8. The Following 2 Users Say Thank You to Ryan~ For This Useful Post:

    Joy (06-07-2012),Kristin (05-18-2012)

  9. #6
    Sneaky Sneakz Sneakz's Avatar
    Join Date
    Apr 2012
    Gender
    Location
    Antarctica
    Age
    27
    Posts
    276
    Thanks
    85
    Thanked 147 Times in 71 Posts


    Downloads
    14
    Uploads
    0
    Mentioned
    34 Post(s)
    Time Online
    4 h 57 m
    Avg. Time Online
    N/A
    Rep Power
    6
    Quote Originally Posted by Ryan~ View Post
    No, it depends on the hash list. Some formats are just straight form MYSQL databases and look SOMETHING like:
    Yeah, like I said, it will vary depending on who you get it from. But regardless of the format, its generally pretty easy to figure out what is the username, what is the hash, and what is the email.

  10. The Following 2 Users Say Thank You to Sneakz For This Useful Post:

    Joy (06-07-2012),Ryan~ (05-18-2012)

  11. #7
    Banned
    Join Date
    May 2012
    Gender
    Posts
    516
    Thanks
    92
    Thanked 37 Times in 30 Posts


    Downloads
    19
    Uploads
    0
    Mentioned
    98 Post(s)
    Time Online
    35 d 3 h 58 m
    Avg. Time Online
    26 m
    Rep Power
    0
    Thank you for the wonderful detailed guide!

  12. #8
    Headless Kristin's Avatar
    Join Date
    Dec 2011
    Gender
    Location
    NC, USA
    Age
    27
    Posts
    1,938
    Thanks
    606
    Thanked 745 Times in 407 Posts


    Downloads
    14
    Uploads
    0
    Mentioned
    352 Post(s)
    Time Online
    1 d 20 h 51 m
    Avg. Time Online
    1 m
    Rep Power
    9
    Gamer IDs

    PSN ID: invader__grimm
    I'd also like to point out that if you buy hashes from Demo, his hashes contain additional information (sometimes) such as neo username, gender, birthday, multiple emails, etc.

  13. The Following 2 Users Say Thank You to Kristin For This Useful Post:

    Joy (06-07-2012),Sneakz (05-18-2012)

  14. #9
    Timon's current girlfriend

    Meercat's Avatar
    Join Date
    Dec 2011
    Gender
    Location
    a Zoo near you!
    Posts
    641
    Thanks
    207
    Thanked 85 Times in 58 Posts


    Downloads
    12
    Uploads
    0
    Mentioned
    84 Post(s)
    Time Online
    3 d 19 h 34 m
    Avg. Time Online
    2 m
    Rep Power
    7
    Quote Originally Posted by Kristin View Post
    I'd also like to point out that if you buy hashes from Demo, his hashes contain additional information (sometimes) such as neo username, gender, birthday, multiple emails, etc.
    Some of Demo's hash lists contain two hashed components, could anyone explain this?
    I think I've figured that the first one in each line is the password, but what would the second be?

    - - - - - - -

    This guide is great for beginners, +repped c:

  15. #10
    Sneaky Sneakz Sneakz's Avatar
    Join Date
    Apr 2012
    Gender
    Location
    Antarctica
    Age
    27
    Posts
    276
    Thanks
    85
    Thanked 147 Times in 71 Posts


    Downloads
    14
    Uploads
    0
    Mentioned
    34 Post(s)
    Time Online
    4 h 57 m
    Avg. Time Online
    N/A
    Rep Power
    6
    Quote Originally Posted by Meercat View Post
    Some of Demo's hash lists contain two hashed components, could anyone explain this?
    I think I've figured that the first one in each line is the password, but what would the second be?

    - - - - - - -

    This guide is great for beginners, +repped c:
    I'm not sure what the second (and sometimes third) ones are. My best guess is that there is just other information on the page that needs to be encrypted for whatever reason, but is not really relevant for someone just trying to get the Neopets account. It's the first hash that is the password.

  16. The Following User Says Thank You to Sneakz For This Useful Post:

    Meercat (05-19-2012)

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •