I'm sure you've seen hash lists all around the forum. They've been in giveaways and are also being sold.
Here are some techniques, from beginner
to more advanced
, to help you unravel the mystery of hash lists.
IMPORTANT: Used hash lists sales are BANNED on clraik.
A used hash list means that someone has already gone through the list at least once, mined the information, and tossed you the scraps.
Occasionally you can find something good that someone's left behind, but usually you just get screwed. So...stick with buying fresh.
Used hashes are occasionally given away from time to time however!
So...what are hashes?
Hashes are a list of usernames along with their encrypted passwords. They also typically come with an email.
A hash list is typically a list of hashes of the data blocks in a file or set of files.
Lists of hashes are used for many different purposes, such as fast table lookup (hash tables) and distributed databases (distributed hash tables).
A hash list is an extension of the old concept of hashing an item (for instance, a file).
Hash lists can be used to protect any kind of data stored, handled and transferred in and between computers.
Where on clraik's green Earth can I find them?
Currently the only two people that sell unused hashes are @Demo
are mined fresh when you purchase but are more expensive.
are cheaper, but have been in her possession for a few years.
Pick the choice that best suits your needs.
How many do I need to buy?
Hash lists are not
like account lists/random accounts/etc. They will NOT all work.
Think about it. Do you use the same login info on this site as you do for Neo? Of course not.
So it follows that on the other sites this information is mine from, not all the info will be the same either.
But some people are stupid
For basic needs and starters, I would recommend a list of at LEAST 100 hashes.
Any less and you're really wasting your time.
Ok, I've got my hashes, now what?
Hash lists come in a few different formats. I'll post 2 and update with more as I find them.
First, we need to pull the information from them.
', 'xXxACX2xXx', '4a949d32c6c6644b5f91596f3dc9e9f4
null, null, 0, 1156202160, null, null, null, null, null, null, 'User', 'flat', 'collapsed', 10, 170717, 'Off', '', null, null,
null, null, null, null, null, 1156201952, null, null, null, 'yes', 'on', 'yes', 'email@example.com',
', '-3-', null, 'Member', null, '', ' ', null, null, 0, null, 'cp', '-', null, null, '0', 0, null, null, null,
'bfe6c14c945256de12a6add92c83b4d9', 'yes', null, '', 'plaintext', 'all', '-', null, 'no', null, '0', null, 0, 0, null,
null, null, null, null, null, null, 0, null, null, null)
For beginners, the only thing you will need is
the username (always first), then the encrypted hash, and finally, the email.
For more advanced users, the proxy can be handy in assessing a
physical location for the UN, which can be useful in answering security questions, etc.
See section entitled, "Let's stalk the shit out of them!"
008704: 1. username = ihavenogoodnames
(demail: |-|-| msn: |-|-| bday: 0) |-|-| 2. pass = 79c165fe86cfb44f73f164f20aea4553
() |-|-| 3. email = firstname.lastname@example.org
In simpler hashes, often only the username, encrypted password, and email are available.
Now, what to do with this information?
Very simple. You'll need to pull up 2 tabs on your browser.
Note: This link will return an error until you input a username.
And one here:
Now, we begin the process of finding the accounts.
Let's use Format One.
We take the first highlighted part, the username. In this case: xXxACX2xXx
Copy-paste onto the END
of the first provided link and we now have:
In a perfect world, we'd come across an account loaded with UC's, high av/stamp/card count, tons of trophies, etc. etc.
Instead, we find this:
Bummer, eh? Most people would see this and move on.
are not most people! Because YOU have read Essy's Guide to Hashes!
So...you've got a few more tricks up your sleeves.
The most common? Use the first part of the email!
Using our First Format hash example, as well as our first step listed above, that would give us the following:
EGADS!!! Not again. Never fear, I have even more tricks!
If your username & email BOTH do not work, try some of the following:
- Add numbers (i.e. 1, 2, 3)
- Delete numbers
- Add "_side" to both parts (especially if the account is disabled)
- Reverse the order of the words ("snowman" becomes "mansnow")
Experiment and see if you can find a potential username linked to this hash.
Found it? Great! Let's move on.
Once you've found your username, we proceed to decrypting the hash password.
The encrypted password is the wonky looking string of 32 characters that is second
in the highlighted list of information.
Copy-paste this string into the first box in the MD5Decrypter tab you have open.
Enter the CAPTCHA and click "Decrypt Hashes."
If done correctly, you will see:
Wheee!!! It turned up a password. Now, go try the username/password combination in Neo.
Two Things to remember:
USE A FREAKING PROXY
Look at the URL if you get a "Enter Birthday" screen. If it says Hi!
you've got the right password, but the account needs to be birthday cracked.
, or @Zachafer
for their services, or use the Free Bday cracker under "Quick Links" if you haven't used up your freebies yet.
If the password is incorrect, try logging into the email listed with the account.
If you cannot access the account OR
the email, try the above listed tips for finding a username with the password. You might get lucky!
THIS IS THE END OF THE BEGINNER GUIDE. PROCEED IF YOU WANT TO KNOW EVEN MORE
I found an epic account, but I can't get into it or the email.
Well...that sucks. :/
But don't give up hope yet! There are still a few more advanced
tips and tricks to try.
The following take some time and are not guaranteed to yield definite results.
But sometimes you can get very lucky!
The first thing to try is the "retrieve password" on the email account.
This typically gives you 2-4 security questions that must be answered before you can gain access to the account.
How do we get this personal information?
That my friends...is the fun part
Let's stalk the shit out of them!
This is probably my favorite part of doing hashes, as creepy as that is.
People post their entire lives on the internet and it's usually very easy to find them.
1. My first stop is ALWAYS Facebook.
Copy-paste their email into the search bar at the top, and if it's connected to a Facebook account, it will come up.
Facebook contains a plethora of information, including but not limited to:
Parent's Names/Maiden names, etc.
2. Once you've got a full name, the place you go next depends on the information required by your email.
For ZIP codes: Remember that handy dandy red
number way back up there in the first hash?
Let's use it now.
Go here: http://www.botsvsbrowsers.com/ip/index.html
and find the IP (inputting it into Google also works)
This gives you a location on your IP. It still may have anywhere from 3-20+ ZIP codes, so narrowing it down may take time.
But it'll give you a start.
For Phone Numbers: Dun dun dun DUNNNNN.
Go here: www.whitepages.com
Input information gleaned from Step 1.
If they've got a listed number, you now have it!
For last 4 digits of credit card number:
Attempt to use the login information on www.paypal.com
3. If all of the above fails to get you the required infomation, try simply Googling the username and/or email.
Many people use the same username all over the web, and some are more free with information on other sites.
If you find any accounts on any other sites that have their username/email, try to log in!
You never know what could be lurking in their emails/notes/account information, etc. on the site.
IF ALL OF THE ABOVE FAILS...YOU ARE JUST GONNA HAVE TO GIVE THE HELL UP, LOL.
BUT REST EASY KNOWING YOU GAVE IT A HELL OF A FIGHT!
Thanks for taking the time to read my very first guide. Any comments/addons/incorrect information is very helpful!