Results 1 to 2 of 2

Thread: [GUIDE] Essy's Guide to Hashes!

  1. #1


    esperanto's Avatar
    Join Date
    Apr 2012
    Gender
    Posts
    1,051
    Thanks
    510
    Thanked 742 Times in 409 Posts


    Downloads
    23
    Uploads
    0
    Mentioned
    368 Post(s)
    Time Online
    23 d 14 h 15 m
    Avg. Time Online
    18 m
    Rep Power
    8

    [GUIDE] Essy's Guide to Hashes!




    I'm sure you've seen hash lists all around the forum. They've been in giveaways and are also being sold.
    Here are some techniques, from beginner to more advanced, to help you unravel the mystery of hash lists.



    IMPORTANT: Used hash lists sales are BANNED on clraik.
    A used hash list means that someone has already gone through the list at least once, mined the information, and tossed you the scraps.
    Occasionally you can find something good that someone's left behind, but usually you just get screwed. So...stick with buying fresh.
    Used hashes are occasionally given away from time to time however!



    So...what are hashes?


    Hashes are a list of usernames along with their encrypted passwords. They also typically come with an email.

    A hash list is typically a list of hashes of the data blocks in a file or set of files.
    Lists of hashes are used for many different purposes, such as fast table lookup (hash tables) and distributed databases (distributed hash tables).
    A hash list is an extension of the old concept of hashing an item (for instance, a file).
    Hash lists can be used to protect any kind of data stored, handled and transferred in and between computers.





    Where on clraik's green Earth can I find them?



    Currently the only two people that sell unused hashes are @Demo and @sparkling.
    Demo's are mined fresh when you purchase but are more expensive.
    Sparkling's are cheaper, but have been in her possession for a few years.
    Pick the choice that best suits your needs.



    How many do I need to buy?


    Hash lists are not, not, NOT like account lists/random accounts/etc. They will NOT all work.
    Think about it. Do you use the same login info on this site as you do for Neo? Of course not.
    So it follows that on the other sites this information is mine from, not all the info will be the same either.
    But some people are stupid
    For basic needs and starters, I would recommend a list of at LEAST 100 hashes.
    Any less and you're really wasting your time.



    Ok, I've got my hashes, now what?


    Hash lists come in a few different formats. I'll post 2 and update with more as I find them.
    First, we need to pull the information from them.

    Format One:
    33678) ('xXxACX2xXx', 'xXxACX2xXx', '4a949d32c6c6644b5f91596f3dc9e9f4', 'yamitenshi23@sbcglobal.net',
    null, null, 0, 1156202160, null, null, null, null, null, null, 'User', 'flat', 'collapsed', 10, 170717, 'Off', '', null, null,
    null, null, null, null, null, 1156201952, null, null, null, 'yes', 'on', 'yes', 'yamitenshi23@sbcglobal.net',
    '70.230.187.225', '-3-', null, 'Member', null, '', ' ', null, null, 0, null, 'cp', '-', null, null, '0', 0, null, null, null,
    'bfe6c14c945256de12a6add92c83b4d9', 'yes', null, '', 'plaintext', 'all', '-', null, 'no', null, '0', null, 0, 0, null,
    null, null, null, null, null, null, 0, null, null, null)

    For beginners, the only thing you will need is
    the username (always first), then the encrypted hash, and finally, the email.


    For more advanced users, the proxy can be handy in assessing a
    physical location for the UN, which can be useful in answering security questions, etc.
    See section entitled, "Let's stalk the shit out of them!"


    Format Two:
    008704: 1. username = ihavenogoodnames (demail: |-|-| msn: |-|-| bday: 0) |-|-| 2. pass = 79c165fe86cfb44f73f164f20aea4553 () |-|-| 3. email = kickurass777@aim.com |-|-|

    In simpler hashes, often only the username, encrypted password, and email are available.


    Now, what to do with this information?

    Very simple. You'll need to pull up 2 tabs on your browser.

    One here:
    http://www.neopets.com/userlookup.phtml?user=
    Note: This link will return an error until you input a username.

    And one here:
    http://md5decrypter.co.uk/

    Now, we begin the process of finding the accounts.

    Let's use Format One.

    We take the first highlighted part, the username. In this case: xXxACX2xXx
    Copy-paste onto the END of the first provided link and we now have:

    http://www.neopets.com/userlookup.phtml?user=xXxACX2xXx

    In a perfect world, we'd come across an account loaded with UC's, high av/stamp/card count, tons of trophies, etc. etc.

    Instead, we find this:



    Bummer, eh? Most people would see this and move on.

    But YOU are not most people! Because YOU have read Essy's Guide to Hashes!
    So...you've got a few more tricks up your sleeves.
    The most common? Use the first part of the email!

    Using our First Format hash example, as well as our first step listed above, that would give us the following:

    http://www.neopets.com/userlookup.ph...r=yamitenshi23



    EGADS!!! Not again. Never fear, I have even more tricks!

    If your username & email BOTH do not work, try some of the following:
    • Add numbers (i.e. 1, 2, 3)
    • Delete numbers
    • Add "_side" to both parts (especially if the account is disabled)
    • Reverse the order of the words ("snowman" becomes "mansnow")

    Experiment and see if you can find a potential username linked to this hash.

    Found it? Great! Let's move on.
    Once you've found your username, we proceed to decrypting the hash password.
    The encrypted password is the wonky looking string of 32 characters that is second in the highlighted list of information.
    Copy-paste this string into the first box in the MD5Decrypter tab you have open.
    Enter the CAPTCHA and click "Decrypt Hashes."
    If done correctly, you will see:



    Wheee!!! It turned up a password. Now, go try the username/password combination in Neo.

    Two Things to remember:

    USE A FREAKING PROXY

    Look at the URL if you get a "Enter Birthday" screen. If it says Hi! you've got the right password, but the account needs to be birthday cracked.
    PM @Sean, @UND3AD, or @Zachafer for their services, or use the Free Bday cracker under "Quick Links" if you haven't used up your freebies yet.

    If the password is incorrect, try logging into the email listed with the account.

    If you cannot access the account OR the email, try the above listed tips for finding a username with the password. You might get lucky!

    THIS IS THE END OF THE BEGINNER GUIDE. PROCEED IF YOU WANT TO KNOW EVEN MORE


    I found an epic account, but I can't get into it or the email.
    Well...that sucks. :/
    But don't give up hope yet! There are still a few more advanced tips and tricks to try.
    The following take some time and are not guaranteed to yield definite results.
    But sometimes you can get very lucky!
    The first thing to try is the "retrieve password" on the email account.
    This typically gives you 2-4 security questions that must be answered before you can gain access to the account.
    How do we get this personal information?
    That my friends...is the fun part



    Let's stalk the shit out of them!

    This is probably my favorite part of doing hashes, as creepy as that is.
    People post their entire lives on the internet and it's usually very easy to find them.

    1. My first stop is ALWAYS Facebook.
    www.facebook.com
    Copy-paste their email into the search bar at the top, and if it's connected to a Facebook account, it will come up.
    Facebook contains a plethora of information, including but not limited to:
    Birthdays
    Anniversaries
    Childrens' names
    Birthplaces
    Parent's Names/Maiden names, etc.
    Pets' names

    2. Once you've got a full name, the place you go next depends on the information required by your email.
    For ZIP codes: Remember that handy dandy red number way back up there in the first hash?
    Let's use it now.
    Go here: http://www.botsvsbrowsers.com/ip/index.html and find the IP (inputting it into Google also works)
    This gives you a location on your IP. It still may have anywhere from 3-20+ ZIP codes, so narrowing it down may take time.
    But it'll give you a start.

    For Phone Numbers: Dun dun dun DUNNNNN.
    Go here: www.whitepages.com
    Input information gleaned from Step 1.
    If they've got a listed number, you now have it!

    For last 4 digits of credit card number:
    Attempt to use the login information on www.paypal.com

    3. If all of the above fails to get you the required infomation, try simply Googling the username and/or email.
    Many people use the same username all over the web, and some are more free with information on other sites.
    If you find any accounts on any other sites that have their username/email, try to log in!
    You never know what could be lurking in their emails/notes/account information, etc. on the site.



    IF ALL OF THE ABOVE FAILS...YOU ARE JUST GONNA HAVE TO GIVE THE HELL UP, LOL.
    BUT REST EASY KNOWING YOU GAVE IT A HELL OF A FIGHT!


    Thanks for taking the time to read my very first guide. Any comments/addons/incorrect information is very helpful!

  2. The Following 14 Users Say Thank You to esperanto For This Useful Post:

    Balletdancer (07-16-2012),Cupcake. (07-16-2012),Death (07-20-2012),Demo (07-16-2012),fairydust201 (07-17-2012),goodieboy (07-17-2012),iamlilymay (03-19-2016),M.V.P (02-13-2013),Mary674 (08-03-2012),musemfire (07-17-2012),Reese (07-16-2012),Ryan~ (07-16-2012),sparkling (07-16-2012),UND3AD (07-17-2012)

  3. #2


    Reese's Avatar
    Join Date
    Dec 2011
    Gender
    Location
    United States
    Age
    20
    Posts
    2,315
    Thanks
    1,180
    Thanked 758 Times in 529 Posts


    Downloads
    20
    Uploads
    0
    Mentioned
    510 Post(s)
    Time Online
    39 d 23 h 13 m
    Avg. Time Online
    30 m
    Rep Power
    11
    Excellent guide on hashes and stalking

  4. The Following User Says Thank You to Reese For This Useful Post:

    esperanto (07-16-2012)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •