Author Topic: C-Force help please!  (Read 19196 times)

untraumatized

  • Guest
C-Force help please!
« on: March 03, 2006, 04:01:40 PM »
Hello I am using a program called C-Force and I dont understand how to load the proxys, do i copy and paste them into wordpad, Please help!

thanks in advance!

Maiki

  • Post Rank: 2
  • **
  • Posts: 32
    • View Profile
Re: C-Force help please!
« Reply #1 on: March 03, 2006, 05:08:12 PM »
Quote from: "untraumatized"
Hello I am using a program called C-Force and I dont understand how to load the proxys, do i copy and paste them into wordpad, Please help!

thanks in advance!


Hey , i know exacly wat your talking bout so thats good point ;). first u have to put proxies in a TXT file. Then u just simple load them ;-). Second u need a wordlist (wich i hope u have) and thats all u need. More problems? ask me

ratboy

  • Newbie
  • *
  • Posts: 2
    • View Profile
C-Force help please!
« Reply #2 on: April 09, 2006, 06:33:50 AM »
try using notepad, just copy and paste them into wordpad, save them and then load them up in c-froce as txt files, same for the wordlist

thchog

  • Post Rank: 2
  • **
  • Posts: 30
    • View Profile
C-Force help please!
« Reply #3 on: April 09, 2006, 07:11:19 AM »
I did not write, or in anyway assist in the creation or content of these docs, just know where to find stuff. 2 diff tuts below, you should need no more assistance, if you do seek deny/ice/xisp/ or the likes....

Code: [Select]
Section 1:Getting Started

A)Members Url:
B)Proxylist
C)Wordlist

Section 2: Settings
A)What to check
B)What to NEVER check

Section 3: Checking Hits

A)Correct way to Check Hits
B)WRONG way to check hits

__________________________________________________ _________


Section 1:Getting Started


So you want to crack some form sites. Let's get a few things straight first. You will need the following: C-Force,proxylist,and wordlist. You can get C-Force at
http://www.deny.de/phpbb2/viewtopic.php?t=13951

Good wordlist and proxylist our avaible here on the xpw forum. Once you have the needed tools to begin with please open C-Force and click the Auto tab located between the Student and Pro tab.

Note: C-Force will NOT crack OCR forms!!! OCR forms are form sites that have a code verifcation in a box.




1.A) Members Url:

You will need to get the correct members url. You can get this by click on the members access section. The form site I am cracking today is http://brownhairgirls.com. The correct members login for this page is
http://brownhairgirls.com/login/login.cgi

You will need to place the Member's url in the Url box in C-Force located under the Tab "Auto."

1.B) Proxylist:

You will need a good list of anon proxies. Please check your proxies in Charon. A list of atleast 300 anon proxies should sufficent. Once you have a checked list of anon proxies you will need to load them into C-Force. Please click the Load Tab beside where Proxy-List: is. Find your proxylist on your computer. Now click your proxylist, it should become highlighted in blue. Then, click open. Your proxylist should load into C-Force. C-Force will let you know if the proxylist has been loaded.


1.C) Wordlist:

You will need a good wordlist in order to crack form sites. You can get a good wordlist in the XPW forum or you can make your own. Now that you have a wordlist please click Load which is located beside Combo-List: Find your combo list on your computer, click it and it should be highlighted blue, then you should click open. This will load your wordlist into C-Force. C-Force will let you know that your combos have been loaded.

2.A)What to Check

First thing you want to do is make sure you have the correct settings checked. If you do not check the right setting C-Force will not work properly.

Things to Check:
1)Autoload default proxylist (this will make things easier will open the directory of your current proxylist when you click load proxylist.

2)Skip proxy anonomy test: (this will skip checking to see if your proxys are anon. Use this option if you have already checked your proxies in Charon.)

3)Auto-Find Analyse Proxy : (this will automanicly load a proxy to analyse your site with.)

4)Check for blocking pages using proxy: (this will check for any pages that are blocking pages.)

5)Spoof Check: (this will check to see if there are any spoofs for the url)



2.B) What NOT to check

Please NEVER check the following.

1) Use proxy for analyses: (this will really fuck up your test on a site because it will not analyze the site correctly)


2) Bruteforce without proxies: (NEVER NEVER EVER CLICK THIS)

Unless you want sit in a jail cell sharing a bunk with your friend Bubba.


Section 3: Checking Hits


3.A) Correct way to check hits

The Correct way to check form site hits is to go to the login page and enter them manually.


3.B) WRONG way to check hit

This would be clicking the link. You should never click the link in the format of http://user:pass@site.com/memberspage/

This option is NOT for form sites. Its for regular site with Basic Authenication (pop-up login.)



Cracking Literature and Images are Property of SexualXac. If you steal my work and call it your own. I will literally fuck you up.

Thanks, Happy form cracking to you all!!!!!!!

and a better one is INTRODUCTION:

C-Force is a bruteforcer in the purest meaning of the word. It has been designed to test a list of username and password combinations against the login of a site. It allows a webmaster to test the security of his site against bruteforce attacks. C-Force is build so that it detects the type of protection and it will perform a bruteforce test according to its analyse, at the moment C-Force recognises basic authorization and form logins (without verification code) for http sites. C-Force works with full proxy support or with direct connect, it also has a link-checker for fast checking of a list of logins.
SPECIAL NOTE:
C-Force is as good as your wordlist, this means if your wordlist is outdated and has no working combo in it, then you can't get a hit with C-Force...
C-Force needs proxies... and anonimous ones... and as many as possible if you want toperform an anonimous test.
BASIC THEORY:

These are the basic steps for bruteforcing a site :

Find the member-url
Find proxies
Find a decent wordlist
Test proxies for anonymity
Test proxies against the site
Test combo-list against the site using the proxies
Find the member-url

In most of the cases this is the url that gives you a pop-up box that asks for a username and password or the url that shows you a form where you have to fill in the username and password. Usually there is a link to that url on the main page of a site.

Find proxies

The easiest way is getting them from the dump sections on various proxy/security boards. But you can also Google for proxies (enter in the search tab for instance "xxx.xxx.xxx.xxx.8080" with xxx.xxx.xxx.xxx the IP of a working proxy, you will be surprised by the results. Also note the "." before 8080). And if you look around in the tool sections of various boards you will certainly find tools that can leech proxies from the web.
Find decent wordlist

Again the dump section of boards. But to really have good wordlists you will have to spend some time on searching and filtering. I am sure there are enough tutorials around that explain how to build a good one. But I'll give a few tips. First of all you have to use topic related combos. This means if you want to get into a specific themed site you waste your time if you use combos that come from totally different themed sites. A tip to start your search is again Google. You can do a search for the memberurl in google search... pretty good chances that you find a few combos for that site but if all tested combos are excellent, use those combos to search for new combos by putting a combo into the google search. You will defenately find lists with logins or combos. Now it's time to start filtering... I know there are tools for that, I only don't know them as I mostly use a combination of my own tools. You can filter by specific theme words and only keep logins for similar themed sites, imho thats the best way to get a decent combo list from scratch.
Test proxies for anonymity

For that you can use C-Force. Load your text file with your proxies into C-Force. Make sure you have decent judges in your judgelist (settings-tab). To be 100% sure that your judge is working, test it in your browser and then put it on top of your judgelist (use the right-click menu in the judgelist to move judges to the top of the list)

If you don't test the judges, C-Force will try the judges of your list one by one until it finds IP's in the returned page and then it will use that judge to do the test, but it is not a guarantee that your judge is actually working well. The best test is the test in the browser.

There are also other good tools around to test proxies. Charon made by Rhino can be launched from within C-Force but there is also Proxyrama by Gaamoa or AAtools.

C-Force will only keep the proxies that does not return your own IP and it will remove gateway proxies (ranges of proxies that show the same IP)
After the test you have a list of different IP's to start your actual bruteforce session.

Test proxies against the site

You can't set that in C-Force simply cause C-Force is doing that automatically while bruteforcing. Why do it separately if it can be done in the process itself.

If you really want to do it you can use Charon. It will make C-Force a bit faster in it's test but remember that the difference in speed is very very low if you see the complete process. In fact theoretically C-Force should be faster cause the first connect with a working proxy is already used to test a combo whereas you test against the site no combo is tested and that connection is wasted... so it all depends on how you look at it.
C-FORCE IN PRACTICE:
STUDENT-TAB:

Here you can find info about any word you see in c-force (on buttons, labels, checkboxes etc...)
try: ?member-url or ?wordlist ...
AUTO-TAB:

This is the most important part of C-Force, it should handle 95% of all form & pop up sites.
Enter :
the member url
a proxy list
a wordlist.
Press START: C-Force will autodetect what sort of site it is (form/basic) and set the correct postdata, refresh handling and keywords.
C-Force shows a "hit".... what now???
Rightclick on the hit and you get a new menu.
Select "show info in debug" and you will see the received content for that combo. If it is the member-page then you have a working combo and i advise you to do nothing but if it is not the member page then return to the auto-tab, right-click again and select "Mark as failure". Then C-Force will adjust it's keywords and no more of those fakes should appear. Sometimes you get a proxy related reply, again return to the auto-tab, right-click the specific combo and select "Mark as proxy-block". If you want to check the hit in your browser : at the bottom there is the ">>>>>" button, it will launch the specified site in your default browser.
PRO-TAB:

In most cases you don't need that one. I've been able to do most with the auto-tab so far, but i made the pro-tab in case there was a site that slipped true the C-Force detection module. C-Force can work with your own keywords (failure, success, block) in the pro-tab. If you really want to interfere in the process then this is how the pro-part works:
Enter the member-url in the "main url" field.
Press "Analyse" and c-force will analyse the given url.
Modify the received values according to your wishes. (different referer, different action url ....)
Enter your own keywords in case you don't want to use the build in keyword handler, be sure you unselect the use of the build in handler in that case.
Press "Bruteforce" and it will get you to the AUTO-tab.
Load proxy- and wordlist.
Press "START
Notes:
If no protection found, you can still force the tool to work but be sure you have these values filled in:
Action url
Type : basic (or form)
Method : GET (or POST)
When analysing an url with forms you can see the different forms in the form-tab, eventually you can select one and place it in the desired field.
If you work in PRO mode it is displayed with a (PRO) in the auto tab next to the url line. Rightclick- mark as failure etc. is disabled in PRO mode
PROXIES TAB:

Here you can manage and test your proxies. With the load button you can load a file with proxies, pressing "Test" will perform an anonymity test on those proxies. This test is done with the use of so called proxy-judges (find-add-modify them in your Settings-Tab). Proxy-judges are scripts on an external server, those scripts usually show the enviroment variables like remote-IP and Forwarded-IP. Based on the parsed IP's from the judge, C-Force can trace proxies that pass your IP. After the test C-Force will automatically remove non anonymous proxies and gateway proxies (ranges of proxies with the same IP). After a test you can save the proxies in a default list. When the option "Autoload default proxylist" in Settings is enabled, then that list will be loaded every time you start C-Force up.
Note:
- There is also a rightclick menu with a few more options.
C-Force proxytester in deep:
It makes a direct connect to the first judge in the judgelist and it parses ALL IP adresses out of the received result and considers them as your IP. (If no content is received it moves to the second and so on judge in the list untill there are IP's parsed)
It takes the first proxy of the list, connects to the same judge as in step 1, parses all IP's out of the received content and if one of those IP's matches one of the IP's from step 1 then the proxy is not anonimous. If no IP's are parsed the proxy is considered as not working.

It continues to do step 2 for every proxy in the list Result : a list of proxies that does not show your IP according to the used judge.
Also after the test C-Force will remove the so called gateway proxies . IMHO this is the most suiteable way for testing proxies for bruteforcing.

People have compared Charon with C-Force and have found out that both give approximately the same result when using the same judge. However with Charon you can do a more indeep proxytest therefor I added the possibility to launch Charon from within C-Force.
HISTORY TAB:

Here you can load your history file but also any file with urls in this format : http://username:password@site.com/members/. It performs a basic check if the login is still valid (for both form & basic authorization). In order to manage the list, there is also a rightclick menu with more options, like deduping, saving of combos only, url's only etc...

BATCH TAB:

Here you can build up a list of different sites to test with different wordlists, C-Force will test them one by one. A rightclick menu allows you to change the order or to modify existing entries. The Batch-mode works together with the Auto-mode and all functions of the auto-mode are still availeable.
DEBUG TAB:

The debug tab can be used to inform you about various things. The option menu on the left is used to preview the connections. You can see all incoming/outgoing headers and replies for all the bots or for a specific bot. I would advice to use that only when you look at the debug tab and to select the option "no debug" if you leave that tab.
On the right side you have several buttons:
With the "Session" button and the "<" and ">" next to it, you can browse the results of previous sessions.
The "Analyse form" button will parse form data out of a text in the debug window. (If you want you can also paste a text in there to analyse the forms in it)
"Parse IP" will parse all IP adresses out of a text in the debug window. Not really needed but it uses the same parser as the proxyjudge parser and therefor it can be useful to check if c-force parses a specific judge correct.
"Show url info" will show you the settings for the current session/url.
"<" and ">" are used to browse the hit debug for the current session. It only works when you have selected "show debug info" in the rightclick menu of the auto-tab.
"Clear" : will clear the debug window.
SPEED/TWEAKS/ DO and DON'T:
Speed

C-Force has been compared for speed with both AD and Sentry and has prooven to be as fast or slow. The speed depends on:
used proxies (faster and more proxies give a faster tool)
amount of retries (lower retries will make C-Force faster but less accurate)
timeout value (lower timeout will speed C-Force up but waste more proxies)
speed of the tested site (slow sites will make C-Force or any tool slow)
amount of data in the received content (big pages will be slower due to using GET) debugmode (only use that if it really needed, it slows down the process)
Tweaks:

You have not so much tweaks in CF but here are a few:
For fast analysing uncheck "autofind analyse proxy", "use proxy for analyse" and "check for blocking pages" . This will use your own IP to analyse but it has no real harm as you only test it twice with a fake pass, so all sites allow that and won't block you.
Enable "skip proxy test" if you test your list once in a while it's enough.
Lower the retries for basic authorisation, but keep them higher for form logins.
Lower the proxy connect timeout.
Do and don't

Don't use direct connect for bruteforce.
MISC:
Debug Mode (in settings-tab)

If you only do normal bruteforce tests, just uncheck debug mode. Otherwise it will collect useless huge amounts of data on your harddrive. I added it to be able to debug .... obviously.
"skip proxy anonymity test"

The proxies should be tested for anonymity to have the best results. However you don't need to do that every time you test a new site or wordlist so to avoid that c-force does the anonymity test every time just check the "skip anonymity test" and c-Force will skip it.
Skip anonymity in deep

The C-force engine is build so that it automatically is doing a test against the site while bruteforcing, the "skip anon" check is only to prevent checking the anonymity before each test. I agree that it might be a bit confusing, i should have made a check that says "check for anonymity before bruteforce" rather that make a check for skipping the test.... but as i had noobs in mind i have set the anonymity check as default, just to prevent their IP to be banned in case they had no clue what testing for anonymity means.
The "skip anon test" has nothing to do with checking against the site you can do 2 things :
UNSELECT (skip anon test) - C-Force will test the anonymity of the proxies before each bruteforce
SELECT - C-Force will NOT check the anonymity of the proxies before the bruteforce

Checking against the site is done during the bruteforce process itself and not visible to the user, it is part of the fake detection module.
Quote from Bud (XXXHQ):
"I suspect this is where the time discrepancy some people have noted in test runs between AD and C-force is coming from. I imagine a lot of time is wasted trying combos through proxies that will never connect to the site or have connected and been previously banned by the site. Especially if those combos are then tried again through a viable proxy. People familiar with AD who test their proxies against the site first before commencing a brute run are undoubtedly the ones finding that C-force is "much slower", because they're comparing actual test run times through a wordlist."
How does C-Force handle fakes?
First of all there are 2 fake detections in C-Force
during bruteforce, using keywords and by doublechecking proxies. A 401 reply is unimportant as the complete C-Force engine is based on 200ok replies and keywords.
after the test it compares all results by length and against a few keywords like member, denied etc...

Step number 2 decides what is seen as hit or fake, but it's impossible to replace a humans mind so there will be cases that c-force will switch the hits and the fakes, so hits will appear as fake and vice versa. BUT... While bruteforcing you can adjust the accuracy of C-Force by rightclicking on the combo in the hitlist. If it is a fake then just select "mark as failure" and C-Force will adjust itself.
Handling of Wordlist and Proxy load after fresh start or finished test
In most cases it can be reduced to this :


C-Force fresh started
Go to AUTO , load proxie list, load combo list, put member URL in
Hit START
New wordlist - same site as previous session
Load new wordlist
Hit start
New site - same wordlist
Enter member-url in auto-tab
Load wordlist again
Press Start
Same site - same wordlist after abort
Press Resume
Basic return codes

ALL memberpages are 200 ok and that is the only thing we're looking for. For pop-up logins: basically you can state that you have 401 for a bad combo (the C-Force engine handles all of them the way they should be handled)and 200 for a working combo. For Form-logins: Only 200 ok is good. By the way... all fakes have a 200 ok code as well. Some 200 ok however are also caused by bad proxies but these are detected by c-force in most of the cases. Some 200 ok are bad combo's cause the server sends you a different error page... C-Force can not detect it by itself but you can adjust it's accuracy during the bruteforce process.
All the other replies are caused by proxy problems, connection problems or server related problems. The better your proxies, the more decent messages you will have.
"bad server reply"

"Bad server reply" is used when you receive no header from the server.
Most of the time it's caused by bad proxies or sometimes when a server is overloaded or even your own system is overloaded (too much traffic on your connection)
But you can always enable debugmode... C-Force then saves all actions (sended headers + received headers and content) in files per bot.

Thank-you to Hobel6 & Carpetboy
     


Code: [Select]
Short guide for C-Force....
Most of this you also find in the student tab if you ask help for specific words like ?bots, ?proxy ...... or if you use the guided session. But i'll explain a bit how to use C-Force to get the best results.

First of all you have to know this....

1) C-Force is as good as your wordlist, this means if your wordlist is old or has no working combo in it, then you can't get a hit with C-Force...
2) C-Force needs proxies... and anonimous ones... and as many as possible.


STUDENT-TAB:

Here you can find info about any word you see in c-force (on buttons, labels, checkboxes etc...)
try ?member-url or ?wordlist ....

AUTO-TAB:

This is the most important part of C-Force, it should handle 95% of all form & pop up sites. You have to enter the member url, proxy list and wordlist.
(be sure your proxy list is tested for anonimity)

Then press start

C-Force will autodetect what sort of site it is (form/basic) and set the correct postdata, refresh handling and keywords.

C-Force shows a "hit".... what now???

1) rightclick on the hit and you get a new menu.
2) select "show info in debug" and you will see the received content for that combo. If it is the member-page then you have a working combo and i advise you to do nothing then. But if it is not the member page, return to the auto-tab, right-click again and select "Mark as failure". Then C-Force will adjust it's keywords and no more of those fakes should appear.

PRO-TAB:

In most cases you don't need that one. I've been able to do everything with the auto-tab so far, but i made the pro-tab in case there was a site that slipped true the C-Force detection module.


SPEED/TWEAKS/ DO and DON'T:

1) Speed

C-Force has been compared for speed with both AD and Sentry and has prooven to be as fast or slow. The speed depends on

- used proxies (faster and more proxies give a faster tool)
- amount of retries (lower retries will make C-Force faster but less accurate)
- speed the tested site (slow sites will make C-Force or any tool slow)
- amount of data in the received content (big pages will be slower due to using GET)
- debugmode (only use that if it really needed, it slows down the process)

2) Tweaks

You have not so much tweaks in CF but here are a few.

- For fast analysing uncheck "autofind analyse proxy", "use proxy for analyse" and "check for blocking pages" . This will use your own IP to analyse but it has no real harm as you only test it twice with a fake pass, so all sites allow that and won't block you.

- Enable "skip proxy test" if you test your list once in a while it's enough.

- Lower the retries for basic authorisation, but keep them higher for form logins.

3) do's and don'ts

- Don't use direct connect for bruteforce.
- Don't lower the timeout

This tut was written by Carpetboy

switch

  • Post Rank: 2
  • **
  • Posts: 15
    • View Profile
C-Force help please!
« Reply #4 on: May 18, 2006, 12:06:50 AM »
yea what he said.

quickly

find newly posted proxies>test them>run cforce>auto tab>proxy button on right>load from directory>go>enjoy

rolex77

  • Newbie
  • *
  • Posts: 1
    • View Profile
Re: C-Force help please!
« Reply #5 on: May 31, 2009, 10:24:28 AM »

I have a problem with the program .... I think I do ok ... Proxy-load-save-Charon-anon .. save ..... PRO-page h ** p / members .... com /-analysis (the base, get ..)... automatically load the proxy (anon)-load-wordlist START ... has 10 hits, of which fake .... 1 of these 9 no not work ... What do I need to make that work?

I apologize to the poor English language

BrainReader

  • Newbie
  • *
  • Posts: 1
    • View Profile
Re: C-Force help please!
« Reply #6 on: December 07, 2010, 06:27:30 AM »
thanks guys
useful for me

 

anything
anything