Munga Bunga Password Cracker
Munga Bunga's HTTP Brute Forcer version 1.0.2 (Build 2)'The rules have changed, hack while you sleep'.the 20 th January, 2000 - Munga Bunga from all,It's me again (Munga Bunga, nickname only) and I'm here with another piece of freeware software for you all.Quick Introduction for this document!This document has been updated since the previous release! An updated version of this document can always be found at directly if this is not the current version at this given point in time.I shall use the term 'hack' and the term 'brute forcing' interchangeably in order to form an abbreviation, in no way am I implying illegal hacking activity, but rather productive password retrieval methods as applicable by the Terms of Service expressly described in the Disclaimer at the end of this document.You must read the disclaimer at the end of the document before using the software. In addition, please read the footnote(s) associated with the sentence referencing the footnote(s) on each occasion.Hotmail Hackers! Please read the 'About Hotmail Hacking' section before using the software with the Hotmail Hacking Definitions.You may distribute this software in any form, as long as the contents are the exact same, and there are no additional, missing, or modified files in the archive.
You may distribute this software using any tangible storage media, other TCP/IP, UDP (the 'Internet') connection and transfer methods, or any other applicable method without limits.Thank you, once again, to User Not Definied (James) for proof reading this document.What does this software do?For those of you who thought Hotmail and Yahoo were unhackable, think again!It's a Brute Forcer, which uses the HTTP protocol to establish its connections. In English, this means the program tries various passwords for a given username (called brute forcing) and verifies whether those passwords are correct for the given username within the HTTP protocol (meaning, via web page connections).You can hack into any form you see on the Internet, this means any web based email account like Hotmail, Yahoo, Excite etc or even affiliate accounts like AllAdvantage, GoToWorld, LinkExchange, or even actual Web Sites and many more. Basically, any thing that can be entered via a HTML form with a password and username, you would be able to brute force into with my program. The sky is the limit, it can even be used as a DoS (Denial of Service) program but I do not encourage such behavior and shall not be held responsible for your illegal doings.Ok, so how do I use this thing?Basically, you must have a password file in order for the program to attempt, and try to enter the account(s), with the specified passwords. I included the pass.lst file for a small password list sample.
Typically you would want a larger password file if the pass.lst doesn't work for you. Look for them online (search engines) by using services such as Google.In addition, you must have a definition file for the form you want to crack into. Now I have written definition files for some forms, like the hotmail login form and some others. However, if you need to crack into another server/form, then you would need to write your own definition file. Writing definition files are explained later in this document.New Improvements in version 1.0.2 (Build 2)!1 Fixed some confusing run-time error bugs with data validation (Thank you Lathem for the bug report(s)).2 There was a problem when the program tried to retry passwords with errors, (run-time error), that has been fixed.3 Optional GET and POST Methods were added for data submission.4 Added the option/ability to retry passwords with errors (passwords that couldn't be verified), or ignoring them (not recommended). They are retried by default, but now it's optional.5 The Yahoo!Geocities Definition File was created and added. You can use this Definition file to brute force into Yahoo and/or Geocities accounts, as they are now apart of the same system (merger).What are the features of Munga Bunga's HTTP Brute Forcer version 1.0.1 (Build 1)?1 You can hack while you sleep (without monitoring the Munga Bunga's Brute Forcer).
When the program is running and you unexpectedly disconnect from the Internet, the program knows that you are no longer connected instantly. Hence, it pauses the hack for you, then reconnects to the Internet, and resumes hacking automatically, without any intervention on your behalf 1. This feature is does not exist in any other brute forcing software!2 You can run it on multiple threads (maximum of 10 threads). This is also a very wonderful feature, which I don't see to often at all. Hence, you can run the brute forcer on multiple ports at the same time.
GETTING STARTED:1. Download and unzip JtR (John the Ripper)2. Open your Login:EncryptedPassword list in a text editor.making sure it follows the format shown above i.e.
Munga Bunga Password Crackers
Login:EncryptedPassword and is free from garbage, then save it as pass.txt in the 'run' folder of JtR.NOTE: JtR is a MS-DOS programme, so to get it running you need to open the good ol' MS-Dos window, by clicking the 'Start' button in windows and selecting 'Programs' then 'MS-Dos Prompt'. You should then see a black background window appear with the words 'C:WINDOWS' in it.3. Ok, we need to change the directory to the JtR folder, do this by typing 'cd c:johnjohn-16run' (or the folder location of john.exe) in the Doswindow then hit 'Enter'.The Dos prompt should now read 'C:JOHNJOHN-16RUN (or similar depending on your JtR directory)4.
Now you are ready to run JtR commands to decrypt the passwords. All the commands below assume you have called your encrypted password list 'pass.txt'5. Type 'john.exe pass.txt' (without the ') and your password list will start decrypting, this process can take a very long time perhaps a week or two for a complete decryption, but you should see results in minutes. The reason it takes so long in some cases and quicker in others is due to the 'crack mode' and the complexity of the password.The good news is JtR will run quietly in the background while you get on with other things. Note: I wouldn't advise using it with the latest 3D shoot 'em up but it has had little effect on other types of programs I run.6. To see your progress press any key (e.g. You will see:guesses: 46 (number of cracked passwords so far)time: 0:10:19:57 (how long its taken so far)(3) (the current crack mode eg 'incremental mode')c/s: 31693 (the crypt per second speed or cracking attempts per second)trying: Saglty1 - aric099 (thats what its trying when you hit the key!!;)7.
To stop the process press Ctrl & C or Ctrl & BreakMODE SETTINGS:If you used the default command 'john pass.txt' then this will try 'single crack' mode first, then use a wordlist with rules, and finally go for incremental mode:-'Single crack' mode (takes the logon or username and checks that against the password, also performs variations on the logon.) Example - user:user1- A wordlist with rules (uses the file password.lst and checks that against the password, then applies rules as listed in john.ini) Example: Without rules: 'abc123'; With rules: '321cba'- Incremental mode. The looong one!!
Creates all possible combinations of words, numbers and characters to crack the password. Bruteforcing Programs:.Accessdiver (AD) by Jean Fagesby Sentinel:by Madmax(specifically for FORM sites) by SSS -By Ken78x (specifically for form sites and httpS form sites)by Sentinel (For form sites that require an OCR t4wsentry.pl)by Gamoaa -by Zachary P.