đź”– Cracking For Beginners | Get Started

Cracking” is the act of obtaining unauthorized access into a computer system without the user’s permission and knowledge. Cracking doesn’t require extensive hacking knowledge and capabilities, but rather a persistence and the dogged repetition of tricks that exploit common weaknesses in a targeted system or account!
so this is a question, what is cracking used for?!
for example, you don’t have money to buy expensive game’s! and also you really want to play that game! so you can crack other people account and use them for free!

account cracking almost a simple process! you just need to put Email and Password on Login webpage and if the email & pass was correct you can access to the account and do but never you want and if it’s incorrect you need to use other email and password! for that you need to use crackers, checker/cracker is a program to check all email: pass to the login page! and if a some of them was correct, program give it to you as Hit
you need to use crackers/checkers and combo list:

Combolist is actually info that you need to put into a Login page to access the account! we have 2 type of combos!

Email:Password = [email protected]:admin123
User:Password = yourname:admin123

You need to use E:P for the site’s that you need an email to log in at it same about U:P combo!
E:P to site’s like origin, facebook, Spotify, Uplay, ETC
U:P to site’s like Steam, Instagram, and also you can use both E:P and U:P to same site’s! like Instagram, origin, and more
we have 3 methods to get ComboList!

1- dumping combo’s from Databases User SQLI Dumper!
2- Leech Combos from sites like Pastebin!
3- buy combos from guys who sell it!

for the first method we looking after this post!
the second method it’s so easy! you just need to download PastebinLeecher, put your keyword and leeching combos!
How to make combo using SQLI Dumper
Sentry MBA: A Tale Of The Most Popular Credential Stuffing Attack Tool
if you want to crack specific site account but you didn’t find any cracker for that site you can use sentryMBA and make a config for that site and start attacking them!
also making config for sentry doesn’t easy you can watch this video it will help you a lot.

there are just a few ways to crack accounts!
1- using crackers/checkers to crack accounts
2- using sentryMBA or Openbullet ( is best for newbies ) for cracking!
3- using AIO for MailAccess Cracking! (the Easy way)
some of them try hard to make crackers broken just like PSN … but crackers do they ways and try to find a bypass!
these are some issues in cracking
– IM NOT ROBOT! (GOOGLE RECAPTCHA) And Captcha(you can bypass it with SentryMBA) for Recaptcha there are some site’s that you can pay them for bypassing recaptcha like DBC, 2captcha, ETC ETC

– Account 2step verification
– Account Guard(Email, Phone)(Steam)
– some of them get account limited if the passenger access to the account like Paypal

– don’t tell anyone your main password!
– don’t click on any link!
– don’t use public email and password for your account!
– don’t use easy passwords for your social media accounts
– don’t trust anyone!
– don’t download any app! run them on VM or Sandboxie

– I always say don’t use your own PC for cracking and stuff like this! why?!
cause cracking need HQ speed Internet and traffic
– your IP address will be ban by google
– take a lot of time (For example using NLbrute can spend time about 23H or + )
– can take serious damage on your PC! (this happens on my own)
so what we can do for cracking!?
you need to buy RDP/VPS from databases! like Amazon, 1&1, GoDaddy, AmazingRDP, ETC ETC

Remote Desktop is a program that allows you to connect to your Windows VPS machine from the remote location and allow you to take a complete control of that virtual machine.
the virtual machine is just like other PC’s and laptops, it has windows but! it has more power and more speed than your own computer! you can crack any type of account with that faster/safer

A proxy server is a dedicated computer or a software system running on a computer that acts as an intermediary between an endpoint device, such as a computer, and another server from which a user or client is requesting a service
for example! you test about 10 email and password on random login page! and the site gets your IP address ban Pepe that’s why you need to use Proxies!
we have some Proxies Types and levels!
An anonymous proxy does not send your real IP address in the HTTP_X_FORWARDED_FOR header, instead, it submits the IP address of the proxy or is just blank.
A transparent proxy sends your real IP address in the HTTP_X_FORWARDED_FOR header, this means a website that does not only determine your REMOTE_ADDR but also checks for specific proxy headers will still know your real IP address.
An elite proxy only sends REMOTE_ADDR header, the other headers are blank/empty, hence making you seem like a regular internet user who is not using a proxy at all.

Happy learning!


Hello, newbie! If you don’t know about cracking terms (NFA, Leecher, SQLI, Proxies, Dump, Elite, UHQ, etc) or don’t know about general tools, don’t worry!

In this post, you will learn:

  • Terms (Database, SQLI, Leecher, Dorks, Proxyless, etc)
  • Basic information (Quality, Account types, etc)
  • Popular tools (SQLI Dumper, Ez Searcher, etc)

VM & Sandbox (or Sandboxie)

  • Softwares for protecting your device, cracking is dangerous since it uses tools that has viruses. So to protect yourself from these unknown tools malware, you uses VM (Virtual machine) where you can create your another window clone or an actual device with specific specs (lower than your actual specs). When you are in VM, you have no risk at all, everything that is happening in VM has nothing to do with your device, even if it dies you will be safe. Sandbox (or Sandboxie) is also similar to Virtual machine, but instead of creating whole clone, it just run your specific program in kind of guest mode, it can’t do anything to your actual device.

RDP (or VPS)

  • RDP stands for Remote-desktop control, where you can control some other computer in your device. VPS stands for VIrtual Private Server, VPS is same as RDP but the only difference is RDP can have more than 1 user whereas VPS is only for 1 user and its actually a server not a computer. Doing anything in RDP is basically same as doing anything in VM, it can’t do anything to you.


  • A specific word that you are going to use. Using high quality keywords will get you high quality accounts and low quality will get you messy and bad accounts. It can be something like “Netflix, Minecraft, Amazon, Spotify” for grabbing Netflix, minecraft, amazon and spotify accounts. In normal keywords, you will see “Netflix show …, Netflix sign in”.


  • A tool that perform a search in some search engine (Google, Bing, AOL, etc) for each keyword to get results from websites. Normally, this tool is used for grabbing accounts through websites like pastebin, throwbin.io , etc.


  • A database is where every data is stored, customers’s name, email, password, address, credit card, etc all things are stored there (data depends on website and is always different, if its shopping website, it has credit cards and for gaming, just username, email and password.)


  • SQL stands for structured query language, and I stands for injection. Structured query language injection, is a method to mess with a website’s database. If you are successful, you can get website’s database and customers data.


  • Dorks or advanced version of keywords, to find websites with advanced query options where we can use SQLI to get website’s database.

Popular Tools

  • Keywordtool.io : Get popular keywords.
  • Slayer Leecher: Leecher that scrapes accounts from google, bing, pastebin, etc. It uses normal keywords + this tool can get you banned from pastebin and google.
  • Ez Searcher: Uses dorks and searches for websites links.
  • Site Hunter: find websites where you can use SQLI, filters out normal and injectable websites.
  • SQLI Dumper: Dump or get databases from websites using SQLI

Hashed/Hash passwords

  • Passwords which are hashed means changed from simple 123 to difficult 202cb962ac59075b964b07152d234b70 (hased form). Now, all hashed passwords uses some kind of algorithm to generate hash and its different for all, some are too easy to bypass and some are too hard. You can eiter use something called brute-force tool or decrypter tool, the decrypter tool which takes hashed password and change them into normal 123 form and brute-force tool try to find if hashed password was leaked before and there is already decrypted form online, it tries to match each online hash with password hash until it finds the corrent hash.

Ranking is from lowest to highest.


  • [Tier IV] Mix (Quality is random, it can be good or bad.)
  • [Tier III] HQ (High quality, surpassing normal and mix quality)
  • [Tier II] UHQ (Ultra high quality, worthier than HQ quality)
  • [Tier I] Private (Its private, no one knows about it except host, its not leaked or shared anywhere except to you)
  • [Tier ?] ++ (Far greater, e.g. UHQ++, 2x Greater than UHQ. Most UHQ combolists on nulled are actually HQ or Mix)


  • [Tier IV] Free Proxy (lazy type of proxy, this type of proxy will die soon, it does not matter if its Transparent or Elite since its public and people will start abusing it)
  • [Tier III] Transparent (Worst type of proxy, switches actual IP location to somewhere and shows proxy IP but website can still get your IP through request data)
  • [Tier II] Annoymous (Normal type of proxy, website don’t know your actual IP but knows that you are using a proxy)
  • [Tier I] Elite (High type of proxy, website don’t know your actual IP and that you are using a proxy)


  • [Tier VI] Bad (Its a invalid account, it does not exists or something is wrong e.g. email, password, username, etc is invalid)
  • [Tier V] Good, Hit (Its a valid account, you don’t know anything about it or in other words, capture-less e.g. unknown if its NFA, SFA, MFA, etc or what its name, id, rank, etc is)
  • [Tier IV] NFA (Non full access, you can just use it, you can’t customize anything. You will get this type of account very cheap)
  • [Tier III] SFA (Semi full access, you can use and change some stuff of it but not all e.g. email. You will get this type of account at cheap price)
  • [Tier II] FA, MFA (Full access, Mail full access, you have full access over email and whole account settings. This account price is slightly lower than actual official price)
  • [Tier I] UFA (Unmigrated full access, its not migrated to latest yet, you have full access to account & its extremely rare. This account price is unknown but normally, its higher than FA account price)


Happy learning!