How To Brute Force

[Flawless]

C-Force Tutorial


C-Force is gr8 bruteforcing tool from carpetboy. U can download it from: (https://carpetboy.deny.de/CFV100in.zip) it's very important to install this software from installer because C-Force to run need some libraries in windows and installer contain'em. Why C-Force is so gr8? Because is very simple in use. For more demanding users i recommend to use sentry but even they can found some nice parts in C-Force. Ok after installation run our C-Force using shortcut from Start menu in our windows. When u run software there'll be some "intro" u need to wait. After it u'd see the main program window in top section of our software u see book marks: (Student, Auto, Pro, Settings, Debug, Proxies, History, Batch, General) ...

Settings tab:

First we need to configure our tool to do that u need to click on "Settings" bookmark then u should see boxes with tick-on option. We need to uncheck "debugmode" and "show startup screen" options they're not needed for bruteforcing. We can also customize layout of C-Force by clicking on "Colours" button on the right. "Wordlist startposition" there we can put since whitch one combo we'll start our test default is "0" this option is very usefull if we for example end our test on 5000/10 000 combos and later we can continue our test without checking again those 5000 combos now we dont need to use it. "Stop after" and number of hits there we can set it for example if we have passfile to a specific site and we want to crack only 10 passes we just need to put "10" in pool. "Use combo lenght filter" mostly we don't need to use this option because before cracking we should to filter out our wordlist using some tool like a raptor3. "Autoload default proxy-list" it's nice because if we're gathering all proxies in the same *.txt file then they'd be automaitaclly loaded on start-up we can choose the path to our list in "General" bookmark but we'll go there later. "Skip proxy anonimity test" u need to check this option on 100%! Why? Because before each cracking our proxies'd be checked for their anonimity and it'll take so long i sugeest to do anonimity test before cracking with some nice tool like a charon. "Auto find analyse proxy" just uncheck it. "Check for blocking pages using proxy" we can set it if we want to do blocking pages test its recommended for better cracking but i personally dont use that so it's your choice but for sure u need to uncheck "Use proxy for analyse" option it'll really screw up our site analyse process anyway best proxy'll be used automatically to do that. "Spoof check" hmm it's your choice if u want to use it u can check it but it isn't needed for bruteforcing. "Bruteforce without proxies" remember to uncheck it! You know bruteforcing without proxies is like a girl without tits. "Proxy connection timeout" it's your choice but i recommend to use ther 10-15 secs... "Amount of retries" it'll depend on our speed of cracking process it's also your choice default is 5 but i recommend to use 3. We can leave proxy judge pool empty because we won't do proxy test in C-Force.

General tab:

In general tab u can set some nice things. "Wordlist & Proxy directory" put there path to directory where u have all proxies and wordlist it'll default folder for C-Force so u'd have everything near. "Expert settings" there u can use custom history saving filter it's very usefull because u can save your passes as u want. For example if u want to save pass in form mpgh://[u]:[p]@site proxy: u need to use settings: mpgh://<<u>>:<<p>>@<<s>> proxy: <<pr>> for more u need to check the legend above it.

Pro tab:

Ok here we go. It's most important tab in our C-Force tool. This tool is able to crack form based sites, basic authorization sites and some ocr sites. We need to take our members area url for example "https://ddgirls.com/members/" and put it to the "Main URL" pool then tick option "Use build in keyword handling" and click on "Analyse" u see now "Action URL" pool should be fulfilled automatically. In gray pool below we should see the response "source code" of site. We can save our settings after analyse it's very usefull if we use hitwords of failure keys what that means? For example failure key is: "login failed", "authorization required" and some success "members area", "permission granted" each site have her specific keyword if we want to use'em we need to untick box with option "Use build in keyword handling" before analyse then analyse our site and put your key without quotas <title> and something like this in hit word pool or failure key pool. For beggining i suggest to use build in handling. after analyse is done we can click on "Bruteforce" button it'll redirect us to the "Auto" bookmark.

Auto tab:

Here we can set our number of bots it's yours choice but i recommend to use 20-30 for basic authorization sites and 5-20 for form sites. Remember to load yours wordlist and proxy-list without it our cracking process wont beggun. If analyse step was did right on right side of "Url" pool we should see character text "(PRO)" marked on red if we don't see this we should to do analyse process again. When everything'll be ready hit "START" button to beggun the bruteforcing process. When C-Force'll found some hits click on'em RMB and use "launch in browser" command or "mark as failure" if it's fake after it more kind of same fakes shouldn't show again. If we choose "mark as hit" C-Force'll know that it's working hit and hitword'll be added. We can also clipboard our combos with url and other things but usefull option is "Show debug" then C-Force'll redirect u to the "Debug" bookmark and u'd see our hit page sourcode. C-Force offer also Automatic batching so u can order to crack the 5 sites automatically without your interruption. You see that C-Force is very intuitive tool but very good i use him well and he work fine for me. We wait of course for new version of this great tool.