Monday, March 31, 2014

Introduce Sentry MBA 1.4.1








1. Quick Launch Menu
  
2. Main
  
  A. General Settings
  B. Simultaneous



3. Wordlist



4. Proxy


  A. My List
  B. Black List
  C. Analyzer
  D. Options
  E. Statistics





5. History

  A. History
  B. Options
  C. Reply





6. Manager





7. Fake





8. Settings





9. Misc

 A. HTTP Debugger
    a. Main 
    b. Page Viewer
    c. Options
  
B. Auto-Pilot
    a. Task List
    b. Options
    c. Results





10. Progression

  A. Bots
  B. Replies









1. Quick Launch Menu




Quick Launch Menu (upper right corner, button with the exe icon) is a way to start your favorite programs through Sentry. Just open a Path To Exe file using the open button in the editor. The name is filled in, by Sentry, of the program you chose according to the filename of the program. The icon is ripped from the Exe file to better identify your programs. Then hit the Add button to add the program to the Quick Launch menu. Close the Quick Launch Editor and click the Quick Launch Menu to see the program you added. Everything is editable, except for the icon.



2. Main



The main page has all the general options. Let's go through each one in detail.



A. General Settings



The Slider at the top determines the Speed of Sentry, or how many bots you want Sentry to launch. It is recommended to use between 30 - 50 bots with DSL/Cable or higher, and 15-20 bots with 56K Modem.





When Set Length Filter is checked, you have the ability to kill certain words in your wordlist. Which means, say you are testing a site that restricts usernames and passwords to 6-8 length. Using the Length Filter, you can check it and type 6 in the first textboxes and 8 in the second textboxes.



IE. Username: 6 to 8

Password: 6 to 8



This would effectively filter out any combos which are not at least 6 characters in length and at maximum 8 characters at length.



Wordlist Position is exactly what it means. It is the position at which Sentry is at your wordlist. So if you want to start with the first combo in your wordlist, you would either move the Slider to 1, type 1 in the textbox, or hit the Reset Button to the right of the Slider.





The Wordlist Position Slider is moveable during a test. This mean if you are in the middle of running a site and you feel the need to move to the end of your list, you can simply drag the slider 3/4 of the way and Sentry will immediately begin testing combos from that position. You can also go backwards during a test. If you start a test without realizing that you are 3/4 into your wordlist when you pressed the Start Button, you can hit the Reset Button and Sentry will start from the beginning of your wordlist without you having to restart the test and resetting the wordlist position.





Bots Timeout in x Seconds, where x is a integer which must be greater than 0.



Sometimes, during testing, a proxy decides to hang or take a really long time to reply. With this option, you can have Sentry retry combos with a different proxy if the proxy takes longer than x Seconds. After x Seconds, the request is aborted and retried with a different proxy. This will speed up testing when using some slow proxies.



Options



Agent - Simply defines the Agent Field of an HTTP Request. This field is used for the server to effectively identify what type of browser or agent is being used to connect. This is also the same field which can identify the Operating System you are using. The Default Value will just give the server some version type of Mozilla.



Referer - This defines what Referer Field you want to send to the server. The Referer Field is used so the server can tell what web page referred you to the current web page you are requesting. The two options, <BASE URL> and <MEMBER URL>, can tell Sentry to use the Base URL, or the Member's URL as the referrer.



I.E. http://www.somesite....bers/index.html



Base URL = http://www.somesite.com

Member URL = http://www.somesite....bers/index.html



Debug



Everytime you receive a hit, if Write Debug Information on Hits is checked, Sentry will dump the Header and the Source returned from the server in a file called Debug.txt



Request Method



This is the method which Sentry will use to send your requests. HEAD just returns the Header Response from the server. GET retrieves both, the Header Response and the Source of the webpage. Obviously, HEAD uses less bandwidth and is faster because it doesn't return the source of a webpage.



Control Panel



Load A Snap Shot will allow you to load a Snap Shot's settings into Sentry. This is useful if a site you are testing behaves the same as another site which you already have a Snap Shot for. You can just load the Snap Shot for that Site, change the Site: field and run the test.



Save A Snap Shot will allow you to save a Snap Shot's settings to a *.sss file. It is a good idea to save a "default.sss Snap Shot so you do not have to untick and clear all the fields in Sentry when running a standard test.



Send To Auto-Pilot sends the current site to the Auto-Pilot's Task List.



Snap Shots



Snap Shots is a feature that will save you time.



A Snap Shot is basically what its name describes it as. When you test a site for the first time, a Snap

Shot is created. What this file contains is all the essential details in Main and Fake tabs.



Wordlist, Wordlist Position, and Proxy Information do not save.



Here is a list of the options that are saved:

- Site's member URL
- Bots
- Length Filter
- Timeout
- Request Method
- Ban Proxy On Key Phrase
- Ban Proxy On 200
- Success Key Phrases
- Content-Length
- Check Hits
- Custom Hit Response
- Use Same Fake Proxy



The engine is built even so you can use shortcuts once a Snap Shot exists. For instance, you open up Sentry

and decide to run http://somesite.com/members/index.html



If you have a Snap Shot of that site, you can just enter somesite.com in the Site ComboBox. Sentry will automatically detect that you have a Snap Shot of that site and will ask you to load it.



In the above case, if you load it, the Site ComboBox will now be replaced with the Member's URL saved for

that site. If you choose not to load it, be prepared for a lot of 200 responses :)



B. Simultaneous



Enable Simultaneous Testing



Simultaneous Site Testing is an option which allows you to test multiple sites simultaneously. How this works is say you have a list of sites you want to test, let's say 3.



Using this option, you can put the first site in the main Site ComboBox, then the other 2 sites in the Sites ListBox on the Simultaneous Page.



This is how Sentry tests the Sites:



Combo1 -> Site1

-> Site2
-> Site3
Combo2 -> Site1
->Site2
-> Site3
etc...



The same pool of proxies are used (My List) for all Sites, therefore, if a proxy is banned from one site, it will not be used against the other 2 Sites. This may eat proxies fast.





3. Wordlist



This Page is used to load a wordlist, and to use some manipulation features on your wordlist, if you choose to do so.



Combos is a the ListBox in which your combos will be loaded into. The Label in the upper right hand corner will count how many combos are in the current combo list loaded.



Single Lists are not supported in Sentry. Use Raptor to convert 2 Single Lists to a Combo List. Only L:P Combos are supported. Tabs are not supported.



Read Wordlist From Disk is an option which allows you to have Sentry read a wordlist from your hard drive. This can be useful if you do not want to waste the memory in loading the wordlist into Sentry. There are a few drawbacks to this option:



1. You cannot change the position of the wordlist during a test like you can when loading a wordlist into Sentry. The wordlist will run in sequential order into the end of the test.



2. It is slightly slower than loading a list into Sentry's memory. The speed difference is very minimal, almost not noticeable, but I thought I would mention it anyway.



3. You cannot use this option when using the Auto-Pilot. More on Auto-Pilot later.



Manipulation is the art of manipulating, on the fly, a combo from your wordlist.



Prefix is a term which means before, so anything typed into the Prefix TextBoxes will appear before the Actual Combo.



Suffix is a term which means after, so anything typed into the Suffix TextBoxes will appear after the Actual Combo.



Invert User will reverse the order of each letter in the Username.



Invert Password will reverse the order of each letter in the Password.



The Invert Options invert as an initial step, meaning a combo is first inverted, then the prefix and suffixes are attached to the inverted username or password.



If you do not want a prefix or suffix, make sure all 4 TextBoxes are empty.



I.E. Original Combo = username:password



Username Prefix = 100 Username Suffix = 999

Password Prefix = 200 Password Suffix = 888
Invert Username = Checked Invert Password = Checked



username will now be manipulated to 100emanresu999

password will now be manipulated to 200drowssap888



The actual wordlist is never modified.





4. Proxy



The Proxy Page handles all Sentry's proxies. It is spit up into several categories. The Slider at the top of the page controls how many bots the Proxy Analyzer will use.



A. My List



Just like in Access Diver, My List contains the proxies which Sentry will use to test a site with. Proxy Rotation is set to 1. This cannot be changed.



Do Not Use a Proxy can be checked if you do not want to use a proxy while testing a site. This is not recommended and should only be used if you do not want to remain anonymous.



Use a Single Proxy can be used if you only want to use a single proxy to run all your tests with. This is not recommended but can be used if you want to speed up testing by only using a single, fast proxy.



Status is a column which will be blank at first. When a test is being ran, all proxies which return a bad response or need to be banned for some reason will appear with their reason of why they were banned.



When you Right Click the ListView, you will see several options:



Reactivate Selected Proxies will mark all proxies selected as Reactivated. This will make them eligible next time Sentry is assigning proxies during a test.



Use Proxy in IE will set the proxy selected as your current proxy in Internet Explorer.



Load a Proxy List will load a list of proxies into My List. Proxies are compared against Black List and then loaded into the Proxy ListView. This should not be used unless you are sure you have a list of anonymous proxies that do no need to be verified first.



All other options are self explanitory.



B. Black List



The Black List contains proxies which you may think are dangerous. Load a bunch of proxies into the Black List if you never want Sentry to use them. Every time you "Update My List" in the Proxy Analyzer, these proxies are compared against the proxies in the Black List and those in the Black List do not appear in My List.



C. Proxy Analyzer



The Proxy Analyzer contains all the proxies you want to test to see if they are anonymous, or fast. To begin an anonymity test, simply click the start button (small button with the lightning bolt, not the large button at the top).



When the test finishes and you want to remove all the bad proxies, you can do so by clicking the brush button on the right. This will pop up with a menu where you can Remove Duplicates, Bad Proxies, Timeouts, or Gateways. Generally, all Bad Proxies and Timeouts should always be removed.



The columns listed are Proxy, Port, Status, Gateway, Anon, 401/Level, Speed.



Status is what Reply the proxy returned with.



Gateway is the Gateway IP Address returned by the Proxy. If Gateway does not match the original IP of the proxy, it is considered a Gateway.



Anon is simply if the proxy is anonymous or not.



401 (only if Internal Proxy Server is Checked) is determined if a Basic Authentication page is able to be accessed through the proxy.



Level is the level which is returned from the ProxyJudge. Levels should only be used to simply tell you if Sentry went to the right location (the ProxyJudge) or if it got redirected (Level will be unknown). Levels do not determine if a proxy is more anonymous than another proxy.



Speed (in milliseconds) is the time it takes a proxy to complete its request once launched. The lower the number, the faster the proxy is.



Right Clicking on the Proxy Analyzer ListView, you are presented with several options:



All are self explanatory except Update My List. This option is used to transfer all the proxies from the Proxy Analyzer to My List. The Proxies are compared against your Black List and then sent to My List. My List will now contain the proxies from the Proxy Analyzer ListView.





There are three types of Proxy Analyzers in Sentry. An Internal one (like Proxyrama), or the standard external one (uses ProxyJudges), and a special one (To test proxies against a specific site).



Internal ProxyJudge



An Internal ProxyJudge is simple. Your computer acts like an HTTP Server and it connects back to it with the proxies in the list. If your IP is found in the Header Data (X_FORWARDED) field, then the proxy is not anonymous.



401 determines if the proxy supports a Basic Authentication. Almost all proxies do, so this field should almost always have a "Yes". The proxy connects to the HTTP Server and receives the Header of a Basic Authentication Page. If the response by the Proxy is a 401, than the proxy supports this.



All pages are created virtually; so you don't really have a proxyjudge.html, etc. on your computer anywhere.



Locations:



ProxyJudge:

http://<YOUR_IP>:<SERVER_PORT>/proxyjudge.html



Basic Authentication Page:

http://<YOUR_IP>:<SERVER_PORT>/secure/(x)/sex/boobs/xxx/index.html



Bad words in the Basic Authentication path will filter out proxies that sensor sites.



Note: Changing the Server Port will not allow some proxies to work. Some proxies can only connect to port 80 and changing this port may cause some perfectly legit proxies not to work.



External ProxyJudge



An External ProxyJudge connects to a third party webpage, where a third party script is used to analyze if a proxy is anonymous or not. The problem with this is simple. If the server hosting the ProxyJudge goes down, you will have to restart a test.



The speed is calculated depending upon the proxy you are testing to go to the webpage and then back to your computer. This means, if a proxy is located near the ProxyJudge, you will receive a better speed value for that proxy, instead of a true ping time from your computer to the proxy like the Internal Server does.



Specific Site



Under Proxy -> Options ->Special there is a checkbox which enables you to check proxies against a specific site. This option is very useful to determine if proxies return a Basic Authentication response or to determine the speed it takes a proxy to connect to the site and back to your computer. All 401 responses are accepted and anything else marks a proxy as Bad.



If Parse Specific Site for Key Phrases is checked, then a proxy will return good only if one of the specified key phrases are found. Status Codes are ignored.



D. Options



ProxyJudge is a ComboBox which will store your ProxyJudges every time one is used during an external proxy test. The icon to the right of the ProxyJudge ComboBox is used to launch the ProxyJudge in your browser.



Proxy Timeout is used to determine how long you want to allow the Analyzer to take until it aborts a request being sent. This will speed up Proxy Analyzing because the engine will not have to wait for proxies which hang to abort.



IP is your Internal IP address returned from Sentry at startup. If the IP in the box is not correct, you will not be able to use the Proxy Analyzer, because Sentry will not know what IP it should compare the proxies with to determine if your proxy is anonymous or not.



Get External IP can be used to get your IP from a third party website. If your Internal IP is wrong, this option can be used.



Get External IP on Startup will retrieve your external IP when Sentry starts up.



Test Proxies against a Specific Site can be used to enable the Specific Site analyzer. Enter the URL of a webpage which responds with a 401 (Basic Authentication) response.



Use HEAD Request Method determines which Request Method Sentry will use with the Specific Site analyzer. Normally you should only use HEAD Request Method if you plan to test the site using HEAD Request Method.



Use GET Request Method is the same as above except for the GET Request Method.



Reactive All Proxies when Active Proxies Equals is an option to determine when Sentry should reactive the proxies in My List. A number like 10 or 20 is useful if you do not want to ever go below that amount of proxies being used no matter what. 0 is the default value which means when the last proxy in My List gets banned, all of the proxies in My List are reactivated.



Use Internal ProxyJudge can be checked to use the Internal ProxyJudge.



Start Server should always be pressed before you do an Internal Proxy test. This will start Sentry's HTTP Server on whatever port you specified in the Server Port TextBox.



Abort Server will abort Sentry's HTTP Server.



Server Port will allow you to determine what port Sentry will use when running the Internal ProxyJudge.



E. Statistics



Shows some general statistics of your proxies while or after a test is being ran.



5. History



A. History



Shows the sites in your history and what proxy was used. Again, the brush button can be used to bring a menu up which will allow you to remove certain types of sites from your history. I.E. Bad, Redirects, Timeouts, etc.



The slider at the top of the History Page will allow you to choose how many bots you want Sentry to use when running a History Check. The two small buttons to the left of this slider will start and stop a test, respectively.



Right Clicking will bring up a list of options you can choose from. They are all self explanatory except for Use Proxy in IE which will allow you to use the Proxy Used to return that entry in Internet Explorer.



B. Options



Use GET instead of HEAD will use the GET Request Method to verify sites instead of the HEAD Request Method. GET Request Method should only be used if you are defining HTML Key Phrases or if you have some URLs which only can be accessed using the GET Request Method.



Bots Timeout is how long Sentry will wait until the request launched will be aborted and the response is marked as a Timeout.



Define HTML Key Phrase can be used to define a list of Key Phrases which, if found in the respective site's source, will be considered a bad request. The reasoning behind this is if you know the failure phrases of some sites, you can effectively reduce the amount of fakes returned by the History Verifier. I.E. "pennywize" or "blocked" are good Key Phrases to use to help reduce fakes. You can add as many Key Phrases as you want.



C. Reply



Shows the replies which the History Checker returned.





6. Manager



Site List displays a list of sites which Sentry has used. Right Clicking on the ListBox brings up some options:



Open Base Site In Browser will allow you to view the Base Site of the URL in your Browser.



Send To Testing Zone will send the selected URL to the Site ComboBox.



Send To Simultaneous List will send the selected URL to the Simultaneous ListBox.



Wordlist History will display the paths to all the wordlists you have used with Sentry. Right Click on this ListBox brings up some options:



Load As Combo List will load the selected wordlist as a normal combo list into Sentry's memory.



Load As Combo List From Disk will load the selected wordlist as a combo list which will be read from your hard drive.





7. Fake



Header Parsing



Header Parsing is a brand new type of fake protection. Basically, you now can specify Key Phrases in the header response sent to you by the server. Why is this useful?



No more relying on responses to determine if a combo is a hit or not. Some sites like to send out different/abnormal HTTP Response codes to fool bruteforce programs. Time to come up with a new method.



I should not have put this option in here, but too many people would wonder why it this method is still

spitting out fakes: 503 and 502 responses are automatically disregarded when using this method.
If you are still getting fakes, use the Debug Header Response option and add additional Key Phrases.



In theory, this method is flawless against certain sites; however, some proxies like to give you a different header than what is actually the correct HTTP Header. That is why Retry Hits x Times works within this method. This is only for failure key phrases as successful key phrases don't need a verification.



Success Key Phrase parsing only needs to find one of the listed key phrases to be considered a hit.



This method, in conjunction with the Debug Option, and a little thought can be very powerful.



For more information on this feature, see the Tutorial.txt file which comes with Sentry.



Source Parsing



This option can effectively eliminate fakes if used correctly.



Define Failure Key Phrases - If a Key Phrase is found in the source of a returned 200 response, then it is marked as bad. If Key Phrase is not found, reply is returned as a hit. Extremely useful for sites that like to spit fakes. Sentry was built with this in mind.



Define Success Key Phrase - If a Key Phrase is known on the members page, you can use this option to increase the amount of hits on a site. For example, if you get a hit, you can scan through the source of the webpage (i.e. members.html) and pick out a distinctive Key Phrase (<title>Welcome to My Members Area</title>). Every 200 reply's source is scanned for these good Key Phrases. If one is found, then returned as hit. Everything else is a failure. This method also scans redirects for Key Phrases. This method can eliminate fake replies.



See Tutorial.txt for more information on this feature.



Custom Hit Response has been deleted. Use Success Header Key Phrases which is showed in the Tutorial.txt file.



Ban Proxy on Bad Key Phrase - If a failure Key Phrase is found, the proxy is banned.



Ban Proxy on 200 Reply - Ban proxy if it returns a 200 response.



Check Hits x Times is standard fake protection. This option will check all hits returned by Sentry again with a different proxy to see if they are truly hits. If Check Using The Same Proxy is checked, the site will be checked using the same proxy. Check hits using the same proxy is not recommended to be checked.



Content-Length Checker will check the returned source to see if it is greater than x amount of bytes. If it is, then a hit is recorded. If less than x amount, proxy is banned.



8. Settings



Sounds can be used with Sentry. By default, the paths point to the sound files which are included with Sentry. They can be changed, however, to what every you want.



9. Misc



A. HTTP Debugger



Http Debugger sends requests to a given site using various options. It follows redirects to completion which can be very useful for spoofing.



a. Main



This page shows the source and Header Responses sent and received. Even the cookie received is displayed.



Byte Count shows how many Bytes were returned with the returned source.



b. Page Viewer



Displays the source returned as it would look like in your browser. Some links can be followed through this, depending on the way the source of the webpage was written. It is not recommended to use this as a browser. It is simply there to show you how the source returned looks like when being viewed in a browser.



c. Options



Request Method is simply the Request Method the HTTP Debugger will use.



Proxies can be used with the HTTP Debugger. Even a SOCKS proxy can be used.



Authentication is the username and password required to enter a site. Leave empty if none are needed.



Agent is the Agent Field you want to send when using the HTTP Debugger.



Referer is the Referer Field you want to send.



Data To Post is the data you want to Post when using the POST Request Method.



Cookie is the cookie you want to send when using the HTTP Debugger.



Timeout is how long you want the HTTP Debugger to wait until the request is aborted.



B. Auto-Pilot



Auto-Pilot is an option which can be used to test sites sequentially with Sentry. You give a list of sites and hit the start button and Sentry does the rest. Auto-Pilot reports a summary at the beginning and end of each job. Use the small abort button located in the Auto-Pilot Section. You cannot load a wordlist from disk when using Auto-Pilot. The list is automatically loaded into Sentry's memory when using Auto-Pilot.



a. Task List



The list of sites which are currently loaded into the Auto-Pilot. The wordlist field is filled in with the current wordlist you are using.



Snap Shot field will be filled in if you have a Snap Shot for the site you added and if the Auto-Pilot engine will use it or not.



Right Clicking brings up a list of options which are all self explanatory.



b. Options



Show Fakes In Summary will display all the fakes the Auto-Pilot received in the Summary report generated when the site is completed testing.



Show Redirects In Summary will display all the redirects the Auto-Pilot received in the Summary report which is generated when the site is done being tested.



Time To Sleep Between Each Job can be useful to allow Sentry to recover from a test that just ended. A good way for letting your connections reset (lettings slow connections finish).



c. Results



Displays the Results returned when using the Auto-Pilot. This is also considered the Summary.



10. Progression



A. Bots



Displays information about the test being ran including bot number, username, password, proxy, reply, and site being tried at the present moment. Bots can be changed during a test.



All Hits are recorded in the Hits ListBox.



All Redirects are recorded in the Redirects ListBox.



All Fakes are recorded in the Fakes ListBox.



Double Clicking any item in any listbox will launch that item in your browser.



B. Replies



Responses are recorded appropriately when they appear during a test.



200 - OK Response, not necessarily a hit.



3xx - Redirect.



401 - Authentication Required.



403 - Forbidden.



404 - Page not found. Generally a proxy error or a timeout.



503 - Service Temporarily Unavailable which is usually a proxy problem, or a site can return this error if it required GET Request Method to be used when using HEAD Request Method.



Retries - The amount of times Sentry has retried various combos because of proxy errors or timeouts.



Fakes - The amount of fakes that Sentry has detected.



Proxies Left visually displays a progress bar and numbers showing how many proxies you have left. This can be useful to monitor how fast a site is banning your proxies.



Statistics shows general statistics of the site or sites in progress. CPS = Cracks Per Second.

No comments:

Post a Comment