general notes ====================================================================== if Ares won't run at all, proceed the following steps: 1. try disabling the skin feature. 2. Windows 2000 and NT users MUST NOT use the skin feature. notes for ares release candidate ... let it snow! ====================================================================== 0. what to do before first attack? -------------------------------------------------------------------------------------------------------------------------------------------- - CREATE A PROXY LIST AND ADD LOTS OF NEW ONES, HEHE - note: anon level for cracking and for surfing need not be the same since spilling cookies when browsing is bad whilst it is NECESSARY for some html attacks on the other side. and anyway, ares doesn't store cookies nor does it read the ones from your browser, so definitely no sensual information can be spilled. 1. whatz new? --------------------------------------------------------------------------------------------------------------------------------------------- # NEW IN GAMMA 2 # - again improved form based login detection - pop3 cracking: use a url like pop3://some.mailserv.com # NEW IN GAMMA 3 # - ftp cracking: use a url like ftp://some.ftpserver.com # NEW IN GAMMA BANANA # - not much... fixed some URL bugs and added 5 (!) bananas ;-) # NEW IN DELTA FORCE # - removed the bananas, they seemed to cause problems on NT/2K - fixed fakes problem on dreamweaver.dreamnet.com - proxy checker tolerates proxies which don't support ftp/pop3 - skin support # NEW IN DELTA FORCE II # - pausing/resuming !!! ;-) - optional skin support. if you don't want to use skins, use the -noskin parameter. # NEW IN RADIOACTIVE MAN # - sounds. if you don't like them, replace the wav files with your own ones. if you don't want sound at all, delete the wav files. # NEW IN GANDHI II # - hidden feature... try to find... # NEW IN -=462=- # - increased speed. now using up to 100 sockets instead of just 60 # NEW IN "THE CRUNCHY CRACKER" - sound can be disabled - loader program to force people to read the README ;-) - speed setting now will be remembered - drastically decreased file size # NEW IN ... AT A MEDIUM PACE # - auto fixing that damn ocx stuff now in the loader - additional skins... and finally they can be easily switched ;-) # NEW IN ... UNDER THE MANGO TREE # - uh, can't remember. some fixup stuff # NEW IN ... SMILE, YOU'RE ON TV! # - fixed a problem with form based cracks. some sites return malformed html code to prevent bruteforcing. at least that's what THEY think it does, hehe - added some kind of protection i hope you won't ever see. # NEW IN ... END OF DAYS! # - saving/loading of PAUSED(!) attacks - improved preset stuff - adjustable proxy rotation # NEW IN ... LET IT SNOW # - many fixups in ftp/pop3 cracking engine - fixups of loading/saving (why didn't anyone tell me that loaded html attacks won't work? argh) 2. whatz up next? --------------------------------------------------------------------------------------------------------------------------------------------- - store proxy verifying info (level etc.) in the proxy.ini - history checking - news/telnet cracking (maybe) - DDE support 3. what works? --------------------------------------------------------------------------------------------------------------------------------------------- - standard attacks approx 600-1000 attempts/min on ISDN - html attacks approx 200-600 attempts/min on ISDN - avs attacks up to 800 attempts/min on ISDN - use as many proxies as you want... and as you can! - fake pass detection should prevent you from most fakes. - pop3, not benchmarked yet 4. what doesn't work? (plz don't report any of these as a bug) --------------------------------------------------------------------------------------------------------------------------------------------- - hostnames instead of IPs for proxies still seem to cause deep trouble. DO NOT USE HOSTNAMES IN THE PROXY LIST !!!!!!!!!!!!!!! - skin engine won't work under win2k/winnt. send complaints to: www.nopcode.com - http attacks on ports other than standard http port (80) MIGHT not work. - some well known AVS (offering regular and gold passes) MIGHT not work very well. - hotmail (and all other sites using HTTPS protocol) can't be attacked with ares. there are no plans for adding https support in future version. 5. tips & tricks --------------------------------------------------------------------------------------------------------------------------------------------- - how to defeat sites giving fake passes: step 1: set up all the needed attack data like URL, user, pass etc step 2: go to the proxy checker step 3: make a backup of your proxies (there's a button for that ;-) step 4: be sure to check 'delete bad' and 'test if proxy gives fakes' step 5: verify the proxies. this will give you a proxy list perfectly suited for the site others only get fakes and/or redirects. step 6: leave the proxy checker and start your attack now step 7: when done, you might wish to restore your old generic proxy list. if so, hit 'restore' in the proxy checker and you're back. - if you run out of proxies very fast or still get fakes: lower the cracking speed 6. FAQ --------------------------------------------------------------------------------------------------------------------------------------------- Q: what is 'test for fakes'? A: this will test if the proxies can be used to attack the URL specified in the main window. note that the site must note have html login, this only works for basic autorization. Q: what do 'ANY' and 'HTTP' mean? A: HTTP is the capability of the proxy for all http stuff like basic authorization and html login etc. ANY means that the proxy can be used to establish arbitrary connections for other protocols like POP3, FTP etc. Q: what does the stuff in the proxy list mean? what should be there after verifying? A: good proxies for 'ANY' will get a '200' result, all others will get 'BAD'. good proxies for 'HTTP' will get a '401' result, all other responses indicate a proxy that can't be used. 'n/a' means, that there was no response or the proxy couldn't be connected. 'X' means that the proxy spills your IP. Q: i checked 'delete bad'. now some proxies get 'BAD', but ares still keeps them. why does this happen? A: 'BAD' appears only in the 'ANY' column. if a proxy can't be used for arbitrary protocols but still works fine for http connections, it can be used for basic authorization and html attacks. deleting such (generally fine) proxies would be a big waste, right? Q: i get a 'WINMM.DLL' occasionally / when i start an attack. what now? A: either don't use other software that uses sound output while running ares or delete the .wav files. Q: i get a 'xxxxx.DLL' error (where xxxxx could be msvirtc.dll, mfc42.dll, comctl32.dll etc) A: get a newer version of that dll. here is a list of the dll's ares needs: dll/ocx name recommended version advapi32.dll 4.80.0.1675 comctl32.dll 5.81.4522.1800 gdi32.dll 4.10.0.1998 kernel32.dll 4.10.0.1998 mfc42.dll 6.0.8267.0 msvcirt.dll 6.0.8168.0 msvcrt.dll 6.1.8637.0 user32.dll 4.10.0.1998 winmm.dll 4.3.0.1998 cswsk32.ocx 2.50.0.2570 netapi32.dll 4.10.0.1998 netbios.dll 0.0.0.0 ole32.dll 4.71.2612.0 oleaut32.dll 2.40.4277.1 Q: i followed the steps described in 5, but i still get fakes? A: lower the cracking speed. use more proxies. if that won't help, remember that there are sites that start sending fakes already after 1 or 2 failed logins... even ares will resign on these and i don't see a way (at least not yet) of getting round this problem, sorry Q: what does the 'prob' LED stand for? A: that indicates some slight problems like - a proxy closed the connection before there was a response - a proxy refused the connection - a proxy gave an unknown response etc. nothing to worry about, if that happens, ares will try again the 'lost' combo through another proxy ;-) Q: how can i use other skins? A: there is no option for changing the entire skin yet... but you can make your own one, simply edit the bitmap files. if you think your skin looks great, let me know... maybe you'll be in the next release ;-) Q: i still got problems, where can i get help? A: http://discserver.snap.com/Indices/112146.html step 1: press 'debug info' step 2: describe your problem on that board. give info on the windows version you use (95/98/NT/2K). include the debug info. 7. thanx to my beta-testers: --------------------------------------------------------------------------------------------------------------------------------------------- dER_kOMTUR, BLiNd GuArDiAn, Bug)Trapper (thx for lots of tips!), logan, speedo, masu, crowbar, Phantom, CYBERWOLF, Dame, Dizz, Lynyrd, balm, Zottel, HeXeR, luke mason if i forgot to mention one of you... let me know ;-) 8. copyright notice --------------------------------------------------------------------------------------------------------------------------------------------- written by gaamoa / distribute freely and unmodified ## AND DON'T CHARGE ANY FUCKING FEE FOR THIS PROGRAM ## http://come.to/gaamoa http://www.deny.de http://www.icefortress.com (we're back!) IF YOU JUST SCROLLED DOWN HERE W I T H O U T READING THE FAQ: DON'T DARE COMPLAINING THAT "ARES WON'T WORK"!