Entry 1.21 Manual

Program Requirements:

Part 1: About Entry

The explosion of the World Wide Web in recent times has led to a large increase in the number of businesses offering proprietary content online. The security of these "members-only" websites is often quite poor: many of the sites' passwords may be found on a short list of common words. Entry can find these passwords.

Part 2: Starting an attack

Username, Password Source
There are three choices:
  1. Retrieve words from a user-supplied wordlist (Here is an example).
  2. The guesser will supply every possible permutation of characters for a given length. For example, if you chose 4 letter lowercase-only words, it would generate "aaaa", "aaab", "aaac", and so on, until "zzzz".
  3. A static username or password will not be changed between login attempts. You should choose Static if you know the username but are unsure of the password, or vice versa.

Request Method
Entry can request the secure document in one of two ways: GET or HEAD. A GET request will attempt to retrive the entire protected document, a HEAD request will only attempt to retrieve information about the document. Generally, you will want to use GET.

Character Sets
If you choose to have usernames and/or passwords supplied by the guesser, you must check at least one of these boxes. The guesser will use all characters in the selected set(s) to generate words.

Lowercase:
'a' to 'z'
Uppercase:
'A' to 'Z'
Numbers:
'0' to '9'
Punctuation:
! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~

Document URL
Type the HTTP address of the secure document in this box. Here are some examples of good URLs:

This URL must point directly to a protected document, not just to any point in a site.

Part 3: Creating a good wordlist

In the vast majority of cases, a wordlist attack will be much more effective and faster than a guesser attack. The construction of a good wordlist, therefore, is very important.

A effective wordlist contains keywords which are relevant to the site and/or its probable members. For example, if you are making an attack against the "Chicago Times Online", you should add "chicago", "times", "online", "press", "news", "extra", etc., to your list. An good list should contain AT LEAST fifty words, and may contain hundreds or even thousands.

Part 4: Saving your progress (Entry Pro users only)

If you are using the guesser or a large wordlist, a complete attack simulation may take hours. An Entry status file, just like any other program document, should be saved to disk on a regular basis.

Entry can automatically save your progress after a user-specified number of attempts (set in the Properties box), so that you may leave it running unattended. You may occasionally wish to save your progress manually as well. There are two ways to save manually: Normal Save, and Lazy Save.

If you have used Windows programs before, you are already familiar with Normal Save: Simply choose Save from the File menu (or press Ctrl-S). A Normal Save cannot be performed while you are online, as your progress is constantly being updated.

You can use a Lazy Save to record your progress without going offline. Unlike a Normal Save, a Lazy Save does not save immediately. Instead, it temporarily pauses your attack at the next convenient moment, going offline just long enough to save, and returns online. Click the button with the sleepy disk; when it pops back up, your progress has been saved. A Lazy Save cannot be performed while offline.

Until you have saved your file normally (and chosen a name for it), the Auto Save and Lazy Save features will both use the name "AutoSave.eaf".

Part 5: Finding a successful username/password combination

Entry will automatically go offline if: An appropriate message will be displayed in each case. If you chose the "Open browser on success" option in the Properties box, the cracked page will be loaded into your browser immediately.

Part 6: Tips for using Entry

Part 7: Program Specifications

Protocol: Basic Authentication (HTTP/1.0)
Maximum Speed: Undefined (approximately 200 attempts per minute over a 28,800 modem connection)
Maximum Attempts: 2,147,483,646 per session (for Entry Pro; 3072 for Entry LE)