the real progs
Moderators: jelco, bert_the_turtle, Chris, Icepick, Rkiver
-
ARC destroyer
- level3
- Posts: 324
- Joined: Thu Jun 06, 2002 5:15 pm
- Contact:
I know a web site but i dont want to tell you it
keep your computer locked up or its gonna be broken.
visit my forum: www.fightforinfo.tk
visit my forum: www.fightforinfo.tk
A website with what... a password cracker?
"The first non-admin profile added was that of waldaberz only minutes after the site went up.
He was also the first to edit his profile only moments later." - Uplink Directory
He was also the first to edit his profile only moments later." - Uplink Directory
-
Chad Mulligan
- level2
- Posts: 127
- Joined: Sat Jan 05, 2002 4:56 am
- Location: Mountain View, CA
Um... to "crack" a password, you can't do it one letter at a time Hollywood-style.
Ex. Many Unix systems use password systems based on one-way hashes, which are designed to be impossible to algorithmically invert. The principal ways to attack them are --
1. Con the user into giving his password (social engineering).
2. Intercept the password when it's either stored or transmitted in weak/no crypto, e.g. if somebody's careless enough to send it on standard no-encryption Telnet, especially if it's broadcast because your network is non-switched Ethernet. Hellooooo, promiscuous mode. Physical security also matters, e.g. keyboard bugs or a user who lets you watch him type it in...
3. Torture/intimidate the user, a.k.a. "rubber-hose cryptography". People who piss off thugs and dictatorships are most at risk of this one.
4. Exploit bugs in a badly designed or implemented system.
5. Brute-force, by trying possible passwords until the function reports a match. This will NOT work one character at a time, because these functions don't work that way, and will be incredibly obvious to a system administrator or any sort of security-monitoring daemon because it entails trying a truly ludicrous number of login attempts.
While some old systems provided the file of password hashes, so you could obtain that list and try matching against that instead of logging in, any admin that's been awake over the past... well, more than a decade, will be using shadowed passwords so you can't get the hashes. Ergo, you won't be able to test for matches without trying to log in. Oops.
Ex. Many Unix systems use password systems based on one-way hashes, which are designed to be impossible to algorithmically invert. The principal ways to attack them are --
1. Con the user into giving his password (social engineering).
2. Intercept the password when it's either stored or transmitted in weak/no crypto, e.g. if somebody's careless enough to send it on standard no-encryption Telnet, especially if it's broadcast because your network is non-switched Ethernet. Hellooooo, promiscuous mode. Physical security also matters, e.g. keyboard bugs or a user who lets you watch him type it in...
3. Torture/intimidate the user, a.k.a. "rubber-hose cryptography". People who piss off thugs and dictatorships are most at risk of this one.
4. Exploit bugs in a badly designed or implemented system.
5. Brute-force, by trying possible passwords until the function reports a match. This will NOT work one character at a time, because these functions don't work that way, and will be incredibly obvious to a system administrator or any sort of security-monitoring daemon because it entails trying a truly ludicrous number of login attempts.
While some old systems provided the file of password hashes, so you could obtain that list and try matching against that instead of logging in, any admin that's been awake over the past... well, more than a decade, will be using shadowed passwords so you can't get the hashes. Ergo, you won't be able to test for matches without trying to log in. Oops.
"I tell you three times..."
-
ARC destroyer
- level3
- Posts: 324
- Joined: Thu Jun 06, 2002 5:15 pm
- Contact:
-
Crackdown2001
- level2
- Posts: 129
- Joined: Fri Feb 22, 2002 11:43 pm
- Location: Derby (England)
- Contact:
oh, well congrats. You managed to find one of about a hundred websites that have viruses and trojans for download.
The thing is ur probably such a newb u think that the trojan clients aren't infected. I do hopeu know that ur not safe running any of those unless u actually check the code urself to make sure it's not gonna infect u with the very thing ur trying to use.
And Chad Mulligan was correct - u can't crack a website password without making it entirely obvious what you are trying to do... at which point the account you are cracking will be disabled. oh dear.
now go to sleep ARC destroyer... that's right... skip, skip, skip away...
The thing is ur probably such a newb u think that the trojan clients aren't infected. I do hopeu know that ur not safe running any of those unless u actually check the code urself to make sure it's not gonna infect u with the very thing ur trying to use.
And Chad Mulligan was correct - u can't crack a website password without making it entirely obvious what you are trying to do... at which point the account you are cracking will be disabled. oh dear.
now go to sleep ARC destroyer... that's right... skip, skip, skip away...
I know a sig that'll get on your nerves, get on your nerves, get on your nerves...
Well, my computer is filled with viruses, literaly, only those are not-ready-to-use viruses like you can download on some lame net pages, but allready-been-used-on-me viruses. In other words: I've been infested.
But for some reasons I managed to stabalise my computer in a way that I even don't dare using an antivirus, not knowing what it would do.
It's kinda of the "Mr. Burns Syndrom". All those virsuses just try to push themselves through the door to destroy my PC, but can't because they are so many they jam the entrance, but one fals move and WHAM !!!!!!!
Well, maybe not like that. But at least I have managed to learn to live with the viruses in a peacfull way. My PC is my peacfull guarden of venom plants.
Actually I don't have the slitghtest idea of how it works, so I jsut leave my system alone. Until it crashes.....
But for some reasons I managed to stabalise my computer in a way that I even don't dare using an antivirus, not knowing what it would do.
It's kinda of the "Mr. Burns Syndrom". All those virsuses just try to push themselves through the door to destroy my PC, but can't because they are so many they jam the entrance, but one fals move and WHAM !!!!!!!
Well, maybe not like that. But at least I have managed to learn to live with the viruses in a peacfull way. My PC is my peacfull guarden of venom plants.
Actually I don't have the slitghtest idea of how it works, so I jsut leave my system alone. Until it crashes.....
- Don't mind me, I'm just a sweeper.
-
ARC destroyer
- level3
- Posts: 324
- Joined: Thu Jun 06, 2002 5:15 pm
- Contact:
Who is online
Users browsing this forum: No registered users and 9 guests