How realistic is Uplink?

Anything and Everything about Uplink

Moderators: bert_the_turtle, jelco, Chris, Icepick, Rkiver

Krieg
level1
level1
Posts: 13
Joined: Wed Mar 17, 2004 1:41 am

Postby Krieg » Wed Mar 17, 2004 3:59 pm

Hey guys,

I was just curious - technically speaking, how realistic is Uplink? I've been using computers for about 10 years, but I've never messed around with networking, administration, and what not. Does a real hacker do many of the same things, or are the steps much more complicated? I know they'd be at least slightly more complicated, because he wouldn't have a giant list of IP addresses, and he can't click on a map for bounces... but do real hackers have things like 'password breaker' and 'proxy bypass'?

I was just curious. :)
Krieg
User avatar
NeoThermic
Introversion Staff
Introversion Staff
Posts: 6254
Joined: Sat Mar 02, 2002 10:55 am
Location: ::1
Contact:

Postby NeoThermic » Wed Mar 17, 2004 4:27 pm

I'm having a sense of Deja vu here...

The only tool that is some what real is the IP lookup tool. That does exsist in real life (DNS lookups is basically it).

As for the rest? Either they are way to simplistic, or don't exsist for reasons that are too lenghty to mention. (but just think about the fact that if you were to disable the proxy, you would loose a connection, and most firewalls lock internet control if they are taken offline without user interaction.)

Thats just general stuff. As for the password breaker, you can't really do that to a real system (although I can say that SMB shares on 9x systems can be cracked the same way...). To password break on any system, you need to brute force it in length, as in for LM hashes, you just do the first 8 letters, so you crack at a, then b, then escilate to aaaaaaaa, aaaaaaab, etc. Eventually you get the password, but cracking takes literly days rather than hours (although LM hashes are a bad example, I can crack my password in 23 hours (thats 14 characters, upper case, lower case, and a few numbers)).

I'll stop there before I illeterate the list that you don't want to see.

NeoThermic
Krieg
level1
level1
Posts: 13
Joined: Wed Mar 17, 2004 1:41 am

Postby Krieg » Wed Mar 17, 2004 4:40 pm

Aww, but I wanted to hear it all. :P I figured most of it was bogus. Oh well. Still fun.

Edit: btw... you said you basically have to try aaaaaa, then aaaaab, and so forth... wouldn't most systems that have any security system that's worth anything lock the login once you'd hit it with three or four bad passwords? Kind of like an ATM card - three strikes, and the card is dead for a day.

(Edited by Krieg at 3:41 pm on Mar. 17, 2004)
Krieg
User avatar
NeoThermic
Introversion Staff
Introversion Staff
Posts: 6254
Joined: Sat Mar 02, 2002 10:55 am
Location: ::1
Contact:

Postby NeoThermic » Wed Mar 17, 2004 5:39 pm

You can set up security restrictions like that. However, some systems just add a reporting delay after a failure, say I added... 20 seconds delay before they can try the next combo, that limits them to three combos a minuite. At that rate, they would never be able to crack a password that is sufficently long enough, and with a password expriation time, it would be changed every so often, thus making the attempt pointless.

NeoThermic
Krieg
level1
level1
Posts: 13
Joined: Wed Mar 17, 2004 1:41 am

Postby Krieg » Wed Mar 17, 2004 6:35 pm

Gotcha'. Interesting info. In that case, do most of the bigger places that get hacked (Valve, for example, or Microsoft) - do they get hacked, with the hacker bypassing the passwords, instead of actually cracking them? Or do the above companies' security systems just suck? :)
Krieg
User avatar
Jackmn
level5
level5
Posts: 1378
Joined: Thu Feb 07, 2002 5:21 pm

Postby Jackmn » Wed Mar 17, 2004 6:56 pm

Usually done by abusing buffer overflow exploits or other coding mistakes that let you run arbitrary code on remote machines.
ARC destroyer
level3
level3
Posts: 324
Joined: Thu Jun 06, 2002 5:15 pm
Contact:

Postby ARC destroyer » Wed Mar 17, 2004 9:25 pm

Well most admins would wonder why there were so many trys at the users password
keep your computer locked up or its gonna be broken.
visit my forum: www.fightforinfo.tk
Darksun
level5
level5
Posts: 6461
Joined: Sat Dec 07, 2002 7:08 pm
Location: 127.0.0.1

Postby Darksun » Wed Mar 17, 2004 9:26 pm

Yeah, but you'd probably be suprised at the number of admins that don't check logs
Stewsburntmonkey
level5
level5
Posts: 11553
Joined: Wed Jul 10, 2002 7:44 pm
Location: Nashville, TN
Contact:

Postby Stewsburntmonkey » Wed Mar 17, 2004 9:31 pm

Or even make logs.  :)
Rkiver
level5
level5
Posts: 6405
Joined: Tue Oct 01, 2002 10:39 am
Location: Dublin, Ireland

Postby Rkiver » Wed Mar 17, 2004 9:32 pm

/me goes for the really childish one here.

Hey everyone has to make "logs" :p

Ok you can hit me now for that one. :)

(Edited by Rkiver at 8:33 pm on Mar. 17, 2004)
Uplink help: Read the FAQ
ARC destroyer
level3
level3
Posts: 324
Joined: Thu Jun 06, 2002 5:15 pm
Contact:

Postby ARC destroyer » Wed Mar 17, 2004 9:33 pm

i know most admins dont know how to keep logs
my isp doesnt keep them :)
keep your computer locked up or its gonna be broken.

visit my forum: www.fightforinfo.tk
Darksun
level5
level5
Posts: 6461
Joined: Sat Dec 07, 2002 7:08 pm
Location: 127.0.0.1

Postby Darksun » Wed Mar 17, 2004 9:37 pm

ARC destroyer, which ISP is it? Arn't they requried by law to log certain information in the US and UK?
ARC destroyer
level3
level3
Posts: 324
Joined: Thu Jun 06, 2002 5:15 pm
Contact:

Postby ARC destroyer » Wed Mar 17, 2004 9:40 pm

My isp is freenet, if they do keep logs they never look at them
keep your computer locked up or its gonna be broken.

visit my forum: www.fightforinfo.tk
Darksun
level5
level5
Posts: 6461
Joined: Sat Dec 07, 2002 7:08 pm
Location: 127.0.0.1

Postby Darksun » Wed Mar 17, 2004 9:45 pm

ISPs don't generally look at the logs, since there is too much stuff there to look through. If they get a specific complaint, however, they will quickly find out what they need
BlueScreen
level2
level2
Posts: 168
Joined: Mon Mar 11, 2002 11:53 am
Contact:

Postby BlueScreen » Thu Mar 18, 2004 3:33 am

some of the 'hacks' major corporations suffer is from employee's being pissed off for some reason and releasing the data, (or even plain old corruption), ;)
Since we cannot know all that there is to be known about anything, we ought to know a little about everything.  Blaise Pascal (1623 - 1662)
<damn 255 char sig limit>

Return to “General”

Who is online

Users browsing this forum: No registered users and 1 guest