Page 1 of 2

Posted: Wed Mar 17, 2004 3:59 pm
by Krieg
Hey guys,

I was just curious - technically speaking, how realistic is Uplink? I've been using computers for about 10 years, but I've never messed around with networking, administration, and what not. Does a real hacker do many of the same things, or are the steps much more complicated? I know they'd be at least slightly more complicated, because he wouldn't have a giant list of IP addresses, and he can't click on a map for bounces... but do real hackers have things like 'password breaker' and 'proxy bypass'?

I was just curious. :)

Posted: Wed Mar 17, 2004 4:27 pm
by NeoThermic
I'm having a sense of Deja vu here...

The only tool that is some what real is the IP lookup tool. That does exsist in real life (DNS lookups is basically it).

As for the rest? Either they are way to simplistic, or don't exsist for reasons that are too lenghty to mention. (but just think about the fact that if you were to disable the proxy, you would loose a connection, and most firewalls lock internet control if they are taken offline without user interaction.)

Thats just general stuff. As for the password breaker, you can't really do that to a real system (although I can say that SMB shares on 9x systems can be cracked the same way...). To password break on any system, you need to brute force it in length, as in for LM hashes, you just do the first 8 letters, so you crack at a, then b, then escilate to aaaaaaaa, aaaaaaab, etc. Eventually you get the password, but cracking takes literly days rather than hours (although LM hashes are a bad example, I can crack my password in 23 hours (thats 14 characters, upper case, lower case, and a few numbers)).

I'll stop there before I illeterate the list that you don't want to see.


Posted: Wed Mar 17, 2004 4:40 pm
by Krieg
Aww, but I wanted to hear it all. :P I figured most of it was bogus. Oh well. Still fun.

Edit: btw... you said you basically have to try aaaaaa, then aaaaab, and so forth... wouldn't most systems that have any security system that's worth anything lock the login once you'd hit it with three or four bad passwords? Kind of like an ATM card - three strikes, and the card is dead for a day.

(Edited by Krieg at 3:41 pm on Mar. 17, 2004)

Posted: Wed Mar 17, 2004 5:39 pm
by NeoThermic
You can set up security restrictions like that. However, some systems just add a reporting delay after a failure, say I added... 20 seconds delay before they can try the next combo, that limits them to three combos a minuite. At that rate, they would never be able to crack a password that is sufficently long enough, and with a password expriation time, it would be changed every so often, thus making the attempt pointless.


Posted: Wed Mar 17, 2004 6:35 pm
by Krieg
Gotcha'. Interesting info. In that case, do most of the bigger places that get hacked (Valve, for example, or Microsoft) - do they get hacked, with the hacker bypassing the passwords, instead of actually cracking them? Or do the above companies' security systems just suck? :)

Posted: Wed Mar 17, 2004 6:56 pm
by Jackmn
Usually done by abusing buffer overflow exploits or other coding mistakes that let you run arbitrary code on remote machines.

Posted: Wed Mar 17, 2004 9:25 pm
by ARC destroyer
Well most admins would wonder why there were so many trys at the users password

Posted: Wed Mar 17, 2004 9:26 pm
by Darksun
Yeah, but you'd probably be suprised at the number of admins that don't check logs

Posted: Wed Mar 17, 2004 9:31 pm
by Stewsburntmonkey
Or even make logs.  :)

Posted: Wed Mar 17, 2004 9:32 pm
by Rkiver
/me goes for the really childish one here.

Hey everyone has to make "logs" :p

Ok you can hit me now for that one. :)

(Edited by Rkiver at 8:33 pm on Mar. 17, 2004)

Posted: Wed Mar 17, 2004 9:33 pm
by ARC destroyer
i know most admins dont know how to keep logs
my isp doesnt keep them :)

Posted: Wed Mar 17, 2004 9:37 pm
by Darksun
ARC destroyer, which ISP is it? Arn't they requried by law to log certain information in the US and UK?

Posted: Wed Mar 17, 2004 9:40 pm
by ARC destroyer
My isp is freenet, if they do keep logs they never look at them

Posted: Wed Mar 17, 2004 9:45 pm
by Darksun
ISPs don't generally look at the logs, since there is too much stuff there to look through. If they get a specific complaint, however, they will quickly find out what they need

Posted: Thu Mar 18, 2004 3:33 am
by BlueScreen
some of the 'hacks' major corporations suffer is from employee's being pissed off for some reason and releasing the data, (or even plain old corruption), ;)