)
i've been doing a little snooping lately in hacking communitites, but to make a long story short a website (message board community) betrayed and pissed me off after all i did for them, and now its time for a little pay back. This is probably the ONLY time ill ever spend doing anything related to hacking, as im usually anti goverment enough as it is i dont need to feed them an excuse to throw me in jail.
anyway i was wondering about brute forcers, a program that is supposedly made buy hax hackers, excuse the cornyness, that will bombared a screenames login info till your ip is kicked, it times out, or suceedes (ip kicked because sometimes websites have you can only try so many times before getting banned)
It's said there made for various things, but of course if they truly do exist i'd like one that goes after website passwords (in this case a forum member(s)'s password)
if it isn't what can i do, i feel it a waist for me to practice till i get leet hacking skills when all im going to do is screw with some old "friends" message boards.
brute forcers program or myth? WHat can i do?
-
p99
- Fame ! Where are the chicks?!
- Posts: 291
- Joined: 14 Oct 2006, 16:00
- 17
- Location: Some hippy's van
- Contact:
Brute forcing is not "1337" by any standards. When I run a server, If I'm seeing portscans and multiple login attempts from one IP this gives me some basic information.
They don't know what they are doing! If one IP is scanning my computer multiple times I certainly can tell they didn't learn anything from just one scan. All I would use a port-scan for is to find any unuasual web-daemons that may be runnning. Like I found 4 ssh-daemons running on a single box once. That's just not normal.
When I see brute-forcing(shown though loads of incorrect user/pass combos)
I definatly know that the person has no clue. Brute forcing would be like someone coming to my house and hammering a nail into the keyhole as an attempt to break in. I'm going to either here it or see the dents.
How many of these people know what a log is? Even if they do login do they usually know where the log is or that I could simply save it in an unusual place?
Do some research on the forum system your "friends" are running and go from there. It's really a selfish and pathetic crime you wish to do. Unless they kidnapped and gangbanged your mom there isn't much you can get so worked up on online.
PS: Work on your spelling. Just so people will take you more seriously.
They don't know what they are doing! If one IP is scanning my computer multiple times I certainly can tell they didn't learn anything from just one scan. All I would use a port-scan for is to find any unuasual web-daemons that may be runnning. Like I found 4 ssh-daemons running on a single box once. That's just not normal.
When I see brute-forcing(shown though loads of incorrect user/pass combos)
I definatly know that the person has no clue. Brute forcing would be like someone coming to my house and hammering a nail into the keyhole as an attempt to break in. I'm going to either here it or see the dents.
How many of these people know what a log is? Even if they do login do they usually know where the log is or that I could simply save it in an unusual place?
Do some research on the forum system your "friends" are running and go from there. It's really a selfish and pathetic crime you wish to do. Unless they kidnapped and gangbanged your mom there isn't much you can get so worked up on online.
PS: Work on your spelling. Just so people will take you more seriously.
-
Nerdz
- The Architect
- Posts: 1127
- Joined: 15 Jun 2005, 16:00
- 18
- Location: #db_error in: select usr.location from sucko_member where usr.id=63;
- Contact:
2. You will not supply, or ask for cracks, keygens, serials, or fully functioning programs (that should cost money) on these forums. Suck-o is not here to encourage the malicous and illegal activity of hacking, but to teach all sides of it, for the purpose of helping others.
3. No explicit questions, such as 'can someone hack www.somesite.com' or 'how do i hack www.blah.com', etc. We are not here to do work for you, but to help you on your way to learn how to do it yourself. Nor do we support the defacing, or hacking of websites.
Bruteforcing sucks.
3. No explicit questions, such as 'can someone hack www.somesite.com' or 'how do i hack www.blah.com', etc. We are not here to do work for you, but to help you on your way to learn how to do it yourself. Nor do we support the defacing, or hacking of websites.
Bruteforcing sucks.
Give a man a fish, you feed him for one day.
Learn a man to fish, you feed him for life.
Learn a man to fish, you feed him for life.
I disagree with that, nerdz. Bruteforcing is an okay tactic if you do the following (in my opinion):
1. Don't wish to stay anonymous (such as using a public computer)
2. Understand the function of a brute forcer, or even coded one yourself.
Then, i agree that bruteforcing can be a very effective way to get the username and password to a specific form.
Don't shoot it down just because it's easy, right?
1. Don't wish to stay anonymous (such as using a public computer)
2. Understand the function of a brute forcer, or even coded one yourself.
Then, i agree that bruteforcing can be a very effective way to get the username and password to a specific form.
Don't shoot it down just because it's easy, right?
¯\_(ツ)_/¯ It works on my machine...
-
p99
- Fame ! Where are the chicks?!
- Posts: 291
- Joined: 14 Oct 2006, 16:00
- 17
- Location: Some hippy's van
- Contact:
Yeah that is true. I made a simple brute forcer the other day. Well sort of.
I had found a password protected program. The creator gave a few details out. I couldn't figure out how to do it with a debugger/dissasembler so I used what information on the password I could find:
King county library card number.
10 numbers
only these numbers(large elimination)
then I searched on the library card system and found that the first 3 numbers had to be "002" so that means I needed to use 7 numbers.
With some help I generated a list and went through it.
But i'm still not a fan of it.
And phishing, does work beautifully. But I find that manually social engineering people out of there login info is much funner.
I had found a password protected program. The creator gave a few details out. I couldn't figure out how to do it with a debugger/dissasembler so I used what information on the password I could find:
King county library card number.
10 numbers
only these numbers(large elimination)
then I searched on the library card system and found that the first 3 numbers had to be "002" so that means I needed to use 7 numbers.
With some help I generated a list and went through it.
But i'm still not a fan of it.
And phishing, does work beautifully. But I find that manually social engineering people out of there login info is much funner.