Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Geek Culture / brute forcers

Author
Message
Commodore kid
18
Years of Service
User Offline
Joined: 3rd Jun 2006
Location: Staffordshire, England
Posted: 18th Jul 2007 23:26
Link
hey was just wondering if a working brute forcer actually exists and if so where can i find it.

i wanna test it on my old email account ive dun this this with a couple of brute forcers ive found around the net and i cant seem to get them working. it wud be extreamly usefull if i cud find a working one as im very forgetfull and i like experamenting with things like this.

ps. i know this may somewhat be a taboo but these are the only computer forums i visit so if someone can help be id be extreamly thankful.

Dam no loo roll left!
Where's the bible?
Back to top
Profile PM Email
TEST OF WILL
17
Years of Service
User Offline
Joined: 23rd May 2007
Location:
Posted: 18th Jul 2007 23:45
Link
POSTED BEFORE LOCKED! Woot
Back to top
Profile PM
GatorHex
19
Years of Service
User Offline
Joined: 5th Apr 2005
Location: Gunchester, UK
Posted: 18th Jul 2007 23:51
Link
Yeah I wonder how long it will take a mod to see this

If your account manager is worth it's salt it will dissable or time out the account after 3 wrong guesses anyway

DinoHunter (still no nVidia compo voucher!), CPU/GPU Benchmark, DarkFish Encryption DLL, War MMOG (WIP), 3D Model Viewer
Back to top
Profile PM Website
Commodore kid
18
Years of Service
User Offline
Joined: 3rd Jun 2006
Location: Staffordshire, England
Posted: 18th Jul 2007 23:53
Link
all im wondering is if there is a working program of this nature and what is it i mean no harm.

Dam no loo roll left!
Where's the bible?
Back to top
Profile PM Email
IanM
Retired Moderator
22
Years of Service
User Offline
Joined: 11th Sep 2002
Location: In my moon base
Posted: 19th Jul 2007 00:04
Link
Google it, or write one of your own - they are simple enough that they aren't really a threat to any reasonable level of security.

A 10 letter password containing upper and lowercase letters, plus numbers has 839,299,365,868,340,224 possible combinations, so it'll take a little while for you to work through them

Quote: "LOCKED"

Don't see why it should be ATM. We talk about encryption/decryption of messages here every so often - this is equivalent to that really.

For free Plug-ins and source code
http://www.matrix1.demon.co.uk
New Utility plugins collection
Back to top
Profile PM Email Website
Commodore kid
18
Years of Service
User Offline
Joined: 3rd Jun 2006
Location: Staffordshire, England
Posted: 19th Jul 2007 00:14
Link
thanks IanM your awesome it upsetts me when ppl are so hostile.

Dam no loo roll left!
Where's the bible?
Back to top
Profile PM Email
xplosys
18
Years of Service
User Offline
Joined: 5th Jan 2006
Playing: FPSC Multiplayer Games
Posted: 19th Jul 2007 00:27
Link
Perhaps you won't mind if I turn the request the other way. I've been looking for a way to stop brute force attacks on my mail server for some time. There are some simple solutions (IP banning, etc) for Unix based systems, but I can't find anything for Windows Servers.

Does anyone know of anything for Windows based servers?

Best.

I'm sorry, my answers are limited. You must ask the right question.

Back to top
Profile PM
spooky
22
Years of Service
User Offline
Joined: 30th Aug 2002
Location: United Kingdom
Posted: 19th Jul 2007 00:30
Link
@Commodore kid - looked at your forum lately? Seems to be overrun with bogus posts about porn and drugs.

Boo!
Back to top
Profile PM Website
Commodore kid
18
Years of Service
User Offline
Joined: 3rd Jun 2006
Location: Staffordshire, England
Posted: 19th Jul 2007 00:33
Link
yea lol i havnt been able to get on top of any of it so im gonna gave up in the end i think ill handit over to my mate c if he can sort it out

Dam no loo roll left!
Where's the bible?
Back to top
Profile PM Email
Commodore kid
18
Years of Service
User Offline
Joined: 3rd Jun 2006
Location: Staffordshire, England
Posted: 19th Jul 2007 01:02
Link
i shud of setup one of them confermation code thingys

Dam no loo roll left!
Where's the bible?
Back to top
Profile PM Email
IanM
Retired Moderator
22
Years of Service
User Offline
Joined: 11th Sep 2002
Location: In my moon base
Posted: 19th Jul 2007 02:40 Edited at: 19th Jul 2007 02:42
Link
Quote: "If your account manager is worth it's salt it will dissable or time out the account after 3 wrong guesses anyway"

I've thought about that a little and it doesn't seem like good protection to me:
- it'd be a great DOS attack. Simply attempt to log into all known accounts, deliberately getting the password wrong until it is locked. When someone locks out administrator, you are no longer in control of your machine.
- you can't lock an account that doesn't exist, so once you get a locked account, you know it's a valid one.

Better ideas for protection:
- Delay after a failed login attempt (invalid user or incorrect password). Slows down retries.
Don't report 'incorrect password' or 'invalid user' - just 'login failed', and only immediately before disconnect. If you report then delay, the attackers code can detect that and disconnect early, then try again immediately.
- When you hit a threshold for number of connections per second/minute/hour from an IP, slow them right down.
- Don't block IP's - so many people use common gateways that you can block your legitimate users along with your attackers. Again, just slow them down.

Most of these are based upon slowing down the attacks, not stopping them. Brute-force is a numbers game which you can win just by slowing everything down to a point where an attack will be stretched to years instead of minutes.

@xplosys,
I'm not aware of anything for windows that does what you need. Switch to linux instead

For free Plug-ins and source code
http://www.matrix1.demon.co.uk
New Utility plugins collection
Back to top
Profile PM Email Website
Commodore kid
18
Years of Service
User Offline
Joined: 3rd Jun 2006
Location: Staffordshire, England
Posted: 19th Jul 2007 17:37
Link
Quote: "I'm not aware of anything for windows that does what you need. Switch to linux instead"


good idea only one problem my internet adapter only supports windows.

Dam no loo roll left!
Where's the bible?
Back to top
Profile PM Email
Cash Curtis II
19
Years of Service
User Offline
Joined: 8th Apr 2005
Location: Corpus Christi Texas
Posted: 19th Jul 2007 17:42
Link
Commodore kid, face it, you're a turd. Shift your focus to more constructive things. Go make a game. I can see the value of this discussion, but at the same time I can 100% see why you asked this question in the first place and it isn't honorable.


Come see the WIP!
Back to top
Profile PM
Jess T
Retired Moderator
21
Years of Service
User Offline
Joined: 20th Sep 2003
Location: Over There... Kablam!
Posted: 19th Jul 2007 18:15
Link
Quote: "839,299,365,868,340,224 possible combinations"


Don't forget that Dictionary attacks can greatly reduce that number.

Nintendo DS & Dominos :: DS Dominos
http://jt0.org
Back to top
Profile PM Email Website
Commodore kid
18
Years of Service
User Offline
Joined: 3rd Jun 2006
Location: Staffordshire, England
Posted: 19th Jul 2007 18:17
Link
cash curtis ii my intent for this program is constuctive as any good software develper knows in order to make decent software one has to have an understanding of the various parts of computers work. Some very useful things have been mentioned on this post such as how to improve security i cud add some of the ideas mentioned as various security features in a game or program. For example trial software activation using some of the ideas previosly mentioned i could make my program invunrable to keygens or cracks. Of course this wasnt the reason for this post but who can say that they have never forgotten a password or a pin number in the past. Besides which even if i did have milicious intent which i dont it dusnt realy make any difference to the terms and conditions of the fourums as im not asking how to do anything inethical i was just asking if anyone here knew of a working brute forcer which wud allow me to retrave lost passwords or pin numbers.

Dam no loo roll left!
Where's the bible?
Back to top
Profile PM Email
dark coder
22
Years of Service
User Offline
Joined: 6th Oct 2002
Location: Japan
Posted: 20th Jul 2007 03:02 Edited at: 20th Jul 2007 09:32
Link
Quote: "For example trial software activation using some of the ideas previosly[sic] mentioned i could make my program invunrable[sic] to keygens or cracks."


Just like how all these other commercial games have made their serial keys invulnerable to keygens?

I don't see the purpose of making such applications as you can easily predict their effect.

Back to top
Profile PM Email
soapyfish
21
Years of Service
User Offline
Joined: 24th Oct 2003
Location: Yorkshire, England
Posted: 20th Jul 2007 08:52
Link
If you really, really, really, really, really, really wanted someone’s password you just have to








It's only going to become more of a problem imo. As computers become more wide-spread and easier to use there are more and more people who are going to believe that they will lose their hotmail account if they don't prove they still use it by sending their password to adminz0r@hotmail.com or need to fill in their bank details on americaneggspress.com.

We are the angry mob, we read the papers every day. We like who we like, we hate who we hate but we're also easily swayed!
Back to top
Profile PM Email Website
Benjamin
21
Years of Service
User Offline
Joined: 24th Nov 2002
Location: France
Posted: 20th Jul 2007 09:13
Link
Quote: "I don't see the purpose of making such applications as you can easily predict their affect[sic]."

I agree.

Tempest (DBP/DBCe)
Multisync V1 (DBP/DBCe)
Back to top
Profile PM Email
Phaelax
DBPro Master
21
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 23rd Jul 2007 10:46
Link
Quote: "Does anyone know of anything for Windows based servers?"


A tiny program which uses a set of rainbow tables runs on a small version of linux. We used it in my security class. With a bootable linux CD with nothing else on it but this program, we could get into the Windows system in about a minute or less. Granted you needed physical access to the machine.


Back to top
Profile PM Email Website
xplosys
18
Years of Service
User Offline
Joined: 5th Jan 2006
Playing: FPSC Multiplayer Games
Posted: 23rd Jul 2007 17:02
Link
Phaelax,

Perhaps I'm missing something here. Does this have something to do with stopping brute force attacks on a Windows server?

I'm sorry, my answers are limited. You must ask the right question.

Back to top
Profile PM
Back to top

Login to post a reply

Server time is: 2024-11-18 23:26:18
Your offset time is: 2024-11-18 23:26:18