Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

young HACKER's training: pass gen :)))

 
Ivan Jouikov
Ranch Hand
Posts: 269
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!!!
Please don't laugh at me... I am only 16 years old and I was sitting and thinking about which porn web site should I watch when an accident happened and THE THOUGHT was born inside my head... here's a result:


In a nutshell, this is a program that reads words from a dictionary and plugs them into parameters of the given URL...
Now The question is... how would you check for the result of that "hacking"? I mean whether you succeeded with your pass or not? Since its my own web, I simply print out either "true" or "false" and check that.... But in a real life situation, what would YOU do?
I'd guess try some random pass, capture the output of failed login, and then compare it in the program?
Thankx in advance,
Ivan
 
Ivan Jouikov
Ranch Hand
Posts: 269
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here's the proof :
index.jsp:

 
Ivan Jouikov
Ranch Hand
Posts: 269
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
One more question... the dictionary I am using is in the following format:

I understand most of the ,' args:
\ = cut off the last char of the original word
" = double the last char of the original word
nothing = just append it
but I don't know what does ' mean.... anybody thinks differently enough?
 
narasimharao konjeti
Ranch Hand
Posts: 130
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
is there any special trying for that, i need details.
c..u...
regards
 
Ivan Jouikov
Ranch Hand
Posts: 269
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
trying for what???
Btw, here's an updated version which works with the dictionary (except 's) + lowercases them:
 
Ivan Jouikov
Ranch Hand
Posts: 269
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
An example of output:


I cut out a lot of it... it was run on the following dictionary:

So.. anybody has any suggestions regarding my question in the first post (and the one about 's) ??
 
Ivan Jouikov
Ranch Hand
Posts: 269
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Btw, the web where I got the dictionary is:
http://pdp-10.trailing-edge.com/bb-l014w-bm_tops20_v7_0_atpch_23/01/autopatch/password.dictionary
If you don't want to wast time printing to the console, do the following to your main:

+ do some uncommenting... and here's my result with the REAL dictionary:
Attempts: 1000
Attempts: 2000
Attempts: 3000
Attempts: 4000
Attempts: 5000
Attempts: 6000
Attempts: 7000
Attempts: 8000
Attempts: 9000
Attempts: 10000
Attempts: 11000
Attempts: 12000
Attempts: 13000
Attempts: 14000
Attempts: 15000
Attempts: 16000
Attempts: 17000
Attempts: 18000
Attempts: 19000
Attempts: 20000
Attempts: 21000
Attempts: 22000
Attempts: 23000
Attempts: 24000
Attempts: 25000
Attempts: 26000
Attempts: 27000
Attempts: 28000
Attempts: 29000
SUCCESS! PASSWORD HAS BEEN FOUND: "cool"
Total attempts: 29644
Seconds taken: 1347

(the seconds are inaccuarte - divide by extra 10 )
Well, I am off to bed
 
Ron Newman
Ranch Hand
Posts: 1056
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't see any Servlet here -- is this thread in the wrong folder?
 
Cindy Glass
"The Hood"
Sheriff
Posts: 8521
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
First of all JavaRanch does not approve or support any Hacker activity. :roll:
Second, this is not a servlet so I am moving this topic to Java In General - Intermediate.
 
Ivan Jouikov
Ranch Hand
Posts: 269
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This isnt hacker activity... and it does belong to Servlets (or web at least) since my question is how do you handle that input....

any answers?
 
Michael Morris
Ranch Hand
Posts: 3451
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Ivan Jouikov:
This isnt hacker activity... and it does belong to Servlets (or web at least) since my question is how do you handle that input....

any answers?

Cindy is right this is a Java in General topic. If you have a specific question regarding the use of Servlets or JSP then post a new topic there. If you want some more dictionaries try Cult of the Dead Cow or better yet buy a copy of Hacking Exposed. If you want, I can send you some pretty voluminous dictionaries. If you want to take this to another level, you will need to modify your code to append simple numbers and make it multi-threaded to split the dictionary up to try multiple entries at once.
 
Ivan Jouikov
Ranch Hand
Posts: 269
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thx... can you send the dics to ivj@comcast.net please?
And yes, I want to take it to the next level, and I will.
 
Jim Yingst
Wanderer
Sheriff
Posts: 18671
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
First of all JavaRanch does not approve or support any Hacker activity.
Of course we do. Hacking == good. Cracking == evil. Usually. This thread is about cracking, not hacking.
[ July 25, 2003: Message edited by: Jim Yingst ]
 
Michael Morris
Ranch Hand
Posts: 3451
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Jim Yingst:
First of all JavaRanch does not approve or support any Hacker activity.
Of course we do. Hacking == good. Cracking == evil. Usually. This thread is about cracking, not hacking.
[ July 25, 2003: Message edited by: Jim Yingst ]

Cracking is only evil in certain cotexts. If you are doing a security audit on your users for password strength that's OK. Trying to break into corporate networks ain't. But it's unlikely that our neophyte hacker is going to get very far with a brute force dictionary attack there anyway. His IP will be flagged and restricted after the 10th or so failure.
 
Ivan Jouikov
Ranch Hand
Posts: 269
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I is youngosrz 1337 haxorz
 
Jim Yingst
Wanderer
Sheriff
Posts: 18671
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Cracking is only evil in certain cotexts.
True, true. I did say "usually".
I is youngosrz 1337 haxorz
See, now we know he's evil.
 
Simon Harvey
Ranch Hand
Posts: 79
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What a funny bloke!
Given that we know that he got this idea by thinking about how he could rip off a porn site, should we really help?
I'm all for helping in the search for knowledge, but in this instance, there is a reasonable chance that our hacker is actually a cracker. Don't you think?
Come on Ivan. If you own up now you won't get in trouble. Did you want to see the kinky ladies. Its ok, we're not angry at you, but you really shouldnt steal....

Keep it real (or something)
Simon
 
Michael Morris
Ranch Hand
Posts: 3451
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey Simon let's just try to guide him and keep the FBI off his case. Who knows he may become the next security guru for M$. God knows they could use one!
 
Ivan Jouikov
Ranch Hand
Posts: 269
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hmm... now you're giving me ideas... I actually didn't think about ripping off a porn site but now I am... my official porn provider is stileproject.com...
But about cracking... yes I DO want to be a cracker... and a hacker ))
But it all starts with knowledge dont it?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic