wood burning stoves 2.0*
The moose likes Java in General and the fly likes young HACKER's training:  pass gen :))) Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Java » Java in General
Bookmark "young HACKER Watch "young HACKER New topic
Author

young HACKER's training: pass gen :)))

Ivan Jouikov
Ranch Hand

Joined: Jul 22, 2003
Posts: 269
Hi!!!
Please don't laugh at me... I am only 16 years old and I was sitting and thinking about which porn web site should I watch when an accident happened and THE THOUGHT was born inside my head... here's a result:


In a nutshell, this is a program that reads words from a dictionary and plugs them into parameters of the given URL...
Now The question is... how would you check for the result of that "hacking"? I mean whether you succeeded with your pass or not? Since its my own web, I simply print out either "true" or "false" and check that.... But in a real life situation, what would YOU do?
I'd guess try some random pass, capture the output of failed login, and then compare it in the program?
Thankx in advance,
Ivan
Ivan Jouikov
Ranch Hand

Joined: Jul 22, 2003
Posts: 269
Here's the proof :
index.jsp:

Ivan Jouikov
Ranch Hand

Joined: Jul 22, 2003
Posts: 269
One more question... the dictionary I am using is in the following format:

I understand most of the ,' args:
\ = cut off the last char of the original word
" = double the last char of the original word
nothing = just append it
but I don't know what does ' mean.... anybody thinks differently enough?
narasimharao konjeti
Ranch Hand

Joined: Apr 26, 2003
Posts: 130
is there any special trying for that, i need details.
c..u...
regards


"Unwise to sweat petty stuff, wise to pet sweaty stuff."
Ivan Jouikov
Ranch Hand

Joined: Jul 22, 2003
Posts: 269
trying for what???
Btw, here's an updated version which works with the dictionary (except 's) + lowercases them:
Ivan Jouikov
Ranch Hand

Joined: Jul 22, 2003
Posts: 269
An example of output:


I cut out a lot of it... it was run on the following dictionary:

So.. anybody has any suggestions regarding my question in the first post (and the one about 's) ??
Ivan Jouikov
Ranch Hand

Joined: Jul 22, 2003
Posts: 269
Btw, the web where I got the dictionary is:
http://pdp-10.trailing-edge.com/bb-l014w-bm_tops20_v7_0_atpch_23/01/autopatch/password.dictionary
If you don't want to wast time printing to the console, do the following to your main:

+ do some uncommenting... and here's my result with the REAL dictionary:
Attempts: 1000
Attempts: 2000
Attempts: 3000
Attempts: 4000
Attempts: 5000
Attempts: 6000
Attempts: 7000
Attempts: 8000
Attempts: 9000
Attempts: 10000
Attempts: 11000
Attempts: 12000
Attempts: 13000
Attempts: 14000
Attempts: 15000
Attempts: 16000
Attempts: 17000
Attempts: 18000
Attempts: 19000
Attempts: 20000
Attempts: 21000
Attempts: 22000
Attempts: 23000
Attempts: 24000
Attempts: 25000
Attempts: 26000
Attempts: 27000
Attempts: 28000
Attempts: 29000
SUCCESS! PASSWORD HAS BEEN FOUND: "cool"
Total attempts: 29644
Seconds taken: 1347

(the seconds are inaccuarte - divide by extra 10 )
Well, I am off to bed
Ron Newman
Ranch Hand

Joined: Jun 06, 2002
Posts: 1056
I don't see any Servlet here -- is this thread in the wrong folder?


Ron Newman - SCJP 1.2 (100%, 7 August 2002)
Cindy Glass
"The Hood"
Sheriff

Joined: Sep 29, 2000
Posts: 8521
First of all JavaRanch does not approve or support any Hacker activity. :roll:
Second, this is not a servlet so I am moving this topic to Java In General - Intermediate.


"JavaRanch, where the deer and the Certified play" - David O'Meara
Ivan Jouikov
Ranch Hand

Joined: Jul 22, 2003
Posts: 269
This isnt hacker activity... and it does belong to Servlets (or web at least) since my question is how do you handle that input....

any answers?
Michael Morris
Ranch Hand

Joined: Jan 30, 2002
Posts: 3451
Originally posted by Ivan Jouikov:
This isnt hacker activity... and it does belong to Servlets (or web at least) since my question is how do you handle that input....

any answers?

Cindy is right this is a Java in General topic. If you have a specific question regarding the use of Servlets or JSP then post a new topic there. If you want some more dictionaries try Cult of the Dead Cow or better yet buy a copy of Hacking Exposed. If you want, I can send you some pretty voluminous dictionaries. If you want to take this to another level, you will need to modify your code to append simple numbers and make it multi-threaded to split the dictionary up to try multiple entries at once.


Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius - and a lot of courage - to move in the opposite direction. - Ernst F. Schumacher
Ivan Jouikov
Ranch Hand

Joined: Jul 22, 2003
Posts: 269
thx... can you send the dics to ivj@comcast.net please?
And yes, I want to take it to the next level, and I will.
Jim Yingst
Wanderer
Sheriff

Joined: Jan 30, 2000
Posts: 18671
First of all JavaRanch does not approve or support any Hacker activity.
Of course we do. Hacking == good. Cracking == evil. Usually. This thread is about cracking, not hacking.
[ July 25, 2003: Message edited by: Jim Yingst ]

"I'm not back." - Bill Harding, Twister
Michael Morris
Ranch Hand

Joined: Jan 30, 2002
Posts: 3451
Originally posted by Jim Yingst:
First of all JavaRanch does not approve or support any Hacker activity.
Of course we do. Hacking == good. Cracking == evil. Usually. This thread is about cracking, not hacking.
[ July 25, 2003: Message edited by: Jim Yingst ]

Cracking is only evil in certain cotexts. If you are doing a security audit on your users for password strength that's OK. Trying to break into corporate networks ain't. But it's unlikely that our neophyte hacker is going to get very far with a brute force dictionary attack there anyway. His IP will be flagged and restricted after the 10th or so failure.
Ivan Jouikov
Ranch Hand

Joined: Jul 22, 2003
Posts: 269
I is youngosrz 1337 haxorz
Jim Yingst
Wanderer
Sheriff

Joined: Jan 30, 2000
Posts: 18671
Cracking is only evil in certain cotexts.
True, true. I did say "usually".
I is youngosrz 1337 haxorz
See, now we know he's evil.
Simon Harvey
Ranch Hand

Joined: Jan 26, 2003
Posts: 79
What a funny bloke!
Given that we know that he got this idea by thinking about how he could rip off a porn site, should we really help?
I'm all for helping in the search for knowledge, but in this instance, there is a reasonable chance that our hacker is actually a cracker. Don't you think?
Come on Ivan. If you own up now you won't get in trouble. Did you want to see the kinky ladies. Its ok, we're not angry at you, but you really shouldnt steal....

Keep it real (or something)
Simon
Michael Morris
Ranch Hand

Joined: Jan 30, 2002
Posts: 3451
Hey Simon let's just try to guide him and keep the FBI off his case. Who knows he may become the next security guru for M$. God knows they could use one!
Ivan Jouikov
Ranch Hand

Joined: Jul 22, 2003
Posts: 269
Hmm... now you're giving me ideas... I actually didn't think about ripping off a porn site but now I am... my official porn provider is stileproject.com...
But about cracking... yes I DO want to be a cracker... and a hacker ))
But it all starts with knowledge dont it?
 
 
subject: young HACKER's training: pass gen :)))