http based password crackers

[NetwrkBurn]

http based password crackers are the dumbest thing to hit the net cause unless you have a really fast internet connection it takes for ever and about an hour of dictionary or brute forceing the webmaster will probley notice.

"Worst tatic ever"

[Keisha]

Thank you for showing that you have a keen grasp of the obvious.

Now precisely -how- would you know how long it takes?

-Keisha

[NetwrkBurn]

im guessing

[p0rtsniprX]

LOL ur not supposed to do that or talk about it on AntiOnline or CyberArmy

[Palemoon]

LOL Keisha, I'd like to know also how you arrived at your quess. Password crackers are flawed always will be in a few ways. One the assumption that a user name is in English and even if it is perhaps it is a transulation. Two if it were not English, well look to WWII (That means World War Two) Navaho Code takers took English in transulated into their native American Indian language and back to English, the code was never broken. I know this cause I speak more then one language oops I can take a name transulate it into a native tongue and back to english it is not the same. This is the user name part never for your standard user just the admin name, then the password the same can be applyed here also, although my favorite way for long pass words is to use a text editor bang my head on my keyboard roll it around a minute or two take a random as long as I can cut and paste and put into the password field after making note of it. So I have yet to see a bang your head multi languaged cracker yet..LOL works for me

[valhallen]

Palemoon doesn't matter what language it is in - a proper brute force attack does not use a dictionary file but goes through all letters, numbers, speacil characters in sequence.
Like: aaaaaa then aaaaab then aaaaba then aaabaa then aabaaa
and so on when u think how many possible combinations there is thats alot of guesses
esp as my example above deals with a 6 digit long pass - what if you don't know the length of the pass?? brute forcing an online password just cannot be done! If the admin on the otherside doesn't pick up on it - your own isp will !

Cracking a 6 digit .zip pass took 2 & a bit hrs on my comp (ok so am running a 166mhz not exactly uber-fast) imagine if you were doing that over an internet connection? heh

by the way for those of you who are intrested I had to crack it for some wargame I was playing a while ago :P

v_Ln

[cybermagellan]

HTTP Password crackers?, now I am not really a hacker per se, I just look for security flaws and use them..(hacker?) But if I am correct are you using a java script to crack a password on a host machine? If I am right that doesn't sound like the securest thing that I know of...prehaps I am missing the concept?

[souleman]

cybermagellan> There are a couple of sites that allow you to post an NT password file, and it will return the passwords for you. I will admit that I made a couple of test files for this, just to see how they work. One of them was pretty fast (unfortunately). It didn't work very good on "complicated" passwords, but it got almost of the letters correct.

I agree that these things suck, but not for the same reason. It has nothing to do with the speed of them, and all to do with the fact that it just sets up script kiddies with another tool, and they don't even have to download a program to use it....

[Guus]

<offtopic>souleman, let me be the first to congratulate you with your new signature

[cybermagellan]

OK cause for some reason I thought that it was done with an interactive cookie of some type. Just didn't make sense to me, why would you do that?...sorry my bad kinda new at the whole forum thing just found out how to access admin shares on a comp so I have some catching up to do.