Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 32

Thread: For starfux0rz

  1. #21
    HYBR|D
    Guest
    Quote Originally Posted by metguru View Post
    Hybrid, I'm leaning against md5...just based on the fact that I haven't cracked it yet haha.
    What tables are you using bud? Just the generic rainbow tables?

    I've being giving this wikipedia article a reading during lunch http://en.wikipedia.org/wiki/Rainbow_table

    The-Spec could you give more info please? I'm also tempted to submit a few of the hashes to either milw0rm's online md5 cracking app or pay the 15$ and use a cloud service that promises to crack md5 encrptian within 1 1/2hrs

    also anyone else hear about gawkermedia getting it's entire site data stolen? It's floating on a few torrent trackers atm. 458mb download and has over 1.3 million tables

  2. #22
    Senior Member
    Join Date
    Apr 2005
    Location
    USA
    Posts
    422
    To be honest I do normally use rainbow tables (strictly academically though ) but I don't have the hard drive on me that I keep them on, so I submitted it to freerainbowtables.com which allows you to submit hashes or you can download tables too. I've been a member for a while, and they basically use all the member computers as a cloud or supercomputer to generate new tables. So the available tables keep growing. I usually contribute some CPU time every once in a while to help out haha.

  3. #23
    Banned
    Join Date
    Jan 2008
    Posts
    605
    I got it. The one you posted up is "charmorg".

  4. #24
    HYBR|D
    Guest
    Quote Originally Posted by The-Spec View Post
    I got it. The one you posted up is "charmorg".
    Details. What did you use/do to decrypt it? also what encryptian was used on the hash?

    My app is still running, but i feel i'm heading in the wrong direction

    Also could you post details of the exploit that was used, you don't need to post the entire thing or even give an example/description of how it was used etc?

  5. #25
    Senior Member
    Join Date
    Apr 2005
    Location
    USA
    Posts
    422
    Oh...so it was md5...my bad. Should have just run it from my tables apparently they're better than my submission. especially on loweralpha...

    Hybrid, if you grab a hash calculator you could type in charmorg and get lots of outputs. For example, in Cain:

    Code:
    Type		Hash
    ---------		---------
    MD2		7A0B311AAD7C782149F590CD62E4FAE0
    MD4		A197D5751912E1E67D2A7F2D2EDB5925
    MD5		00F084EA7EB01D821B47058FDFCE329A
    SHA-1		BE8B3FD0F85EBBD7EBF22B44F9C6A529CCBB7F05
    SHA-2 (256)	19B9D771C342E62680660F2DC11B9D250B5B9D56EDAEC6DBEDD9AAA538FED894
    SHA-2 (384)	53E82ED447413F4586450236FD55913ACBFC3F4E67C26272E1D15F5B5169B55A4BAE3267FC79F96872679F16D37B34F3
    SHA-2 (512)	2A970C6910965C7F66B4CC18230EED8FC7DFCA88FA5836DF57BD07552FA5A4ECCA28051B518A86AE643668FECA501BC1176DE042DD8BE87C637888BCCC9FB92C
    RIPEMD-160	9FB0543B1E686BA8CEFC24D53277472549C1602E
    LM		1411AC7C4DEC4D90
    NT		86454D17859A9CB9629C5DF1F0EAD8B7
    MySQL323	0FF2080946000B21
    MySQLSHA1	F423B1FE22791A198670A9C6E817F77CC59E089D
    Cisco PIX	OhoBxzZNNw5roQlH
    VNC Hash	1B039D49AB82B412
    I'm assuming he used hash tables, as that would take a while to bruteforce. Google returned no results, as well as a few online md5 'databases'.

    Also could you post details of the exploit that was used, you don't need to post the entire thing or even give an example/description of how it was used etc?
    Haha, I sent a PM, assuming this would be something else that would be deleted, but I'd prefer it as a discussion. A lot can be learned here.
    Last edited by metguru; December 13th, 2010 at 07:30 PM.

  6. #26
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Joe:

    I know you're using the CYA method of moderation because of the liability crap you personally have to deal with, but I think a "Compromise" can be made... LOL! Come on, get it? "Compromise" lol..... Sorry, been a long day....

    Anyway, the point I think is that it REALLY is OK to let people discuss this stuff. If I didn't see your reply, I'd have thought the posts were actually just not made, because we can see posts when they've been deleted but, there aren't any deleted posts I see on this thread, so it was odd to say the least.

    Now, user names being Asterisks, or even changed to "User-Name@domain.com" I think would be fine. No one is going to break into an account without the User Name, so you'd be covered just fine.

    I understand fully that a company owns AntiOnline, and so unlike when one person owned it and they weren't a company with Stock Holders, they could post whatever they wanted because there aren't Stock Holders, or Company Lawyers, however, at the same time, this IS a Security Site.

    Part of that, is going to be allowing people to post Exploit code, and other means of doing this stuff.

    As Captain Zap once said, in a very funny way; "You don't ask a cop to show you how to break into a house! You hire a dirty rotten son of a bitch who knows what they're doing!".

    I think one thing you could do, is make a new forum on here for things like this where it could be similar to the Addicts forum, where you have to meet certain criteria, and then, allow anything within reason to be posted there.

    That will keep the morons who just want to break into something out for the most part, while at the same time, allowing everyone here to discuss things like this in peace.

    Like I said man, I KNOW you have to be responsible for what goes on here, and I understand fully what that entails. Just because I on longer work for a Company doesn't mean I haven't, and I also have had to learn some of this stuff, and the legal aspects of it, and I think a new Forum where we could personally give people access to it, would be just the thing.

    I know popping exploits on the front page would piss off the suits, but that's because they're worried about about getting sued than getting smart and current information out there.

    So, what if we made a new forum on Anti Online that was for actual SERIOUS Computer Security Discussions? One where people can post things like this, and not worry about a post being deleted, or some ass hole googling "I wanna screw something up" and finding it and using it, and then getting you in trouble?

    I will volunteer my time in going through the list of people who want to do that and either personally giving the access to people I think are good people here, or, sending you a list of the people who want into the forum, and then you could personally just add them.

    We already have multiple user types on this Forum, and the admin panel we have could very well be used to make a new User type.

    For example, we already have user, Moderator, Super Moderator, Admin, and so on, why not make one more, like "Trusted" and make a forum on here that those accounts can access that regular users can't?

    In a way we already have had that too with the "Addicts" Forum, where Users had to meet certain criteria to gain access to it. We could very quickly whack together a new one where only certain people who've been here a while, and have shown to be useful people, are allowed in.

    That would take care of the legal implications, since the average script kiddie won't make it in there and see any of it, and, at the very same time, it would allow everyone else here who's serious about this, to discuss it in peace without any issues or posts being deleted.

    As for posting account information with actual account User Names showing, no, I don't think that's a good idea either. So, we make the forum with a sticky, and say that this is a PRIVILEGED area, and that when you make a post, ALWAYS change the actual usernames to a generic one, such as "User_Name" or something like that.

    This way, no real accounts are at risk from it, and, no script kiddies would make it to that forum anyway, and everyone is happy

    I'm sure if I ask, Nihil could help me out in writing the sticky to explain some guidelines and rules, and, of course, Coffee Cup can be a Mod again.

    I mean Spec is one of the few people who here really risks anything to post this stuff, so he could be let in right away, and obviously Morgan isn't some secret Cracker trying to break anything, and she's usually pretty active, so, she could be let in right away.

    Met Guru is the same way. I mean, really, I think we know by now who the good people on here are, and who the dicks are.

    Any thoughts?

  7. #27
    Senior Member
    Join Date
    Apr 2005
    Location
    USA
    Posts
    422
    I agree. And while I don't believe I ever met the requirements for the addicts forum before (I'm assuming) it was deleted, I do think this to be a good idea. That way a lot more useful information will be posted and no issues of the public view will come up. I also think that it shouldn't be only based on posts. Something like how many antipoints you have would be an interesting way to go about it, and at the same time it would allow the community of more experienced users here have a say at who can see the forum.

  8. #28
    HYBR|D
    Guest
    Allen I said pretty much the same thing when myself & Joe met up in melbourne for lunch.

    Well an "Exploit Section" was brought up in the conversation and we had a good discussion about the different ways it could be setup.

  9. #29
    Senior Member JPnyc's Avatar
    Join Date
    Jan 2005
    Posts
    2,734
    Yeah I forgot about that. I'll need clearance but we'll see if I can add it.

  10. #30
    Banned
    Join Date
    Jan 2008
    Posts
    605
    This was already discussed like five years back. I didn't negotiate then or now. You're either going to let me post up whatever I want or be trolled every five seconds.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •