Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 08-14-2002, 09:06 PM
Warlord's Avatar
Warlord Warlord is offline
 
Join Date: Jan 2002
Location: TN, USA
Posts: 668
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Decrypting Member passwords...

Is it possible? And if so, how?
Reply With Quote
  #2  
Old 08-14-2002, 10:26 PM
tHE DSS's Avatar
tHE DSS tHE DSS is offline
 
Join Date: Jun 2002
Location: UK
Posts: 113
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

No.

If you're using a version of vB where passwords are stored encrypted (hashed, with md5() http://www.faqs.org/rfcs/rfc1321.html), which I assume you are, then no... because the hashing system isn't meant to be reversable.

You can try to brute force passwords.... but DAMN, you gotta have a fast computer.

I actually started writing one in C the other week, just for fun.... but upon benchmarking it, and finding that to go through all possible combinations, my 500Mhz AMD would take a few thousand years... I thought.... FORGET IT!!!
Reply With Quote
  #3  
Old 08-14-2002, 11:54 PM
Neo's Avatar
Neo Neo is offline
 
Join Date: Oct 2001
Location: Anywhere
Posts: 1,817
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hey I need a good brute force password program
Reply With Quote
  #4  
Old 08-15-2002, 08:16 AM
Dean C's Avatar
Dean C Dean C is offline
 
Join Date: Jan 2002
Location: England
Posts: 9,071
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

i got a 2ghz processor... would that be fast enuff?
Reply With Quote
  #5  
Old 08-15-2002, 09:15 AM
Neo's Avatar
Neo Neo is offline
 
Join Date: Oct 2001
Location: Anywhere
Posts: 1,817
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

no you need atleast a 5TB to run it correctly.
Reply With Quote
  #6  
Old 08-15-2002, 04:37 PM
tHE DSS's Avatar
tHE DSS tHE DSS is offline
 
Join Date: Jun 2002
Location: UK
Posts: 113
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Innit.... serious (government type) computer power is needed for really effective brute force.

I first had a small PHP script, which used merged dictionary files and common password files (was over 27Mb in the end) - the script read through each line of the file one by one, encrypted (hashed) the line (word) to the md5 standard and then checked the result against the encrypted (hashed) password I wanted to "crack".

Not effective enough.... most peeps these days DO know how to pick secure passwords. A 27Mb dictionary file, didn't crack any of the 3 passwords I tried.

That's why I went onto C, hoping to harness it's speed, so I could make a "string ticker", rather like clocking from '000000' right through to 'zzzzzzzzzzzzzzzzzzzz' (or, z * 20).

I decided to base the main rule on most people having a password between 6 and 20 characters long, all lowercase, containing only alphanumeric characters.

Ticking through the possible combinations, I benchmarked a couple of days (this is from my memory... I can't remember real accurate scores)... but upon adding the MD5 algol., that is, generating the string value, hashing it to an MD5 string, then comparing it against the password to crack... then moving on if no match found..... man... that's when the scores went through the roof like crazy... NOT A CHANCE ON THE HOME COMPUTER!!

I thought then, that I could cut out some "noise", by generating the string, then checking for, say, 3+ duplicate characters in a row, if "true", generate again until "false", then hash, then compare.

... a few more "noise" cutting features, then "threading" the routine (high priority thread) to gain as much of the computer power as possible whilst running.... and then seeing how that affected the scores.

But man... doesn't it just sound like too much trouble!!! :speechless: :cross-eyed: :nervous:

Yep, i'm not one of them geeks that could just work work work in a coding env.... too much work on at the moment already.... and a girlfriend. :cheeky:

Basically, don't bother hassling trying to crack passwords, unless you got a couple of £million to spend on a hefty computer, or set of computers.

Or, if you can round up a whole community, like this one, to each exectute a section of combinations each...... doubt that very much though.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 07:37 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05411 seconds
  • Memory Usage 2,208KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (6)post_thanks_box
  • (6)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (6)post_thanks_postbit_info
  • (6)postbit
  • (6)postbit_onlinestatus
  • (6)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete