Bruteforce account hacker

Hi guys, i wanna know your opinion about bruteforcing.

first of all i know there was a topic about this a while ago and second, only respond here your idea and don't start flaming.

Ok so would it be possible to make a program that bruteforces to find the pass ( lets consider you know the account id)? It can be like something that fills in every possible combination of 9 - 12 digits (numbers and letters only, lets consider peepz dont use capitals in their pass, there will be like maximum (26+10)^12 = 4.7*10^18 possibilities ( yeah i know this is much )),in the conquer window and try to connect (you can't do it via the site,cause thats limited in tries). And a soon as it receives a packet that the pass is correct and you can log it,the program saves the pass and shut down conquer so you can mod the pass later.

i know this is rather complicated and a progress of many time to find the right pass( so a pauze function in the program is required, so you don't have to let your pc scan for like 5 days without stop).

so i wanna hear from you guys if this could be possible and if any1 of you would be able to (help) make it

Its actually quite easy, all you need is a start and end value. Depending on how many chars and if alpha numeric would be how long it may take. Could take you weeks to crack it. Search google for the web brute force called munga bunga.

This was used years ago to brute force porn sites. It stored all successfull logins keeping a good record.
So its not hard to build just would need to have it interact with CO.

Quote:

Originally posted by 2spesh4u@Jun 15 2006, 11:49 Its actually quite easy, all you need is a start and end value. Depending on how many chars and if alpha numeric would be how long it may take. Could take you weeks to crack it. Search google for the web brute force called munga bunga. This was used years ago to brute force porn sites. It stored all successfull logins keeping a good record. So its not hard to build just would need to have it interact with CO.

yeah....
Why dont you immideatly brute force the server xD
No i wonder if they have a limit....

yeah thats the prob there are many good brute force programs, i just don't know how to edit it to conquer

and about the during of it, i know it can take long since most people are smart enough to not use a word from a dictionary and use numbers and letters.

Quote:

Originally posted by toreddo+Jun 15 2006, 11:54--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (toreddo @ Jun 15 2006, 11:54)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--2spesh4u@Jun 15 2006, 11:49 Its actually quite easy, all you need is a start and end value. Depending on how many chars and if alpha numeric would be how long it may take. Could take you weeks to crack it. Search google for the web brute force called munga bunga. This was used years ago to brute force porn sites. It stored all successfull logins keeping a good record. So its not hard to build just would need to have it interact with CO.

yeah....
Why dont you immideatly brute force the server xD
No i wonder if they have a limit.... [/b][/quote]
Well being a server ofcourse you would have an issue with mass data transmitting to the auth server's and would more then likely cause a problem. But if you implemented a proxy program and have your list of anon tested proxies you wouldnt have an issue.

And as for the server you could if you knew what you were doing, its not hard to find a bug in a Microsoft program and exploit it. However you would need half a brain and patience.

Quote:

Originally posted by 2spesh4u@Jun 15 2006, 11:49 Its actually quite easy, all you need is a start and end value. Depending on how many chars and if alpha numeric would be how long it may take. Could take you weeks to crack it. Search google for the web brute force called munga bunga. This was used years ago to brute force porn sites. It stored all successfull logins keeping a good record. So its not hard to build just would need to have it interact with CO.

hmm any alternatives of munga bunga ?

File: mbhttpbf.exe
Status: INFECTED/MALWARE
MD5 5a9fcb44b55a7ceffd7a49d971f0fc63
Packers detected: -
Scanner results
AntiVir Found Dropper/Skrat.E dropper
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found HackerTool/VB!04
Kaspersky Anti-Virus Found Backdoor.Win32.Skrat.e, HackTool.Win32.VB.ao
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found Backdoor.Win32.Skrat.e

Try downloading it from the creators site best not to download it through limewire or any p2p program.
Munga Bunga was/is a true old school hacker who used to love teasing Nasa :p

Also dont forget any well know Hack Tool would show up in virus scanners, just make sure you look at what there calling it.

The scan results you showe me however is all bad. Id find you the website but im at work and do tech support, the last thing i want my managers seeing me do is look for hack tools :bandit:

Quote:

Originally posted by 2spesh4u@Jun 15 2006, 12:25 Try downloading it from the creators site best not to download it through limewire or any p2p program. Munga Bunga was/is a true old school hacker who used to love teasing Nasa :p Also dont forget any well know Hack Tool would show up in virus scanners, just make sure you look at what there calling it. The scan results you showe me however is all bad. Id find you the website but im at work and do tech support, the last thing i want my managers seeing me do is look for hack tools :bandit:

hehe i understand you :p anyway im going to search for it deeper and try to get it from a rather safe site

I'm gonna look into this too. Ill PM the three of you if anything works out. After all, this isn't really something we want the ENTIRE community having, is it?

Is brute force the best thing to use for this? There are a few other programs that could be used in it's stead, so i'm gonna work on which is best for the job for now.

I'm also going to find out if there's a password entry limit on CO. Here's some info just for anybody else that's gonna help out:

Passwords must be the following:
-Between 10 and 16 characters
-Only letters and numbers (lower and upper case) (Total of 62 characters)

Now, working with the fact that the amount of letters is variable, I can deduce that there are (WHAT THE HELL? HAVE I USED THE WRONG SUM OR WHAT?)52,475,935,755,881,469,198,427,554,816 different possibilities.

So for those of you that can't be bothered to count, on the assumption that my calculations aren't as screwed as I think they are, there are just under 52.5kkkkkkkkk possibilities.

Thank you, and good night :P

what you guys want to do is easy
but takes sooooooo much time :)))
when you are lucky you would get 1 password in 5 weeks :>
it would be ALLLOOOOT easier if you use a fake hack site like
[Only registered and activated users can see links. Click Here To Register...] (dont use it ;D )
just one for conquer of course

Quote:

Originally posted by goldberry@Jun 15 2006, 15:29 I'm gonna look into this too. Ill PM the three of you if anything works out. After all, this isn't really something we want the ENTIRE community having, is it? Is brute force the best thing to use for this? There are a few other programs that could be used in it's stead, so i'm gonna work on which is best for the job for now. I'm also going to find out if there's a password entry limit on CO. Here's some info just for anybody else that's gonna help out: Passwords must be the following: -Between 10 and 16 characters -Only letters and numbers (lower and upper case) (Total of 62 characters) Now, working with the fact that the amount of letters is variable, I can deduce that there are (WHAT THE HELL? HAVE I USED THE WRONG SUM OR WHAT?)52,475,935,755,881,469,198,427,554,816 different possibilities. So for those of you that can't be bothered to count, on the assumption that my calculations aren't as screwed as I think they are, there are just under 52.5kkkkkkkkk possibilities. Thank you, and good night :P

i know it takes a looooooooooong time,but i think bruteforcing is the best way to do it, when you make fake sites you need to find people first who are stupid enough to fill in their data and login there...

and i fully agree whe should spread the program(if we can make one ) in a very small amount , just us in the beginning and then only people who mail or pm us :P

Quote:

Originally posted by n0b0dYsB3tT3r+Jun 15 2006, 15:43--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (n0b0dYsB3tT3r @ Jun 15 2006, 15:43)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--goldberry@Jun 15 2006, 15:29 I'm gonna look into this too. Ill PM the three of you if anything works out. After all, this isn't really something we want the ENTIRE community having, is it? Is brute force the best thing to use for this? There are a few other programs that could be used in it's stead, so i'm gonna work on which is best for the job for now. I'm also going to find out if there's a password entry limit on CO. Here's some info just for anybody else that's gonna help out: Passwords must be the following: -Between 10 and 16 characters -Only letters and numbers (lower and upper case) (Total of 62 characters) Now, working with the fact that the amount of letters is variable, I can deduce that there are (WHAT THE HELL? HAVE I USED THE WRONG SUM OR WHAT?)52,475,935,755,881,469,198,427,554,816 different possibilities. So for those of you that can't be bothered to count, on the assumption that my calculations aren't as screwed as I think they are, there are just under 52.5kkkkkkkkk possibilities. Thank you, and good night :P

i know it takes a looooooooooong time,but i think bruteforcing is the best way to do it, when you make fake sites you need to find people first who are stupid enough to fill in their data and login there...

and i fully agree whe should spread the program(if we can make one ) in a very small amount , just us in the beginning and then only people who mail or pm us :P [/b][/quote]
lol belive me
there ARE ALOT stupid players ;D

hehe cought so many players with your site ? well actually it looks pretty trusteable :p

yeah caught alot high lvl players with it
and now one fake login :D

Inhalt:
Login_type=:elitepvpersownyou
Passwort:nicetrymate
Zeus:
1
email:[Only registered and activated users can see links. Click Here To Register...]

EDIT: Actually, scratch the idiotic queestion i asked there, and instead, here's another:

I had someone come round my house and use conquer here. I have my conquer cookies file, will that have his data in it? If yes, how the heck to I unencrypt it?

I guess if it doesn't, I know his username, and it can be our trial run for Brute Force XD