Page 2 of 4
Posted: Mon Mar 08, 2004 5:58 am
by m3mn0n
malcolmboston wrote:so hopefully im safe from such misdeameanors *fingers crossed*
Yeah if you're application is not open source, the likelyhood of such events is slim to none.
But then again, anything
could happen.
Hey I finished the experiment, check your pm malcolm.
Posted: Mon Mar 08, 2004 6:03 am
by malcolmboston
lol sami ill put it on a web server now, shall i give everyone the address?
Posted: Mon Mar 08, 2004 6:05 am
by m3mn0n
I don't see why not!

Posted: Mon Mar 08, 2004 6:13 am
by malcolmboston
THERE YA GO PEEPS
find it here
here
nice script btw

[/url]
Posted: Mon Mar 08, 2004 6:14 am
by malcolmboston
told ya's it worked

Posted: Mon Mar 08, 2004 6:17 am
by JayBird
check here for some Brute Force Dictionary tools -
http://neworder.box.sk/codebox.search.p ... dictionary
There is already and md5 attack file there but the link ain't working.
Mark
Posted: Mon Mar 08, 2004 6:21 am
by malcolmboston
<--- thinks bech had that page as his homepage
very interesting bech good find buddy
Posted: Mon Mar 08, 2004 6:24 am
by m3mn0n
ty
Yeah, great link.

Posted: Mon Mar 08, 2004 6:28 am
by JayBird
obviously, you can stop this kind of brute force attack by only allowing 3 attempts at login every 5 mins or something like that, or getting the user to enter a code from an image generated by the GD functions.
Mark
Posted: Mon Mar 08, 2004 6:29 am
by malcolmboston
edit: put below samis comment so message made sense
Posted: Mon Mar 08, 2004 6:29 am
by m3mn0n
Bech100 wrote:obviously, you can stop this kind of brute force attack by only allowing 3 attempts at login every 5 mins or something like that, or getting the user to enter a code from an image generated by the GD functions.
Mark
Not if they have raw database rows, as we discussed earlier.

Posted: Mon Mar 08, 2004 6:34 am
by JayBird
Sami wrote:Bech100 wrote:obviously, you can stop this kind of brute force attack by only allowing 3 attempts at login every 5 mins or something like that, or getting the user to enter a code from an image generated by the GD functions.
Mark
Not if they have raw database rows, as we discussed earlier.

True, i was talking of a web-based attack though.
Mark
Posted: Mon Mar 08, 2004 6:35 am
by malcolmboston
to further divulge into what bech was saying (and to make it obvious what he was talking about)
from evil site wrote:
MD5 Dictionary Attack - Program to crack md5 passwords using dictionary attack ,program name: MD5 dictionary attack, size : 226 kb zipped, 480kb unzipped , speed: 1160000 word per minute ,ver: 1.5 , supported Os: windows 98/me/2k/xp,
about the english language wrote:
The OED2, the largest English-language dictionary, contains some 290,000 entries with some 616,500 word forms. Of course, there are lots of slang and regional words that are not included and the big dictionary omits many proper names, scientific and technical terms, and jargon as a matter of editorial policy (e.g., there are some 1.4 million named species of insect alone). All told, estimates of the total vocabulary of English start at around three million words and go up from there.
ok lets do some calculations here guys
lets give the english language a generous 4 million words (estimated 3 million) and bear in mind that script can do supposedly 1.16 million words per minute
holy <span style='color:blue' title='I'm naughty, are you naughty?'>smurf</span> wrote:
it would take under 3 minutes to get a 'proper word' password
Posted: Mon Mar 08, 2004 6:42 am
by m3mn0n

Impressive, yet scary.
But to make it work to it's full potential, you'd have to include all those weird scientific names, like elements and whatnot, and also bug names, etc.
And that would bring the number of entries to check nearly 10 million (rough estimate).
Posted: Mon Mar 08, 2004 6:44 am
by malcolmboston
<--- will remember in future to make sites more secure than amazon
