Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
Most popular password.
-
10-03-2003 6:42pm#1
Comments
-
-
-
-
-
-
Advertisement
-
This is interesting, however may I comment a little, immature with this, i may be.
i'm intoxicated and can`t get the words out right.
Brute force crackers are on the way, most vulnerable are Win9x systems over a local network, consider NT probable..
Whats the speed like between one computer and another in a local network?..think about it.
So..point is, simply password protecting a resource WILL NOT matter, especially where windoes is concerned, logged or not.
If a computer is compromised, why not delete the logs as if nothing happened?
Thats a good idea...lets do that....etc..etc
Never think you know enough, you never will.
"Ginpac" has the example, spod..hello!!
Sniffers are also a future feature of viruses..
As was shown in some E-zines in the past.
To comment on shellcode by LSD..
In NO way am I criticising them for the work with shellcodes for Win32, it was an excellent paper..about time.
Although most what was covered was already known.
but all I will say is that the code they presented could be alot smaller...optimised.
Most information was retrieved from 29a e-zines, but just look closer, and you will see i'm right.
Smaller the better, if thats a priority.0 -
-
-
-
-
Advertisement
-
-
...just goes to show that there's nothing new under the sun... except a continuous stream of people who think that the world popped into existence, completely furnished (so to speak), about 1980... anyone got the "Welcome to last week" image I've seen around the place?
Anyway, they forgot two:
"fred" (look at the pattern as you type it...)
the person's home/work phone number
My favourite "password" has to be from Andromeda (the TV show), where a character (Beka Valentine) shouts at the ship's computer: "Override safety protocols, authorisation 'shut up and do what I damn well tell you'"
Gadget0 -
*shakes head*
Dear me..I thought that would have been the end of it.
I guess I underestimated how sad you really are ecksor.
You know what? I think you would actually be the type of person
that would stop in the middle of O Connell street to argue with a drunk homeless man about how Bono has done so much for the world when he disputes it...LOL
Why must you always point out the obvious x_or (cool name by the way, very...original)
Remember that post you made to bugtraq some years ago?
The one about..well, I think there was only one anyway.
You showed us all a source code snippet of the vulnerability present in SSH.
The thing is..we all knew what the problem was at that stage.
Why point out the obvious..?
Next time, tell us before we actually know already..ok?
Feeling sorry for you, really.
You should get out more, get yourself laid, do somthing, but get out behind that computer for a while!, because its not healthy.
All this anger taken out on me is hardly worth it, or is it?
I don`t know, I wouldn`t know really, tell me?
What is the problem?..were you not loved enough when you were growing up?..is that why you are so miserable?
Another thing you should do is stay away from those Linkin Park/Coldplay CDs for a while, stick on some happy vibes to cheer yourself up.
Because if you think that I listen to you on this subject of computer security, that you are in any position to educate me on it, you`re mistaken.
Don`t delude yourself anymore! please!
Unless of course you want to teach me some python..in that case I`ll pass.
What have you done so far to have to be so serious on the subject of computer security Mr expert?
Nothing...talk, talk, talk, thats about the height of your endeavours.
*yawn*
You`re like that guy out of the film I saw last week..'Dragnet'
Joe Friday, a serious person who cannot be taken seriously.
Lets face it, you know so much...about nothing at all.
All those books you have sir, makes me think you just put a list
up on your website, simply because you had nothing else to put up.
I`m right, aren`t I?
And that so-called asp auditor, I remember telling you about source code auditors few years back, and you didn`t even know what I was talking about.
You think I`ll take you more serious because you don`t call
yourself 'x_0r' anymore.
Wannabe h4x0r...wants respect, can`t get it.
FFS, do you still go on that channel full of yuppies from the pale..whats it, #hackers_ireland?
I remember you on #phreakers_ireland too.
Anyway, I couldn`t be arsed with this anymore, I could slag and flame you all day, but I`ve better things to do than waste it online arguing with a so-called expert.
And if anyone else here wants to continue slagging me over some obvious silly comments made while intoxicated, go ahead...you sad individuals.
Get a life.
*shakes head in disgust*0 -
-
-
Based on some past password authentication I did for a laugh (College server ... no MD5 or Shadow):
password was the most popular (It was also a default password given to many people [in an IT degree] who continued using it without a change for 4 years )
engineer was similarly popular for the same reason.
liverpool and manunited were pretty popular. Strangely accringtonstanley (or accringt as it would have been without MD5) wasn't popular as a password
One IT lecturers password came out in single crack mode. And a head of the same department turned up after a simple dictionary authentication.
Also, slightly disconsertingly there were two guys whose passwords were each others names
The heating in my house was broken at the time (winter) so I needed something to use the CPU on to heat my room. Of course, all the results have been deleted.
fortunately the admins of that server have since reconfigured with such niceties as minimum password lengths and specific character requirements.
That said they never bothered to '-e' any of the crap old passwords. But whats the point when 95% of the servers use telnet unconditionally.0 -
-
-
I'll tell you whats sad sjones..you are as bad as xor in pointing out the obvious to everyone.
I don't have time for you, but the reason I mentioned sniffers in viruses, was because before, the size of the code outweighed the advantage of such a feature.
Since Win2k/XP, Winsock 2.2+ enables one to "sniff" with a small amount of code rather than using something like winpcap.. thats something to think about, if that kind of thing interests you, if not, don't flame me for that.
Samewith brute force cracking routines, too large, and a library of brute force routines in assembler which are small and fast is going to be released soon.
Most viruses in the wild are released by "media whores" who want to be famous..and so they use code by other programmers because they are not capable of doing such tasks themselves, which is why we may not have heard of them around yet.
optimisation in lsd code.
manual displacements are not neccessary in LSD code, also..you can still use 16-bit instructions in 32-bit segment which would optimise it parts..I don't care, I just thought I would mention, thats all.
displacements on x86 are not actual addresses, they are the
distance between one location and another.
no manual calculation needed, unless the code is self modifying.;This here: call $+5 pop ebp ; creates the exact same opcodes as: call NextAddress NextAddress: pop ebpahh, I don't have time to go into it..but providing the variables
are in the same segment, you could address them like
call dword ptr [ebp + variable - NextAddress]
using the code i talked about or
lea eax dword ptr [ebp + variable - NextAddress]
its still only 3 bytes.
why not use local variables on the stack?
theres a few things to change, i know the point is, that itts modular, i know i'm probably not making much sense at the moment, i'm in a rush, i'm poor you see and can't stay too long in the internet cafe.
see you in a months tiime 0 -
-
Advertisement
-
-
Advertisement