Please don't laugh at me... I am only 16 years old and I was sitting and thinking about which porn web site should I watch when an accident happened and THE THOUGHT was born inside my head... here's a result:
In a nutshell, this is a program that reads words from a dictionary and plugs them into parameters of the given URL...
Now The question is... how would you check for the result of that "hacking"? I mean whether you succeeded with your pass or not? Since its my own web, I simply print out either "true" or "false" and check that.... But in a real life situation, what would YOU do?
I'd guess try some random pass, capture the output of failed login, and then compare it in the program?
Thankx in advance,
I understand most of the ,' args:
\ = cut off the last char of the original word
" = double the last char of the original word
nothing = just append it
but I don't know what does ' mean.... anybody thinks differently enough?
Btw, here's an updated version which works with the dictionary (except 's) + lowercases them:
I cut out a lot of it... it was run on the following dictionary:
So.. anybody has any suggestions regarding my question in the first post (and the one about 's) ??
If you don't want to wast time printing to the console, do the following to your main:
+ do some uncommenting... and here's my result with the REAL dictionary:
SUCCESS! PASSWORD HAS BEEN FOUND: "cool"
Total attempts: 29644
Seconds taken: 1347
(the seconds are inaccuarte - divide by extra 10 )
Well, I am off to bed
Second, this is not a servlet so I am moving this topic to Java In General - Intermediate.
Originally posted by Ivan Jouikov:
This isnt hacker activity... and it does belong to Servlets (or web at least) since my question is how do you handle that input....
Cindy is right this is a Java in General topic. If you have a specific question regarding the use of Servlets or JSP then post a new topic there. If you want some more dictionaries try Cult of the Dead Cow or better yet buy a copy of Hacking Exposed. If you want, I can send you some pretty voluminous dictionaries. If you want to take this to another level, you will need to modify your code to append simple numbers and make it multi-threaded to split the dictionary up to try multiple entries at once.
And yes, I want to take it to the next level, and I will.
Originally posted by Jim Yingst:
First of all JavaRanch does not approve or support any Hacker activity.
Of course we do. Hacking == good. Cracking == evil. Usually. This thread is about cracking, not hacking.
[ July 25, 2003: Message edited by: Jim Yingst ]
Cracking is only evil in certain cotexts. If you are doing a security audit on your users for password strength that's OK. Trying to break into corporate networks ain't. But it's unlikely that our neophyte hacker is going to get very far with a brute force dictionary attack there anyway. His IP will be flagged and restricted after the 10th or so failure.
True, true. I did say "usually".
I is youngosrz 1337 haxorz
See, now we know he's evil.
Given that we know that he got this idea by thinking about how he could rip off a porn site, should we really help?
I'm all for helping in the search for knowledge, but in this instance, there is a reasonable chance that our hacker is actually a cracker. Don't you think?
Come on Ivan. If you own up now you won't get in trouble. Did you want to see the kinky ladies. Its ok, we're not angry at you, but you really shouldnt steal....
Keep it real (or something)
But about cracking... yes I DO want to be a cracker... and a hacker ))
But it all starts with knowledge dont it?