spaggy
|
  |
| Joined: 29 Sep 2008 |
| Total Posts: 7865 |
|
|
| 02 Apr 2012 11:44 AM |
Guarantee the p@ss was a random string.
Also, mega lol at pging reecemcblox
If 3 people could PG an admin of a multi million company, why would people pour money into PCs specifically for bruting and hash cracking?
lol?
just because kids play a game doesn't mean you let your guard down. the company is worth so much you dwould take chances like having p@ss' PGable
from experience, the worst admin p@ss' i have come across are still a random word, followed by some capitals and numbers.
if a high end PC can't brute 'jKlf@127jason then a human couldn't |
|
|
| Report Abuse |
|
|
| |
|
spaggy
|
  |
| Joined: 29 Sep 2008 |
| Total Posts: 7865 |
|
|
| 02 Apr 2012 11:46 AM |
| what is this profanity, good sir? |
|
|
| Report Abuse |
|
|
werweiru
|
  |
| Joined: 10 Feb 2012 |
| Total Posts: 15 |
|
|
| 02 Apr 2012 11:50 AM |
| My old pass was Aóé@198~##£z!{2}}Z3├ |
|
|
| Report Abuse |
|
|
Rowpunk
|
  |
| Joined: 20 Nov 2009 |
| Total Posts: 7387 |
|
|
| 02 Apr 2012 11:50 AM |
You don't seem to understand something.
The most successful hackers of all time didn't know that much about coding. They simply sweet talked their way through, and then walked away with money. All while the company was trying to figure out what happened. Of course then people claimed that they were hacked, when in reality some guy just acted like he was in a higher position of the company, and asked people to do things for him.
You can PG easier than you can break into the entire mainframe of ROBLOX. And if it wasn't a PG, then why did they ignore the creditcard information? (: |
|
|
| Report Abuse |
|
|
rstvguy
|
  |
| Joined: 30 May 2010 |
| Total Posts: 14073 |
|
| |
|
werweiru
|
  |
| Joined: 10 Feb 2012 |
| Total Posts: 15 |
|
|
| 02 Apr 2012 11:52 AM |
| @Rowpunk.... Most successful= no coding. PFFT, Anonymous. |
|
|
| Report Abuse |
|
|
yumgoku
|
  |
| Joined: 26 Feb 2011 |
| Total Posts: 721 |
|
| |
|
Derivale
|
  |
| Joined: 26 Dec 2008 |
| Total Posts: 774 |
|
|
| 02 Apr 2012 11:54 AM |
Rowpunk, never thought that they may be being paid to ruin the companies reputation? They'd most likely only do what completes their objective. They may have taken details, who knows? It'd take time for that to be found out. |
|
|
| Report Abuse |
|
|
Derivale
|
  |
| Joined: 26 Dec 2008 |
| Total Posts: 774 |
|
| |
|
iguanazor
|
  |
| Joined: 07 Sep 2008 |
| Total Posts: 31462 |
|
|
| 02 Apr 2012 11:55 AM |
| I'm pretty sure they just got onto an inactive admin |
|
|
| Report Abuse |
|
|
werweiru
|
  |
| Joined: 10 Feb 2012 |
| Total Posts: 15 |
|
|
| 02 Apr 2012 11:56 AM |
| Why you saying p@ass? It's pass. |
|
|
| Report Abuse |
|
|
spaggy
|
  |
| Joined: 29 Sep 2008 |
| Total Posts: 7865 |
|
|
| 02 Apr 2012 11:56 AM |
No row, it seems you are the one that doesn't understand.
Like I said, why would people pour thousands of dollars into machines to brute p@ss if they could be simply PGed?
And I doubt the admins p@ss was something easy, I mean, its entirely possible that their p@ss are something complex, then encoded and locked with a company only p@ss.
If you can't brute an encoded/locked p@ss then a human most definately can't guess it.
see what I mean?
if people could guess p@ss to an admin for a multi million company, why would people sqli and xss on small websites with a much much much simpler p@ss', hm? |
|
|
| Report Abuse |
|
|
werweiru
|
  |
| Joined: 10 Feb 2012 |
| Total Posts: 15 |
|
|
| 02 Apr 2012 11:58 AM |
| Spaggy, there are other ways to get the pass instead of guessing/bruting. |
|
|
| Report Abuse |
|
|
Arkoz
|
  |
| Joined: 27 Mar 2011 |
| Total Posts: 13766 |
|
|
| 02 Apr 2012 11:59 AM |
Why u have equal signs, this isn't math ~aRk |
|
|
| Report Abuse |
|
|
Derivale
|
  |
| Joined: 26 Dec 2008 |
| Total Posts: 774 |
|
|
| 02 Apr 2012 12:00 PM |
| @iguan, possibly, but they'd have to find a weak access point to get through the system. Or have some form of code involving some kinda random string (as spaggy said) which can crack even the hardest p@ssw0rds in a matter of minutes. |
|
|
| Report Abuse |
|
|
spaggy
|
  |
| Joined: 29 Sep 2008 |
| Total Posts: 7865 |
|
|
| 02 Apr 2012 12:00 PM |
EXAMPLE: This is an encoded/locked string: YGtAwdyQwDtawdtHYGCbwGM0YdYhZDCaZrtbYDlgwGMAYGy0wdl8'XlaYGtAwGxdYD5hYGtHYGCbwGM0wXCoYG28ZstbYDlAwDygwXt8YDCb'XlaYGtAZXvQwXM8YXv9
The lock p@ss: seewhatimean
What it comes out as if its unlocked-decoded
spaggyistooleetforu
k, pg dat
|
|
|
| Report Abuse |
|
|
|
| 02 Apr 2012 12:00 PM |
| They ignored the creditcards becuase they didn't want to get into any legal trouble. |
|
|
| Report Abuse |
|
|
spaggy
|
  |
| Joined: 29 Sep 2008 |
| Total Posts: 7865 |
|
|
| 02 Apr 2012 12:01 PM |
@baseball
and that, forgot to say that.
if they took any bank details this would be in the news |
|
|
| Report Abuse |
|
|
spaggy
|
  |
| Joined: 29 Sep 2008 |
| Total Posts: 7865 |
|
|
| 02 Apr 2012 12:03 PM |
bump, wish the forums had an edit post feature
>_< |
|
|
| Report Abuse |
|
|
Rowpunk
|
  |
| Joined: 20 Nov 2009 |
| Total Posts: 7387 |
|
|
| 02 Apr 2012 12:05 PM |
I'm talking about cracking a stolen hash though. :-/
You're talking about brute guessing. In which case, the pass Tr0ub4dor&3 has about 28 Bits of entropy. 2^28 is approximately 3 Days at 1000 Guesses/second. (this is what you're talking about.)
Once you found it, you could simply wait until a day where it will start off as fairly normal. (Hint hint, april fools day) and then launch your attack.
Cracking a stolen hash is faster, but isn't something the common user should be worried about. ROBLOX isn't the common user, now is it? I wouldn't be surprised if they were just a bit careless.
Oh, and for a sidenote, the pass correcthorsebatterystaple has 44 bits of entropy, and that would take approximately 550 years at 1000 Guesses/second. Isn't that hard to remember either. xD Kudos to xkcd for that little tidbit. |
|
|
| Report Abuse |
|
|
spaggy
|
  |
| Joined: 29 Sep 2008 |
| Total Posts: 7865 |
|
|
| 02 Apr 2012 12:08 PM |
but then, thats contradicting this.
im countering the pg theory, to crack a stolen hash you would first have to get it from the db it was stored in.
and i very highly doubt they did that |
|
|
| Report Abuse |
|
|
spaggy
|
  |
| Joined: 29 Sep 2008 |
| Total Posts: 7865 |
|
|
| 02 Apr 2012 12:12 PM |
bump
to everyone saying there are different ways:
I know, im telling everyone to stop assuming it was a PG.
D: |
|
|
| Report Abuse |
|
|
Rowpunk
|
  |
| Joined: 20 Nov 2009 |
| Total Posts: 7387 |
|
|
| 02 Apr 2012 12:14 PM |
*Headdesk*
I give up, I'm not going to explain the whole process to you. |
|
|
| Report Abuse |
|
|
spaggy
|
  |
| Joined: 29 Sep 2008 |
| Total Posts: 7865 |
|
|
| 02 Apr 2012 12:19 PM |
Posting this before I get anymore warnings, it seems you have misunderstood this whole thread.
I was sick of everyone saying they guessed the p'ss.
This thread is about how it WASNT a guessed p@ss, and why.
You came and started talking as if I was saying it WAS a guessed p@ss.
Your posts are on hash cracking, to get those hashes, you can't 'guess' them, some sneaky infiltration is needed.
I never said that wasn't viable, its probably more believable than PGing.
Like I said, I made this to disprove the theory that it was simply someone guessing an admin p@ss. |
|
|
| Report Abuse |
|
|