|
| 30 Jul 2011 11:56 PM |
I don't really care how. I'm interested, because according to my calculations, the number of possible passes is an approximately 40-digit number (app. 4.4665509107814e+39). How are people even..
First of all, let's assume they're using an automated pass-cracker-bot. Now, they could either create an enormous list of possibilities NOW or during the trial/error process next. Let's say they choose the former. They create an enormous array of possibilities, whose length is nigh 40 digits (in base 10, at least). Now, they create a connection to the Roblox website, they send a request to log in with the given possibility, and have about a 2.2388639914216386e-38% chance of success. Say that each request takes app. 0.5 seconds. This sounds like it could certainly take a while..
In the worst case scenario in the brute force attack above, it'll take 2.2332754553907e+39 seconds to find the correct pass. If my calculations are correct, that'd be around 7.0816700132886225e+31 YEARS, which is longer than most scientists believe the universe has existed.
Are brute force attacks really this stupid? Where are people finding lists of common passes, so they have an idea of what to try first? About how much better would a dictionary attack be? I'm sure some of you know and could make a decent discussion out of it.
(NOTE: I dun wanna hax j00, I wanna understand how people do it) |
|
|
| Report Abuse |
|
|
|
| 30 Jul 2011 11:59 PM |
Well if they're really serious they probably have a botnet or something to assist in the cracking.
More likely: they just used XSS or phishing. |
|
|
| Report Abuse |
|
|
|
| 31 Jul 2011 12:04 AM |
Step 1: Find a part of Roblox that DOESN'T clean input (Impossible on ASP sites) Step 2: Type ' UPDATE USERS SET P---WORD='';' Step 3: ??? Step 4: Profit
-Turtles will hunt you down! |
|
|
| Report Abuse |
|
|
|
| 31 Jul 2011 12:04 AM |
I would assume they create a bot that tries every possible pass and let it run until it gets the right pass or hits 40-or-so digits.
Another reason there should be a five-minutes waiting period before you can try to log in again if you had the wrong pass. |
|
|
| Report Abuse |
|
|
|
| 31 Jul 2011 12:07 AM |
ikr @ Arceus
But trying every pass is downright stupid. You know those ch00by crackers that steal accounts on Roblox? Seeing as how they hacked my friend several times, even with strong passes, I'd guess he has a keylogger or something on him.. |
|
|
| Report Abuse |
|
|
aboy5643
|
  |
| Joined: 08 Oct 2010 |
| Total Posts: 5458 |
|
|
| 31 Jul 2011 12:13 AM |
16^36 - 4^36 = P
1/4722366482869645213696 Chance of GUESSING a pass with 4-16 alpha-numerical characters.
~We don't script, we type random letters, symbols, and numbers then hope it works! |
|
|
| Report Abuse |
|
|
|
| 31 Jul 2011 12:14 AM |
| You can't just tell a computer to remember the keys another computer presses. It's not like those are distributed to the internet (unless your friend downloads something that has a hidden keylogger that tells the hacker what he's pressing). |
|
|
| Report Abuse |
|
|
aboy5643
|
  |
| Joined: 08 Oct 2010 |
| Total Posts: 5458 |
|
|
| 31 Jul 2011 12:16 AM |
Uhhh don't you download st00f (almost started speaking like we were in a Pri server o.o) off the internet all the time??
~We don't script, we type random letters, symbols, and numbers then hope it works! |
|
|
| Report Abuse |
|
|
| |
|
|
| 31 Jul 2011 12:18 AM |
Online bruteforce attacks ARE that stupid. That's why you either get the Hash/Salt combo for yourself, or you use a dictionary.
-NecroBumpist, Master of Lua, Writer of Wikis ◕ ‿‿ ◕ |
|
|
| Report Abuse |
|
|
aboy5643
|
  |
| Joined: 08 Oct 2010 |
| Total Posts: 5458 |
|
|
| 31 Jul 2011 12:19 AM |
@Arceus
Your's is pancakes rite?
~We don't script, we type random letters, symbols, and numbers then hope it works! |
|
|
| Report Abuse |
|
|
|
| 31 Jul 2011 12:20 AM |
| Windows allows programs to be run in the background, which could be downloaded as "fake antivirus", and could listen for keys being pressed, and send them to the hacker's computer. The hacker could then sift through the keylog. |
|
|
| Report Abuse |
|
|
|
| 31 Jul 2011 12:48 AM |
| They dont unless they have direct access to your computer IRL. |
|
|
| Report Abuse |
|
|
sckum555
|
  |
| Joined: 20 Aug 2008 |
| Total Posts: 6576 |
|
|
| 31 Jul 2011 12:49 AM |
Most hacks work like this
>Invite a friend over >Log into roblox >He watches you type >Goes home and tries it himself >Works and deletes everything >Noob complains that he got "hacked" |
|
|
| Report Abuse |
|
|
xHTMLx
|
  |
| Joined: 10 Feb 2011 |
| Total Posts: 4242 |
|
|
| 31 Jul 2011 12:54 AM |
Brute-forcing would be one of the last things you should try.
ROBLOX isn't vulnerable to XSS, so that is out of the picture. I would advise a Cybergate RAT or a keylogger.
Phishing would be easy but it is quite obvious.
|
|
|
| Report Abuse |
|
|
Aaaboy97
|
  |
| Joined: 05 Apr 2009 |
| Total Posts: 6612 |
|
|
| 31 Jul 2011 12:56 AM |
"ROBLOX isn't vulnerable to XSS, so that is out of the picture. "
BWAHAHAHAHAHAHAHAHAHAHAHAHAH
*looks at avg scan ad* |
|
|
| Report Abuse |
|
|
xHTMLx
|
  |
| Joined: 10 Feb 2011 |
| Total Posts: 4242 |
|
|
| 31 Jul 2011 12:58 AM |
| I am sorry I had no clue you could steal cookies on here. |
|
|
| Report Abuse |
|
|
xHTMLx
|
  |
| Joined: 10 Feb 2011 |
| Total Posts: 4242 |
|
|
| 31 Jul 2011 01:24 AM |
Never mind, Aaaboy was talking about a Google ad. I was talking about a user ad. =/
|
|
|
| Report Abuse |
|
|
agent767
|
  |
| Joined: 03 Nov 2008 |
| Total Posts: 4181 |
|
|
| 31 Jul 2011 04:23 AM |
1.go to youtube 2.search for "account hacks" 3.send your p-word and your accountname to some random em@il-adress 4.complain that your account got hacked/PGed
|
|
|
| Report Abuse |
|
|
|
| 31 Jul 2011 06:10 AM |
| Vitouliss14 my brother PGed Zuka's account. |
|
|
| Report Abuse |
|
|
|
| 31 Jul 2011 07:34 AM |
Friend home: 1.Trick him in saying 2.Steal his cookies and put it on pastebin 3.Watch him typing. |
|
|
| Report Abuse |
|
|
|
| 31 Jul 2011 07:39 AM |
Hmm... That would be interesting. If one of us set up a fake email thing where people send passes to get them... We would have a lot of lifetime obc accounts. >.>
-[Insert witty comment here] |
|
|
| Report Abuse |
|
|
myrco919
|
  |
| Joined: 12 Jun 2009 |
| Total Posts: 13241 |
|
| |
|
|
| 31 Jul 2011 07:47 AM |
^ Pass guessing/Pass guessed
-[Insert witty comment here] |
|
|
| Report Abuse |
|
|
xHTMLx
|
  |
| Joined: 10 Feb 2011 |
| Total Posts: 4242 |
|
|
| 31 Jul 2011 07:47 AM |
P a $ $ Guessing. P a $ $ Guessed. |
|
|
| Report Abuse |
|
|