Jump to content


Photo
* * - - - 4 votes

I want to hack my photobucket


  • Please log in to reply
87 replies to this topic

#1 matt

matt

    /dev/zero > C:\WINDOWS

  • Members
  • 1,166 posts
  • Location:817

Posted 01 December 2005 - 07:07 PM

Ok. Ive always wondered how these brute force programs work. I was thinking that I might like to see if I can make one. Not to break into everyone's crap, just to see if I can make one.


Ive set up a test account on photobucket.com to see if I can do it.


Anyone want to help?


Oh and if this is against the rules, and just looks like another "help me hack hotmail" topic then delete it. It's not that big a deal to me. Its just something I wanted to try.




I asked a long time ago how brute force programs work when its online, but I cant find the topic. Yes, I searched.



Anyway, the account username is binrevmatt. (link)
The password is pretty simple. One word, no capital letters or numbers. I'm going to start with that.

#2 Dr^ZigMan

Dr^ZigMan

    Publish or Perish!

  • Agents of the Revolution
  • 1,207 posts
  • Location:561

Posted 01 December 2005 - 07:22 PM

Hey man pretty cool, always great to learn new stuff!

However, despite the fact that this is your account, it is on their system. You could still get into trouble for brute forcing it. Do you have another computer you could set ssh up on and brute force? Or something like that?

I'm just trying to look out for ya buddy, don't want to see you get into any trouble.
-Dr^ZigMan

#3 matt

matt

    /dev/zero > C:\WINDOWS

  • Members
  • 1,166 posts
  • Location:817

Posted 01 December 2005 - 07:30 PM

Hmm. That would be a good idea. I don't have another machine handy.

I'll see what I can do. I'll get something set up that we can hack.

#4 Apoc

Apoc

    SUP3R 31337 P1MP

  • Members
  • 250 posts

Posted 01 December 2005 - 08:16 PM

I can hardly call my self a hacker/cracker, I simply use already discovered exploits to get what I want done. If I can't find one, I ask on here. This is a great thing to get going and I would be very interested in this as well. I tried setting something up myself a while back but I still couldn't figure out how to get any of the brute force programs to work. I think I used JackTheRipper.

Maybe IronGeek has some videos?

#5 SUB-S0NIX

SUB-S0NIX

    !Pee-Wee Pimpin!

  • Members
  • 1,381 posts

Posted 01 December 2005 - 09:10 PM

Ive never used a a brute-force program. But heres a IronGeek video on Brutus:http://www.irongeek.com/i.php?page=videos/brutus1. From the video Brutus seems to have a HTTP option, which could help you.

Edited by SUB-S0NIX, 01 December 2005 - 09:11 PM.


#6 riscphree

riscphree

    Dangerous free thinker

  • Members
  • 1,936 posts
  • Gender:Male

Posted 02 December 2005 - 01:26 AM

This is a great thing to get going and I would be very interested in this as well.


we had tried to start something. didnt go to well though.

http://www.binrev.co...showtopic=16607

#7 Canti

Canti

    DDP Fan club member

  • Members
  • 49 posts

Posted 19 September 2006 - 01:49 AM

I can tell you that you did not upload any photos to the account. I found a bypass allowing me to view photos in private accounts but it is limited to viewing nothing else.

Hit me up at : pyrosama -[a t]- msn -[dot]- com

#8 crackedatom

crackedatom

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 428 posts
  • Location:Durban, South Africa

Posted 19 September 2006 - 10:23 AM

A problem with a lot of sites now is that they can stop brute force attempts like Gmail has now...try entering your gmail password wrong a few times, then you have to enter a visual code.
Also, they could just block that ip for a few minutes.
I've never really been successful with brute forcing...lukily :)
I use it to test security on all my stuff, I've yet to break in...hehehe
Best way is to test brute forcing out at home, you don't wanna get into trouble as Dr^ZigMan said

#9 fourohone

fourohone

    elite

  • Members
  • 101 posts

Posted 19 September 2006 - 12:00 PM

If you don't have another machine handy, try running a virtual machine. Using VMware's emulated adaptor, the virtual machine can have it's own IP on the subnet, allowing you to run both 'victim' and 'attacker' on one machine.

#10 skuj

skuj

    the 0ne

  • Members
  • 1 posts

Posted 23 September 2006 - 11:14 PM

I can tell you that you did not upload any photos to the account. I found a bypass allowing me to view photos in private accounts but it is limited to viewing nothing else.

Hit me up at : pyrosama -[a t]- msn -[dot]- com

how'd you manage that?

#11 matt

matt

    /dev/zero > C:\WINDOWS

  • Members
  • 1,166 posts
  • Location:817

Posted 24 September 2006 - 12:31 AM


I can tell you that you did not upload any photos to the account. I found a bypass allowing me to view photos in private accounts but it is limited to viewing nothing else.

Hit me up at : pyrosama -[a t]- msn -[dot]- com

how'd you manage that?

E-mail him and ask.

#12 Canti

Canti

    DDP Fan club member

  • Members
  • 49 posts

Posted 25 September 2006 - 05:02 AM



I can tell you that you did not upload any photos to the account. I found a bypass allowing me to view photos in private accounts but it is limited to viewing nothing else.

Hit me up at : pyrosama -[a t]- msn -[dot]- com

how'd you manage that?

E-mail him and ask.



Enough with the emails ><
Your welcome to add me to MSN but if you email me dont expect a reply I will most likely read them for a laugh but unless you have a real need for recovery of your photos I'll ignore you. If your account was "hacked" and you cant recover your photos I would gladly retrive them for you if you include the account details. But I'm not sharing details on how its done as I'm still seeing how far I can take it before I let the public know and photobucket patches it.

#13 arewhyainn

arewhyainn

    Cryin' Ryan

  • Banned
  • 401 posts
  • Location:Pasadena, TX

Posted 25 September 2006 - 08:52 AM




I can tell you that you did not upload any photos to the account. I found a bypass allowing me to view photos in private accounts but it is limited to viewing nothing else.

Hit me up at : pyrosama -[a t]- msn -[dot]- com

how'd you manage that?

E-mail him and ask.



Enough with the emails ><
Your welcome to add me to MSN but if you email me dont expect a reply I will most likely read them for a laugh but unless you have a real need for recovery of your photos I'll ignore you. If your account was "hacked" and you cant recover your photos I would gladly retrive them for you if you include the account details. But I'm not sharing details on how its done as I'm still seeing how far I can take it before I let the public know and photobucket patches it.


sounds like BS

#14 Canti

Canti

    DDP Fan club member

  • Members
  • 49 posts

Posted 25 September 2006 - 09:09 AM

Create an account upload a photo with an unguessable name set it to private post the url and we will find out.

#15 StankDawg

StankDawg

    same old Dawg, no new tricks

  • Moderating Team
  • 8,073 posts
  • Country:
  • Gender:Male

Posted 25 September 2006 - 04:49 PM

Guys, let's back off of all the dick waving already. Do some analytical study and see what works and what doesn't. I don't see a problem with testing your own account to see if they offer the security that you want/need/expect, but let's stop talking shit about who can do what. Put up or shut up.

Posted Image

#16 Zeph

Zeph

    OMG, so close to "1337"!

  • Agents of the Revolution
  • 1,319 posts

Posted 25 September 2006 - 08:11 PM

Oh dear god.

Attached File  Untitled_1.png   43.47KB   2138 downloads

Edited by zal91, 25 September 2006 - 08:12 PM.


#17 TelcoBob

TelcoBob

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 409 posts
  • Location:LATA 420

Posted 25 September 2006 - 08:38 PM

Oh dear god.


i was just thinking the same thing heh, look at the views on this thread >_<



Oy vey!


<3

#18 Rodga Da Shruba

Rodga Da Shruba

    elite

  • Members
  • 110 posts

Posted 25 September 2006 - 08:58 PM

maybe just delete these photobucket threads... and we might move down in the google search page? just a thought

#19 StankDawg

StankDawg

    same old Dawg, no new tricks

  • Moderating Team
  • 8,073 posts
  • Country:
  • Gender:Male

Posted 25 September 2006 - 09:51 PM

Since I don't know who is posting their own information voluntarily, someone created an account for you all to test. Many people are coming here thinking they will get you to hax0r their girlfriends photobucket account and whatnot, the moderators will delete any other account that are mentioned in this thread!

The test account is "binrevtest".

http://s85.photobuck...k80/binrevtest/

Here is one image: http://i85.photobuck...est/11b7k86.jpg

Posted Image

It is a test account to see if photobucket security is reliable to evaluate whether or not its users should feel secure in using it. I do not authorize anyone doing any illegal activity with it, but I do not speak for photobucket and photobucket may not like you messing with their service. I feel like I should be able to test the service for security but this is just my opinion. If you violate their ToS, that is all on you. This account is simply to protect other potentially innocent accounts from being posted in our forums. It is not encouraging anyone to do anything to photobucket.

Remember, hacking is not about destruction! Don't be an asshat!

#20 TelcoBob

TelcoBob

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 409 posts
  • Location:LATA 420

Posted 26 September 2006 - 05:03 PM

There is an easy little hack for this problem and yes i found it out myself, it's so damn leet

now go to the log in page and click the button that says "Forgot username or password" ok now heres the hard part, so pay attention! You have to view the source of the page and read every little line twice, so you can memorize it, do this right now and if you don't the second step wont work.





ok now you type in your username in to the field and press the button named "Send It" you may recall this from the source
<td align="center" colspan="2" height="40">
				  <input type="submit" name="send" value="Send It">&nbsp;
							  <input type="reset" name="reset" value="Reset">
							</td>
good, you'll need that......now go check your email and you have successfully retrived your password... now you are a leet hax0r




BinRev is hosted by the great people at Lunarpages!