87 replies to this topic

[matt]

Ok. Ive always wondered how these brute force programs work. I was thinking that I might like to see if I can make one. Not to break into everyone's crap, just to see if I can make one.


Ive set up a test account on photobucket.com to see if I can do it.


Anyone want to help?


Oh and if this is against the rules, and just looks like another "help me hack hotmail" topic then delete it. It's not that big a deal to me. Its just something I wanted to try.




I asked a long time ago how brute force programs work when its online, but I cant find the topic. Yes, I searched.



Anyway, the account username is binrevmatt. (link)
The password is pretty simple. One word, no capital letters or numbers. I'm going to start with that.

[Dr^ZigMan]

Hey man pretty cool, always great to learn new stuff!

However, despite the fact that this is your account, it is on their system. You could still get into trouble for brute forcing it. Do you have another computer you could set ssh up on and brute force? Or something like that?

I'm just trying to look out for ya buddy, don't want to see you get into any trouble.
-Dr^ZigMan

[matt]

Hmm. That would be a good idea. I don't have another machine handy.

I'll see what I can do. I'll get something set up that we can hack.

[Apoc]

I can hardly call my self a hacker/cracker, I simply use already discovered exploits to get what I want done. If I can't find one, I ask on here. This is a great thing to get going and I would be very interested in this as well. I tried setting something up myself a while back but I still couldn't figure out how to get any of the brute force programs to work. I think I used JackTheRipper.

Maybe IronGeek has some videos?

[SUB-S0NIX]

Ive never used a a brute-force program. But heres a IronGeek video on Brutus:http://www.irongeek.com/i.php?page=videos/brutus1. From the video Brutus seems to have a HTTP option, which could help you.

Edited by SUB-S0NIX, 01 December 2005 - 09:11 PM.

[riscphree]

This is a great thing to get going and I would be very interested in this as well.

we had tried to start something. didnt go to well though.

http://www.binrev.co...showtopic=16607

[Canti]

I can tell you that you did not upload any photos to the account. I found a bypass allowing me to view photos in private accounts but it is limited to viewing nothing else.

Hit me up at : pyrosama -[a t]- msn -[dot]- com

[crackedatom]

A problem with a lot of sites now is that they can stop brute force attempts like Gmail has now...try entering your gmail password wrong a few times, then you have to enter a visual code.
Also, they could just block that ip for a few minutes.
I've never really been successful with brute forcing...lukily
I use it to test security on all my stuff, I've yet to break in...hehehe
Best way is to test brute forcing out at home, you don't wanna get into trouble as Dr^ZigMan said

[fourohone]

If you don't have another machine handy, try running a virtual machine. Using VMware's emulated adaptor, the virtual machine can have it's own IP on the subnet, allowing you to run both 'victim' and 'attacker' on one machine.

[skuj]

I can tell you that you did not upload any photos to the account. I found a bypass allowing me to view photos in private accounts but it is limited to viewing nothing else.

Hit me up at : pyrosama -[a t]- msn -[dot]- com

how'd you manage that?

[matt]

I can tell you that you did not upload any photos to the account. I found a bypass allowing me to view photos in private accounts but it is limited to viewing nothing else.

Hit me up at : pyrosama -[a t]- msn -[dot]- com

how'd you manage that?

E-mail him and ask.

[Canti]

I can tell you that you did not upload any photos to the account. I found a bypass allowing me to view photos in private accounts but it is limited to viewing nothing else.

Hit me up at : pyrosama -[a t]- msn -[dot]- com

how'd you manage that?

E-mail him and ask.

Enough with the emails ><
Your welcome to add me to MSN but if you email me dont expect a reply I will most likely read them for a laugh but unless you have a real need for recovery of your photos I'll ignore you. If your account was "hacked" and you cant recover your photos I would gladly retrive them for you if you include the account details. But I'm not sharing details on how its done as I'm still seeing how far I can take it before I let the public know and photobucket patches it.

[arewhyainn]

I can tell you that you did not upload any photos to the account. I found a bypass allowing me to view photos in private accounts but it is limited to viewing nothing else.

Hit me up at : pyrosama -[a t]- msn -[dot]- com

how'd you manage that?

E-mail him and ask.

Enough with the emails ><
Your welcome to add me to MSN but if you email me dont expect a reply I will most likely read them for a laugh but unless you have a real need for recovery of your photos I'll ignore you. If your account was "hacked" and you cant recover your photos I would gladly retrive them for you if you include the account details. But I'm not sharing details on how its done as I'm still seeing how far I can take it before I let the public know and photobucket patches it.

sounds like BS

[Canti]

Create an account upload a photo with an unguessable name set it to private post the url and we will find out.

[StankDawg]

Guys, let's back off of all the dick waving already. Do some analytical study and see what works and what doesn't. I don't see a problem with testing your own account to see if they offer the security that you want/need/expect, but let's stop talking shit about who can do what. Put up or shut up.

[Zeph]

Oh dear god.

 Untitled_1.png   43.47K   2138 downloads

Edited by zal91, 25 September 2006 - 08:12 PM.

[TelcoBob]

Oh dear god.

i was just thinking the same thing heh, look at the views on this thread >_<

Oy vey!

<3

[Rodga Da Shruba]

maybe just delete these photobucket threads... and we might move down in the google search page? just a thought

[StankDawg]

Since I don't know who is posting their own information voluntarily, someone created an account for you all to test. Many people are coming here thinking they will get you to hax0r their girlfriends photobucket account and whatnot, the moderators will delete any other account that are mentioned in this thread!

The test account is "binrevtest".

http://s85.photobuck...k80/binrevtest/

Here is one image: http://i85.photobuck...est/11b7k86.jpg



It is a test account to see if photobucket security is reliable to evaluate whether or not its users should feel secure in using it. I do not authorize anyone doing any illegal activity with it, but I do not speak for photobucket and photobucket may not like you messing with their service. I feel like I should be able to test the service for security but this is just my opinion. If you violate their ToS, that is all on you. This account is simply to protect other potentially innocent accounts from being posted in our forums. It is not encouraging anyone to do anything to photobucket.

Remember, hacking is not about destruction! Don't be an asshat!

[TelcoBob]

There is an easy little hack for this problem and yes i found it out myself, it's so damn leet

now go to the log in page and click the button that says "Forgot username or password" ok now heres the hard part, so pay attention! You have to view the source of the page and read every little line twice, so you can memorize it, do this right now and if you don't the second step wont work.





ok now you type in your username in to the field and press the button named "Send It" you may recall this from the source

<td align="center" colspan="2" height="40">
				  <input type="submit" name="send" value="Send It">&nbsp;
							  <input type="reset" name="reset" value="Reset">
							</td>

good, you'll need that......now go check your email and you have successfully retrived your password... now you are a leet hax0r