Quote:
Originally Posted by motorhome
Now this is a wordlist I have been needing Thanks for posting it.
|
Sorry 2 raise the deAD but I read this and was wondering the guru's thoughts as it seemed this site had a few posts pertaining to Ve|r|o|t|eL. Also it comes from from someone I consider one of the better, and it makes sense.
Quote:
Guys verotel is more or less impossible to bruteforce (unless you're planning to spend the next 5 years to get in to one single site). Verotel uses random generated logins and passwords. Login consists of 8 random digits and passwd 7 random digits. This means that you will need to hit a 15 (8+7) digit number to get it.
This gives us:
10^15 (10x10x10x10x10x10x10x10x10x10x10x10x10x10x10)
1.000.000.000.000.000 possible combinations...
Cracking example:
Even if the site you're trying to crack has tons of members, let's say 1.000.000 (no porn site has that many members, just using this to state my case), and let's say C-Force, Sentry (or AD) is trying 30.000 combos / hour.
This is the number of hours it would take to get a hit on average1.000.000.000.000.000/1.000.000) / 30.000 = 33.333 (3.8 years)
So, even if we assume that the site has a huge amount of active members, that you're running Sentry at 30.000 combos / hour, 24 hours a day and 365 days a year it would still take u almost 4 years to get a valid hit....
Verotel is not a big porn network, just a CC Processing Company like CCBilll & IBill, so a verotel password to site1.com only works for site1.com and no other veriotel sites...
So even if you exploit a verotel site, and get the passfile, there's not much point in buidling a wordlist with this since it only will work on the site you just exploited...
Found this somewhere, I already knew just thought it was a very good explanation on verotel logins, for the ones just starting out or who doesn't know
|
Further why would all sites not use this or OCR? And further the solution to this is at the end of The Reptiles Raptor Tutorial. A mindset and cracking standard could be established and the same info could be eaily aquired altrenetaly. But its slow and possibly for not, and a little more criminalistic than todya's BF.