Go Back   Xisp.org Forums > Porn Password Cracking > Tools of the Trade

password files for JTR

Reply
Views: 2144 - Replies: 10  
Thread Tools Display Modes

password files for JTR
Old 03-27-2005, 02:58 PM   #1
chili_burger
Guest
 
Posts: n/a
Threads: 5107
Default password files for JTR

what´s the best way to find them?
  Reply With Quote

Old 03-27-2005, 04:11 PM   #2
ToRaZ
Special Friend
 
ToRaZ's Avatar
 
ToRaZ is offline Offline
Join Date: Jan 2005
Posts: 2,220
Threads: 259
ToRaZ is on a distinguished road
Default

id say collecting combos...and then use eg. raptor to split them into a username list and a password list...or just mix them into 1 big single file : )
  Reply With Quote

Old 03-27-2005, 06:50 PM   #3
chili_burger
Guest
 
Posts: n/a
Threads: 5107
Default

Quote:
Originally Posted by toraz
id say collecting combos...and then use eg. raptor to split them into a username list and a password list...or just mix them into 1 big single file : )
you got me wrong.

i meant the encrypted password list (user data) from a specific site. the one i need to decrypt it with JTR.

no clue how do get them.
  Reply With Quote

Old 03-28-2005, 02:20 AM   #4
ToRaZ
Special Friend
 
ToRaZ's Avatar
 
ToRaZ is offline Offline
Join Date: Jan 2005
Posts: 2,220
Threads: 259
ToRaZ is on a distinguished road
Default

hehe...oh those...it will come with time dedication and effort : )
1st crack then spl0it...anyway there are still some ccbill.logs out there...read up on it in the tut section ...under slysnake : )
  Reply With Quote

Old 08-01-2005, 08:49 PM   #5
Wickerman
Special Friend
 
Wickerman's Avatar
 
Wickerman is offline Offline
Join Date: Jan 2005
Location: 22 Acacia Avenue Ohio, USA
Posts: 2,228
Threads: 324
Wickerman is on a distinguished road
Default

I remember that years ago I use to ask questions like this, heh heh. The thing is there is no one way. There are all kinds of sploits. Many of them use post data and some of them you can do with your browser. Hell, a few you can even find googling. Mysql queries are another way. You just gotta' try to learn whatever sploits you can and then build from there. Googling for this kind of info is not easy. There isn't too much stuff publicly posted that is understandable to the layman. One way is to try to become a terrific bruteforcer and then maybe a skilled exploiter will notice and take you under his wing. It's funny but an exploiter who is working with you can make you understand something in just a few paragraphs of instruction that you couldn't make heads or tails of when reading dozens of white papers you found googling. But in order to get these guys to take an interest in you ya' gotta' get bruteforceing down to a science, prove that you are a hard worker and that you never give up. If a person doesn't have the patience to get bruteforceing down than there is no way they are going to make a good exploit student because it is much, much more difficult. There are sites out there like bugtraq and milworm that post news about new sploits. Good exploiters keep an eye on sites like these and utilize them before they have died. But it simply isn't like bruteforceing. With bruteforceing you use the same basic technique on mostly everything, with exploiting every different vulnerability can require lots of research and a different approach. But hell, there are lots of exploiters who only know how to use maybe 10 sploits or even less. But ten good ones can take you a long way, getting you into hundreds of different sites. Then you've got your masters who know much more than that, including using mysql queries, cookie manipulation, and other effective techniques. I think it will be ok for me to tell you that where nearly everyone starts is with ccbill logs and add-passwd.cgi. add-passwd.cgi is an ancient sploit which has post values and gives you server access and is still open on few servers. The most common thing you'll see if you ever get sploit access anywhere is shells, which are basically backdoors placed on the server by an exploiter. You'll have to learn how to use a few basic commands to use these, namely cat, ls -al, and locate. But sploit information is a secretive kind of thing. In fact, if I were to post info. here that was very specific I would probably get in trouble for it, heh heh. Exploiting tips are generally shared in private chats and emails, not in public forums. Like I was saying earlier try your best to become a master of the bruteforceing game. If you become really good at it and show that you are a hard worker who never will call it quits eventually someone will notice and decide to show you a few things.
__________________
"Hand of fate is moving and the finger points to you. He knocks you to your feet and so what are you gonna' do? Your tongue has frozen now, you've got something to say. The piper at the gates of dawn is calling you his way."

-The Wicker Man, Iron Maiden

Last edited by Wickerman; 08-01-2005 at 10:40 PM..
  Reply With Quote

Old 08-08-2005, 09:02 PM   #6
Mr. X
Mr. I'm elite and i want it all NOW
 
Mr. X is offline Offline
Join Date: Jul 2005
Posts: 117
Threads: 8
Mr. X is on a distinguished road
Default

Yea, Wickerman is 100% right. Learn how to use Google(lol), Triton and C-Sploiter. Maybe later you know what you can do with an "add-passwd.cgi" post data like this "ADD+;echo;ls -al;exit". It realy is a great feeling hacking your first server and it can make you totaly addicted.

Kind regards
Mr. X
  Reply With Quote

Old 08-08-2005, 10:25 PM   #7
sPlico
The sPlicster
 
sPlico's Avatar
 
sPlico is offline Offline
Join Date: Jan 2005
Location: Croatia
Posts: 9,486
Threads: 407
sPlico is on a distinguished road
Default

Quote:
Originally Posted by Wickerman
I remember that years ago I use to ask questions like this, heh heh. The thing is there is no one way. There are all kinds of sploits. Many of them use post data and some of them you can do with your browser. Hell, a few you can even find googling. Mysql queries are another way. You just gotta' try to learn whatever sploits you can and then build from there. Googling for this kind of info is not easy. There isn't too much stuff publicly posted that is understandable to the layman. One way is to try to become a terrific bruteforcer and then maybe a skilled exploiter will notice and take you under his wing. It's funny but an exploiter who is working with you can make you understand something in just a few paragraphs of instruction that you couldn't make heads or tails of when reading dozens of white papers you found googling. But in order to get these guys to take an interest in you ya' gotta' get bruteforceing down to a science, prove that you are a hard worker and that you never give up. If a person doesn't have the patience to get bruteforceing down than there is no way they are going to make a good exploit student because it is much, much more difficult. There are sites out there like bugtraq and milworm that post news about new sploits. Good exploiters keep an eye on sites like these and utilize them before they have died. But it simply isn't like bruteforceing. With bruteforceing you use the same basic technique on mostly everything, with exploiting every different vulnerability can require lots of research and a different approach. But hell, there are lots of exploiters who only know how to use maybe 10 sploits or even less. But ten good ones can take you a long way, getting you into hundreds of different sites. Then you've got your masters who know much more than that, including using mysql queries, cookie manipulation, and other effective techniques. I think it will be ok for me to tell you that where nearly everyone starts is with ccbill logs and add-passwd.cgi. add-passwd.cgi is an ancient sploit which has post values and gives you server access and is still open on few servers. The most common thing you'll see if you ever get sploit access anywhere is shells, which are basically backdoors placed on the server by an exploiter. You'll have to learn how to use a few basic commands to use these, namely cat, ls -al, and locate. But sploit information is a secretive kind of thing. In fact, if I were to post info. here that was very specific I would probably get in trouble for it, heh heh. Exploiting tips are generally shared in private chats and emails, not in public forums. Like I was saying earlier try your best to become a master of the bruteforceing game. If you become really good at it and show that you are a hard worker who never will call it quits eventually someone will notice and decide to show you a few things.
Quoted again for extra reading. This is sooooo true. Golden words from this man here. Haven't seen anyone sum it up so good.

Too bad i never found those people
  Reply With Quote

Old 08-13-2005, 06:21 AM   #8
joechang
Guest
 
Posts: n/a
Threads: 5107
Default

Quote:
I think it will be ok for me to tell you that where nearly everyone starts is with ccbill logs and add-passwd.cgi. add-passwd.cgi is an ancient sploit which has post values and gives you server access and is still open on few servers.

yes, it's really ture
i'm stating E for nearly one month, and i found some useful logs, but still have lots of knowledge to learn, such as perl, C++, SQl, etc
  Reply With Quote

Old 08-22-2005, 12:51 PM   #9
daemon.azazel
Platinum Exploiter
 
daemon.azazel's Avatar
 
daemon.azazel is offline Offline
Join Date: Aug 2005
Location: Eastern Europe
Posts: 1,324
Threads: 104
daemon.azazel is on a distinguished road
Default

@wickerman,
man, didn't we met somewhere else already but under the nick of "guidter"?
very nice small essay, and from some part covering also mine starts with this
kind of stuff.

just in addition to what you have posted i would like to notice that the most important
skill of any exploiter is fantasy... ...yes that is!!! there's no sense just to repeat the
sploits of others but also personally chalenge the status quo and trying trying trying
to learn more and more... once having a server access - not just locate .htaccess read
it, plunder passfiel and go... ...but also analyse: what other sites are there, what is the
script equipment on the site... ...is there a myphpadmin or not... ...some user management
scripts, is there a palce and sense for small own php shell... ...change the access rights
for directory, do the job, change it back - then modify the fille access time, try to erase logs... fantasy - as i said - that's it ;)
  Reply With Quote

Old 10-29-2005, 02:17 AM   #10
toniii
Guest
 
Posts: n/a
Threads: 5107
Default

Quote:
Originally Posted by Wickerman
I remember that years ago I use to ask questions like this, heh heh. The thing is there is no one way. There are all kinds of sploits. Many of them use post data and some of them you can do with your browser. Hell, a few you can even find googling. Mysql queries are another way. You just gotta' try to learn whatever sploits you can and then build from there. Googling for this kind of info is not easy. There isn't too much stuff publicly posted that is understandable to the layman. One way is to try to become a terrific bruteforcer and then maybe a skilled exploiter will notice and take you under his wing. It's funny but an exploiter who is working with you can make you understand something in just a few paragraphs of instruction that you couldn't make heads or tails of when reading dozens of white papers you found googling. But in order to get these guys to take an interest in you ya' gotta' get bruteforceing down to a science, prove that you are a hard worker and that you never give up. If a person doesn't have the patience to get bruteforceing down than there is no way they are going to make a good exploit student because it is much, much more difficult. There are sites out there like bugtraq and milworm that post news about new sploits. Good exploiters keep an eye on sites like these and utilize them before they have died. But it simply isn't like bruteforceing. With bruteforceing you use the same basic technique on mostly everything, with exploiting every different vulnerability can require lots of research and a different approach. But hell, there are lots of exploiters who only know how to use maybe 10 sploits or even less. But ten good ones can take you a long way, getting you into hundreds of different sites. Then you've got your masters who know much more than that, including using mysql queries, cookie manipulation, and other effective techniques. I think it will be ok for me to tell you that where nearly everyone starts is with ccbill logs and add-passwd.cgi. add-passwd.cgi is an ancient sploit which has post values and gives you server access and is still open on few servers. The most common thing you'll see if you ever get sploit access anywhere is shells, which are basically backdoors placed on the server by an exploiter. You'll have to learn how to use a few basic commands to use these, namely cat, ls -al, and locate. But sploit information is a secretive kind of thing. In fact, if I were to post info. here that was very specific I would probably get in trouble for it, heh heh. Exploiting tips are generally shared in private chats and emails, not in public forums. Like I was saying earlier try your best to become a master of the bruteforceing game. If you become really good at it and show that you are a hard worker who never will call it quits eventually someone will notice and decide to show you a few things.

WOW!!!!! My breath has been taken away from me!! This greatly sums up everything someone would want to know in regards to xploiting like myself. THANKS A LOT for taking the time to write this wickerman!!!
  Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump



All times are GMT -4. The time now is 09:57 PM.


vBulletin skin developed by: Xisp.org Crew
Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
2005 © Copyright Xisp.org