PDA

View Full Version : Myspace, Facebook, John the Ripper...I know not this sh-t again



Six9er
01-15-2007, 06:59 PM
I&#82*7;m not going to ramble on some pity pot story of why you should help me. I want to get into someone&#82*7;s private myspace blogs. Which are currently viewable only to those in the blog owner's preferred list or only the blog owner can see it. I know that there where url codes to do such a thing but the ones I came across are outdated by months.

Anyway I&#82*7;ve been screwing around trying to figure things out for myself. Now if I put in the person's myspace url in google, a link to the page and a link to there blogs show up. Now google "Cached" happens every three months or so...will google eventually cache the private blogs and show them? Silly I know. Ive heard that with the right wording google can bypass anything? How would you go about wording it?

Now I don&#82*7;t care to so much get the persons password to there myspace..I rather just be able to read the few blogs. But if need be the only way to get the blogs is to get the whole profile then whatever, Ill do that. I&#82*7;ve read that John the Ripper program can get passwords. I have the link to download it but I&#82*7;m not sure on what it does or how it works to get the password. Can some explain how it works?

Now Facebook. I came across this but don&#82*7;t know if its out dated or not. I&#82*7;m not sure how to work it out either. I wouldint mind being able to view a facebook profile as would anyone else for that matter.

" This Google Hack will find people that can no longer hide their profiles because they used a link that forced their profile to be public.

inurl:l= site:facebook.com

Facebook has an option to make your profile completely public using a special URL. When you click “My Account&#822*;, it has what they call an “AIM link&#822*;. When you access your profile through that link, it bypasses any facebook login, making your profile public. If the link is found on a website, blog, forum, etc&#82*0; Google comes around, and that link and your profile will be public forever (bye bye privacy!)

(somthing else)

Edit the following with *. Your School 2. Comma separated list of school friend ID&#82*7;s *. A description for the search.

http://[*].facebook.com/search.php?do_search=*&ids=[2]&summary=[*]"

Its not much but its all I got for now. Can someone explain this or any other ways?


Ps. To everyone one else who might have the same dilemma please don&#82*7;t post a comment pleading for help and what not. We&#82*7;re all on the same ***t here trying to figure things out. Keep the posts helpful and clean cut so others don&#82*7;t have to read through 8 pages of crap when they come down this same road.

~~smart~fool~~
01-15-2007, 07:07 PM
Nice job with the GHDB (doubt you did it but still good job finding it).

For people who must view private profiles, there is only one option: forget about it. You arent able to. This isn't the first day online for these sites. They know how to secure it. Only someone that knows how it functions internally could break it and even if they did; whats the point, to view someone's picture or journal?
Forget about hacking million dollar organizations with kiddie programs. John/jack the ripper is not related and wont help you.

And yes please tell me im stupid and this means nothing to you because im glad. Life's a bitch.

Moonbat
01-15-2007, 08:14 PM
As of now, the security hole to view private profiles and their contents has been patched. There is currently no way.

Six9er
01-15-2007, 10:10 PM
So John the Ripper will not work on Myspace or Facbook? What about Google "Cached". Will it cache it and show it over time? I doubt it but it still would be nice to know exactly. And what about those Facebook codes I put up. Are they legit? And am I wrong, can't Google get into private documents ect. if worded right in the search?

Ezekiel
01-16-2007, 12:08 PM
So John the Ripper will not work on Myspace or Facbook? What about Google "Cached". Will it cache it and show it over time? I doubt it but it still would be nice to know exactly. And what about those Facebook codes I put up. Are they legit? And am I wrong, can't Google get into private documents ect. if worded right in the search?

Google can only access what you can. It caches the same as what you would see if you visited the site at the time of cache. Google has gained a reputation as a hacker's tool because it can find hidden or obscure documents. These documents can be viewed if you enter the correct address. Google bypasses 'security by obscurity'.

Oh, and Cain, Brutus, John the ripper etc. can't help you.

Six9er
01-16-2007, 01:42 PM
Google can only access what you can. It caches the same as what you would see if you visited the site at the time of cache.

Cain, Brutus, John the ripper etc. can't help you.

So theres no way? No tools and such that can be used to get the password or to crack into the blogs? The blogs are the only thing that I want to learn to get into. Well if tools and programs will not work then keenness is the only option. Does anybody have any tips or tricks? I know for Facebook if need be just to make a fake profile and add the person and hope they will except...lol thats the only trick I know to be able to access somones facebook profile you want to see. Does anybody else have any tricky ideas for myspace facebook...I know this is a hackers fourm and not one for online ninjas but whatever works right?

Troll
01-16-2007, 02:58 PM
So theres no way? No tools and such that can be used to get the password or to crack into the blogs?

Theorically you could, but as Myspace limits password guesses before you have to copy characters from an image it would take you years.

You could just create a fake profile, use a picture of a good looking man (but not too good looking), start chatting to her, then add her as a friend.

Like Mike said, Google can only view the same sites as you can. You could trying google "site:blog.myspace.com +username", or just play around with google and her myspace ID. But this will probably be unsucessful.

If i were you, i would try some social engineering, become her best friend, then read her blog. Although, if she set it so that only she can view it then that won't work either..

Maybe you should stop wasting your time instead? :)

Six9er
01-16-2007, 03:21 PM
Theorically you could, but as Myspace limits password guesses before you have to copy characters from an image it would take you years.

You could just create a fake profile, use a picture of a good looking man (but not too good looking), start chatting to her, then add her as a friend.

Like Mike said, Google can only view the same sites as you can. You could trying google "site:blog.myspace.com +username", or just play around with google and her myspace ID. But this will probably be unsucessful.

If i were you, i would try some social engineering, become her best friend, then read her blog. Although, if she set it so that only she can view it then that won't work either..

Maybe you should stop wasting your time instead? :)

Who said the person was a she? Mabey Im a she or she is a he or me a he. The situation of the ppl involved doesint matter, all that matters is the problem. And yes playing around with google using the Myspace ID has been unsucessful on all counts. I've tryed everything I could. And about wasting my time...If I thought trying to figure out how to gain access to private blogs was a waste of time I wouldint be trying to do it. Now this is a fourm to discuss these types of things and not to criticizes them. Now John the Ripper and such are the only things that would work but as you said since Myspace "limits password guesses before you have to copy characters from an image it would take you years" Theres a chance that it might also take days. how does John the Ripper work?

tocksarcle
01-16-2007, 04:13 PM
John the Ripper cannot help you crack site passwords, it can only help you crack hashes(md5s and such) on your computer. It would not be helpful in anyway whatsoever. Brutus could work if it didn't limit the number of logins, but is does so Brutus is useless.

Ezekiel
01-16-2007, 05:52 PM
No tools and such that can be used to get the password or to crack into the blogs?

You aren't going to find 'tools' for this sort of thing apart from your own brain of course.


Now this is a fourm to discuss these types of things and not to criticizes them.

Actually, this is a forum for people to discuss what they find interesting. People aren't obligated to help with anything. We're not paid after all.


John the Ripper cannot help you crack site passwords, it can only help you crack hashes(md5s and such) on your computer. It would not be helpful in anyway whatsoever. Brutus could work if it didn't limit the number of logins, but is does so Brutus is useless.

Agreed.

neilc
01-16-2007, 06:23 PM
like anyone got messanger that can help me with john the ripper

and using it on myspace if they know


but I want to work with john the ripper the most

Moonbat
01-16-2007, 07:19 PM
JTR cracks hashed (encrypted) passwords in a text file.

~~smart~fool~~
01-17-2007, 02:24 PM
like anyone got messanger that can help me with john the ripper

and using it on myspace if they know


but I want to work with john the ripper the most

Can you not read the posts that just got explaining this program is useless for myspace for god sakes.

Six9er
01-17-2007, 02:37 PM
Brutus could work if it didn't limit the number of logins

So how many attempts of logins does myspace take before it shuts you out? It will only shut you out for a cetian matter of time before you can try again right?

I've tried about all that I can do. If one of you guys where to get somones password or get into a private blog how would you go about doing that?

Moonbat
01-17-2007, 04:25 PM
Use social engineering (good lying) to get them to give you their password. Spoof an email pretending to be a MySpace employee or something.

Six9er
01-18-2007, 04:47 PM
hmm, what about "TypeAgent"? whats the deal on that?

~~smart~fool~~
01-18-2007, 05:32 PM
hmm, what about "TypeAgent"? whats the deal on that?

Its a plain keylogger used locally. You could find better.

neilc
01-18-2007, 06:21 PM
is anyone good with john the ripper that can help me a bit

Moonbat
01-18-2007, 06:30 PM
JTR can't guess passwords on webpages or what not. Here's what it's used for:

Suppose your trying to get into someone's files. You find a file called pass.txt in the WINDOWS directory of the computer, a file which they should have hidden, but forgot to. It has the encrypted (hashed) version of the correct password. Maybe it looks like 2b2f20*a*. You later find out it's encrypted in DES. You copy that hash into a txt file, and put it in whatever directory JTR is saved in. Then you run DOS, and type:


cd WHATEVER DIRECTORY THE JTR PROGRAM IS IN, THE FULL DIRECOTRY

Replacing all the Caps text with the direcotry it's in. cd is a command that changed directories while in DOS. When you are in that directory, type:


john

That'll start the program, and if you have that pass.txt file in the same directory, type:


john pass.txt

By default, JTR starts bruteforcing in DES. The tutorial I posted earlier has a whole bunch of other commands to use wordlists, and to bruteforce in other encryptions.

So, JTR isn't a password cracker in the sense you're thinking of.

Six9er
01-19-2007, 02:27 PM
hmm, what about "TypeAgent"? whats the deal on that?

Its a plain keylogger used locally. You could find better.

How does Typeagent and others like it work? It seems to good to be true to follow every site they go to and every word they type in.


How about removing CSS encoding/elements? Will that make it to be able to view private myspace stuff such as a blog?

Six9er
01-19-2007, 02:47 PM
And a quick question. How are ppl's myspace's getting hacks and fake bulletin are being posted under there name? A close friend of mine had one up about some party this kid was having.

"Info on that big party Friday night...
Body: about that huge party thing Friday Night.

send this kid a message and he will give you directions. If you didn't know about it and wanna go send him a message for info.

If You wanna see what your gonna be missing,, check out hte pictures on his profile from previous parties, i guarantee a good time =)

http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendID=727*56*"

now I clicked on the link to check it out but then it brought me to this which looks exactly like a myspace page. But I knew somthing was up when it wanted me to log in again..then I looked at the url. I think its pretty clever.

http://login.rnyspacel.com/index.cfm/fuseaction=login&nextPage=fuseaction=user.viewPicture&friendId=**q*24*2&MyToken=c*00dfdd-2*de-ca2*-adfa-dd02cg4e*a*f5.htm

~~smart~fool~~
01-19-2007, 03:37 PM
And a quick question. How are ppl's myspace's getting hacks and fake bulletin are being posted under there name? A close friend of mine had one up about some party this kid was having.

"Info on that big party Friday night...
Body: about that huge party thing Friday Night.

send this kid a message and he will give you directions. If you didn't know about it and wanna go send him a message for info.

If You wanna see what your gonna be missing,, check out hte pictures on his profile from previous parties, i guarantee a good time =)

http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendID=727*56*"

now I clicked on the link to check it out but then it brought me to this which looks exactly like a myspace page. But I knew somthing was up when it wanted me to log in again..then I looked at the url. I think its pretty clever.

http://login.rnyspacel.com/index.cfm/fuseaction=login&nextPage=fuseaction=user.viewPicture&friendId=**q*24*2&MyToken=c*00dfdd-2*de-ca2*-adfa-dd02cg4e*a*f5.htm

Some dumbass script kiddie copied the myspace code from view source.

Six9er
01-19-2007, 04:48 PM
what about Typeagent and going about removing CSS encoding/elements? Will these be any good?

jb007
01-29-2007, 03:36 PM
On a side note for facebook, since you can access some people's profiles just by having an email from that school, I was wondering if there's anyway to get ahold of, make, or fake an email address for that school.