PDA

View Full Version : encrypted file location?



dipman44
06-07-2007, 10:12 PM
how would i be able to find the encrypted password files from servers you login to such as myspace? there must be a certain url its at or something can someone please help me out with this?

Moonbat
06-07-2007, 11:13 PM
Well, such a file would either be in a protected directory, or on MySpace's private Intranet which you would have to access via an FTP client, either way, it's not gonna be easy to get, because I'm pretty sure it's the second option.

dipman44
06-07-2007, 11:56 PM
where do you think i would start i have cain and abel but idk where to start any s***estions?

Ezekiel
06-08-2007, 03:03 AM
The hashed passwords would be stored on Myspace's SQL server, which probably can only be accessed from their internal network and requires a password. The physical SQL database would be in a directory on the same server that has permissions set to prevent access from even someone who got non-root access to it.

If you somehow managed to penetrate their internal network and get root access to the SQL server, the hashes would likely be salted, thus preventing any dictionary or rainbow table attacks. You would have to spend days, possible weeks or months brute-forcing the alphanumeric password unless you knew the salt and the victim chose a really poor password.

In other words, it's not worth even attempting.

dipman44
06-08-2007, 10:52 AM
but if i got in would i get every single login and password for the website? or would i have to decryped every login individually? Because it may be worth the weeks if i could get every password.

Ezekiel
06-08-2007, 01:23 PM
Let's get one thing straight: you're not going to hack Myspace. They pay many highly knowledgeable people to take care of their security, and unless you're some sort of security and programming expert, there is no chance. They aren't going to beaten by kids with pre-made tools.

If you did 'get in', it wouldn't be that simple. User info would probably be stored on multiple servers.


but if i got in would i get every single login and password for the website? or would i have to decryped every login individually? Because it may be worth the weeks if i could get every password.

See what I wrote above:


the hashes would likely be salted, thus preventing any dictionary or rainbow table attacks. You would have to spend days, possible weeks or months brute-forcing the alphanumeric password unless you knew the salt and the victim chose a really poor password.

You would have to decrypt every hash individually. And I was talking about weeks for each hash, not for all of them.

Moonbat
06-08-2007, 11:51 PM
You'd have a hard time covering your *****s too, they probably have IDSes running. And if you got caught, that would equal lots of legal trouble, just because you wanted to hack MySpace and mess with a few people.

dipman44
06-11-2007, 11:28 PM
You'd have a hard time covering your *****s too, they probably have IDSes running. And if you got caught, that would equal lots of legal trouble, just because you wanted to hack MySpace and mess with a few people.

ya your right i could just use a password cracker for myspace that i found unstead but the only thing about it is i cant always crack everyone that i try i can only crack retards that put retarted passwords