CodeMonkeyZ think the auditors will be able to easily crack the password
(media.greatawakening.win)
? Notable
You're viewing a single comment thread. View all comments, or full comment thread.
Comments (115)
sorted by:
It's been awhile, but I know there were various LANMAN attacks and such that made cracking windows passwords really easy. It's always a cat and mouse game, hell, I remember being in College hearing how MD5 was uncrackable, could only be brute forced, by the time I graduated MD5 hash collisions trivialized all that.
A lot of times shitty companies hide their multimillion dollar software behind simple security through obscurity bs. I've cracked multiple HASP dongle programs that only had simple test donglestatus, jne nodongle almost everytime. The most complex dongle I defeated took me about 10 hours. I created my own dll injection and overwrote most of the HASP API so that I could provide my own responses (luckily they didn't hide any code on the actual dongle as that was MIA), all the information on how to do that was part of the HASP API, just had to find the proper calls and replace em with my own functions returning bullshit that's similar.
I've had to go in and do some database modification for apps that didn't allow me into the database, it'll be existing in plaintext in some form or another (sometimes can just capture the SQL opening up the database, but usually it's also just hiding in plaintext somewhere).
That being said, our admin's Windows NT password was ~13 characters, couple special chars and took about two weeks with a few of our geeks in school dividing our awesome Pentium 2 power at home running l0pht against it in the late 90s.
u/#michaelconfused
And I'm reading that it sounds like I'm coming off as an asshole a bit. There's been plenty of shit I didn't crack in my day too, either because it was beyond my skill. SecuROM used to be one of my big banes, only was able to crack one game successfully and that was because they didn't encode properly.
I actually enjoyed doing it though, so would take on various reqs on IRC and from friends back in the day, . While these devices are rare in the wild, they can be gotten if you care enough to throw money at it. The older equipment can be found for around $200-$300 per machine.
God I love this community. We have the best, simply the best.
All about that
Enable algorithm-type scrypt secret password value SRS