gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
75734 Posts in 13292 Topics by 2662 Members - Latest Member: holt December 16, 2018, 09:26:32 am
*
gfx*gfx
gfx
WinMX World :: Forum  |  WinMX Help  |  Chat Issues  |  WARNING: about /login Vulnerabilities
gfx
gfxgfx
 

Author Topic: WARNING: about /login Vulnerabilities  (Read 3423 times)

0 Members and 1 Guest are viewing this topic.

~*¤£ôv认Gí®|¤*~

  • Guest
WARNING: about /login Vulnerabilities
« on: December 09, 2005, 01:40:10 am »
i posted the exact post on Vladd's forum also, fyi  :-)
the following was found at:

http://kraine.atspace.com/Lex.html

which has probably been taken down by now.
please keep this in mind, and watch your servers



Quote
OK f**kheads. the following script is a metis .mxl which cracks room logins from a wordlist.txt. for this to work you need to place the code into mxc.xml within the plugins folder, within ur metis 2.7 test folder. then you need to create a new folder in C: called robotexts, and within this new folder another folder called logs. when u fire up metis u have to go to settings and set the logs to be saved to c:\\robotexts\logs. Place in the C:\\robotexts folder a textfile of all the possible logins you can think of, one login per line, and call this wordlist.txt

Once its running send the bot into the target room and sum1 say (+_-) to activate it, or have the bot pm itself with the same thing- (+_-)

Watch the bot screen for the logins it attempts. when it finds a working login it sees "Access changed to:" in the room logs- this is a large part of why this script is special- and tells you on the bot screen the login that worked. simple as that. The effectiveness of this cracker depends on ur wordlist file. fill it with every login that you would use, that ur target might use, that Mr.Average might use. my wordlist also has the 100 most common Pets names, 100 most common male names, and 100 most common female names, as well as every english word.



TO PROTECT URSELF AGAINST THIS SCRIPT:

(1) Use logins with abstract numbers like ur full date of birth

(2) Use logins with a few capital letters thrown in

(3) Use logins with ascii and punctuation

(4) KEEP AN EYE ON YOUR SERVER SCREEN!!!!!!!!!



Technically if sum1 could be bothered they could make a wordlist that would get past these measures, but then it would take an infinate amount of time for them to find the login, considering the flood control in most rooms. A better measure would be for sum1 to code a lil script like moogle from the mxcontrol code vault which reads the SERVER room logs and checks for failed logins in real time. if sum1 else doesnt do it then I will soon.



SCROLL DOWN FOR THE SCRIPT.........







<?xml version="1.0" standalone="no">

<config> // Main configuration File





// Please have a look at the Metis Userguide

// for an explanation of all elemts and settings

// (File Metis.chm)



<BadwordPenalty enable="1" exclude="1"/>

<AutoKick enable="1" warnings="2"/>

<BadLangWarning value="I'd watch that tone of voice, %NAME%, if I was you."/>

<BadLangPreKick value="You have been warned, %NAME%. Final words are not permitted. Bye."/>

<RedirectCommand value="/kick %RAWNAME%"/>

<BotFloodControl value="10"/>

<UserFloodControl TimeFrame="10" MaxTriggerPerFrame="10" BanTime="240"/>

<NickSeparator value="._ "/>

<SecureParam value="1"/>

<SecureNickname value="0"/>

<ConfigEditor value="notepad.exe"/>

<MinimizeToTray value="1"/>

<EnableBeep value="1"/>

<EnableUpdateCheck value="1"/>



<DefaultCmdFloodProt value="1"/>

<DefaultCmdType value="normal"/>

<EnableBeep value="1"/>

<EnableUpdateCheck value="1"/>



<OnJoinRoom type="script" mode="thread">

<out type="control">/mxc run</out>

<out type="sleep" extdata="1500"></out>

<out delay="2370">/bot</out>

<out type="push"extdata="logline">1</out>

</OnJoinRoom>



<command type="script"mode="thread"usergroup="">

<in>(+_-)</in>..............................................................................................................



LMFAO U THINK IMMA LET ANYONE HAVE THIS? F**KIN REALITY CHECK TIME BRETREN:

Lex the room cracking bot was developed to crack deviant rooms, kiddypics n kiddyvids in particular. Four people in the world have possesion of Lex in full working order, and all of these people have a different version of the wordlist. The ultimate future for Lex is for her to hydra- 10 lil bots all with different portions of a VERY large wordlist, all working in unison, communicating through pms. Lex 3.0 is close to being finished. And no- you wont see this version of her either. Of course she can be used to crack any room at all- BUT SHE WILL NEVER BE ABUSED IN THIS WAY- SOME OF US WERE BLESSED WITH THAT MODICUM OF DECENCY.

A few personal words to a certain individual: You will never make the tiny fragment of code you have work as a room cracker. you certainly have the time but sorely lack the patience and logic required to make somethin like this work. The truth is that Lex is my first ever attempt at scripting metis, and i finished her within a week. Soak that up buttercup =DDDDDDDDDDDDDDDDDDDDDDD

In testing Lex I cracked all 5 different rooms that i tested her on. All of the hosts were aware of what i was doing and why, and all of those hosts now have very secure passes- without resorting to f**kin ascii dumbness LMFAO@ rich "i have developed some code that will protect your room..." *cough*and a full power login for myself right down the bottom of the config*cough*



Mk. lil richy heard about what lex can do cos i told him direct. Obviously he dont got the prerequisites to script anything like this so he asked Sabre to help, got no help so he asked Badass of RD. The protective measures i outlined above will protect you from ANY login cracking bot anyone else comes up with. it couldnt be simpler: WEAK LOGIN: c**t STRONG VERSION OF THE SAME LOGIN: !@C**t@!....... You get the idea.



`V´§wìt©(-)©ódÉ`V´ ¯ì)'Ì)`Víç`\/ípér´(Í'(í¯ ´ì)'Ì)Èzè|{íé|(Í'(í`

Anonymous

  • Guest
WARNING: about /login Vulnerabilities
« Reply #1 on: December 09, 2005, 07:30:07 am »
To clear up this problem...i never asked Sabre to help at all i just warned him of this bot

No mention woz made bout him helping creating a similar version

and BadAss...well hes not even online at the moment so...

decide for urselves about this statement
but it is possible to improve this "LEX" bot but the easy way would be to have a copy of the existing scripting
alas this wont happen so ive started working on it from scratch

NOT to hack rooms
just to prove him wrong - i.e. that he aint as special a programmer as he thinks and that i can script it if i want

switchcode

  • Guest
WARNING: about /login Vulnerabilities
« Reply #2 on: December 11, 2005, 08:59:10 pm »
what you dont say is much funnier than what you do richy.
 http://www.mxcontrol.org/modulesphp?name=Forums&file=viewtopic&t=1470

switchcode

  • Guest
WARNING: about /login Vulnerabilities
« Reply #3 on: December 11, 2005, 09:01:17 pm »
btw its "scripting"- which is a no brainer, as opposed to "coding" which requires a cup of coffee Kthx

~*¤£ôv认Gí®|¤*~

  • Guest
WARNING: about /login Vulnerabilities
« Reply #4 on: December 12, 2005, 04:18:55 am »
either way..it's takin down a room that you have no say in weather or not it's on winmx...

you wanna get rid of the pedos and the nasty ppl that support them...get thier ip's and turn 'em in...do it legal..

don't be stupid

Offline Me Here

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
  • We came, We Saw, We definatly Kicked Ass!
WARNING: about /login Vulnerabilities
« Reply #5 on: December 12, 2005, 05:42:40 am »
Thanks LoverGirl foryour post and information, which was also quoted in the MX Hosts section a few days ago so that our hosts could be made aware of whats happening and to keep any rumors from spreading.

As this is a problem that all hosts should be made aware of and learn how to deal with it, there is specific advice in our MX Hosts section on how to keep your logins safe and deal with this type of script.

If your not already a member of that section please send me a pm on site here or post here:

http://forum.winmxworld.com/index.php?topic=522.0

switchcode

  • Guest
WARNING: about /login Vulnerabilities
« Reply #6 on: December 16, 2005, 05:02:16 pm »
i decide my own level of involvement lovergirl. cracking a pedo room is not illegal- and even if it was, id still do it. This is simply a difference between someone that accepts and someone that is proactive.

Offline Bearded Blunder

  • Forum Member
    • Taboo Community Website
WARNING: about /login Vulnerabilities
« Reply #7 on: December 17, 2005, 05:11:36 am »
Quote
i decide my own level of involvement lovergirl. cracking a pedo room is not illegal- and even if it was, id still do it.


In most countries cracking ANY room is illegal, though the chances host of a pedo room would risk reporting you for it are small.. though if they were hosting from a country where it was legal to run such a place they might do so..

HOWEVER, cracking a pedo room, at the very best, simply moves them in disgust to another network, to continue peddling their filth & continue abusing kids directly or indirectly to make it.. this isn't a very savvy approach.

REPORTING them through the proper channels, may see them imprisoned & actually STOP them

Think On
Blessed is he who expecteth nothing, for he shall not be disappointed.

switchcode

  • Guest
WARNING: about /login Vulnerabilities
« Reply #8 on: December 17, 2005, 01:46:39 pm »
im aware of this. im the founding ex-member of a 45 strong clan. although i have now left the clan, every one of us has reported the same sets of ips to their isps and local police departments. This is just the beginning. An isp cannot ignore 45 different users from different sources all reporting the same people, along with screenshots of their shares and a recorded time and date for that particular ip.

KM

  • Guest
WARNING: about /login Vulnerabilities
« Reply #9 on: December 17, 2005, 05:20:15 pm »
unfortunately, an ISP can ignore whatever they want to, as far as they see it they have a load of screen shots and alligations sent by some unknown people telling them to cut off someone who is paying them money, it doesn't make much buisiness sense to be getting rid of customers on the word of some unknown people - they only take notice of things when they absolutely have to

Offline ñòóKýçrÕôK

  • my name is nooks, and I approve this message
  • MX Hosts
  • *****
  • Dream BIG, Live BIGGER!!
WARNING: about /login Vulnerabilities
« Reply #10 on: February 16, 2006, 08:40:48 pm »
Quote from: KM
unfortunately, an ISP can ignore whatever they want to, as far as they see it they have a load of screen shots and alligations sent by some unknown people telling them to cut off someone who is paying them money, it doesn't make much buisiness sense to be getting rid of customers on the word of some unknown people - they only take notice of things when they absolutely have to

Unfortunately KM is absolutely right on this. As most of you know or are learning about MEAN MAX, he is an AOLer. I have contacted AOLTos 3 times about MEAN MAX. The last time they sent me back an e-mail which basicly says if it doesn't happen ON AOL they aren't responcible and will not pursue it.
When you wake up each morning always try to remember tomorrow is never your option, it's God's. Love like you want to. Live like you aren't afraid. And ALWAYS try to remember that even if it seems personal it's never as important as something you may have forgotten to do today.

WinMXWorld.com Help_BABA1354BABE - For WinMX help or help on other pc related matters.
WinMXWorld.com Cafe_AE182F4ECAFE - For great chat.

Offline ñòóKýçrÕôK

  • my name is nooks, and I approve this message
  • MX Hosts
  • *****
  • Dream BIG, Live BIGGER!!
WARNING: about /login Vulnerabilities
« Reply #11 on: February 16, 2006, 08:48:16 pm »
Quote from: switchcode
i decide my own level of involvement lovergirl. cracking a pedo room is not illegal- and even if it was, id still do it. This is simply a difference between someone that accepts and someone that is proactive.

You're not actually cracking the room, you're cracking their pc. What if I cracked your pc now? Do you think you would still be so quick to jump to your decision if someone took something away from you that you earned? Like what they do or not, whoever said you would just make them move on to a new network and likely bring more abuse to more children was exactly right. Do it legally of say fuck it. That's the ONLY right way to do it. Destruction of a person's private property depending on the value of that property can be treated as a violation of more than 1 federal law because YES, it is HIGHLY ILLEGAL.
When you wake up each morning always try to remember tomorrow is never your option, it's God's. Love like you want to. Live like you aren't afraid. And ALWAYS try to remember that even if it seems personal it's never as important as something you may have forgotten to do today.

WinMXWorld.com Help_BABA1354BABE - For WinMX help or help on other pc related matters.
WinMXWorld.com Cafe_AE182F4ECAFE - For great chat.

WinMX World :: Forum  |  WinMX Help  |  Chat Issues  |  WARNING: about /login Vulnerabilities
 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Warning: this topic has not been posted in for at least 120 days.
Unless you're sure you want to reply, please consider starting a new topic.

Name: Email:
Verification:
Type the letters shown in the picture Type the letters shown in the picture Type the letters shown in the picture Type the letters shown in the picture Type the letters shown in the picture Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
What year is it next year?:
What's the name of the site this forum belongs to?:
What program is this site about?:

gfxgfx
gfx
©2005-2018 WinMXWorld.com. All rights reserved.
SMF 2.0.15 | SMF © 2017, Simple Machines
Page created in 0.075 seconds with 21 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!