close

Privacy guaranteed - Your email is not shared with anyone.

Brute force questions

Discussion in 'Tech Talk' started by seti870, Jul 7, 2004.


  1. seti870

    seti870
    Expand Collapse

    Joined:
    Jan 11, 2004
    24
    0
    Location:
    MA
    Hello. I apologize for the subject, I promise this is on the up and up. Honest.

    Recently, I've been tasked as my 13 year old cousin's keeper. My relatives have requested that I remove certain personal information from his websites and online journal, primarily home phone number, family name, and the like.

    To this end I need to access his freewebs.com account. I have his username, and know his password to be between 5 and 8 characters.

    My options, as I see them, are thus.

    a) install keystroke logging software on his computer

    b) prolonged guessing at the login window

    c) some automated form of B, which I understand is called brute force cracking.

    I'm new at this.

    a) isn't my first choice, becuase it means 5 hours driving. There is also a remote possibility he'll discover the new software.

    What are my options as far as C ?

    Regardless of how this turns out, he's going to have his computer removed for a good long while.

    Appreciate any suggestions.
     

    Wanna kill these ads? We can help!
  2. grantglock

    grantglock
    Expand Collapse
    /dev/null

    Joined:
    Feb 20, 2004
    219
    0
    Location:
    Iowa
    ask him what it is
     

  3. ronin_asano

    ronin_asano
    Expand Collapse

    Joined:
    Apr 13, 2004
    474
    0
    asking him is the best option.

    you don't want to run an attack against a server you don't own. they wouldn't take that too kindly.
     
  4. G22Leon

    G22Leon
    Expand Collapse

    Joined:
    Jul 3, 2004
    3
    0
    Location:
    Arlington/Alexandria, Virginia
    As ronin indicated, it would not be wise to attempt to brute force his account. Personally, it would take to long, without the proper tools to do it. The keylogger is the easiest way, though you mentioned a travel issue. You could instruct the persons parents on how to install the software... How computer savvy is this 13 year old. Wise enough to notice rogue processes? Possible, but unlikely..

    -Leon
     
  5. gudel

    gudel
    Expand Collapse

    Joined:
    Jun 1, 2001
    486
    0
    any computing-advance 13year old will smell keylogger from a mile away.

    i guess it's better if you just ask the kid. if he wouldn't give the information you seek, i guess torture is next. j/k :)
     
  6. seti870

    seti870
    Expand Collapse

    Joined:
    Jan 11, 2004
    24
    0
    Location:
    MA
    oh. That's right, it's a brute force attack. Thank you.

    Well, that's right out.

    He won't tell me the password. Tried the simple route.

    I still need to get the personal info off the site, regardless of when he loses computer access.

    I'm in this situation because his parents are not computer savvy. They can usually manage to check their e-mail, although they also have tech question on that.

    Will look into keylogging.
     
  7. G22Leon

    G22Leon
    Expand Collapse

    Joined:
    Jul 3, 2004
    3
    0
    Location:
    Arlington/Alexandria, Virginia
    lol come on!!! smell a key logger form a mile away? Only if it's like a start menu program or in the system tray. Even IT people dont check to validate every process running on a system all, unless their cpu or memory are getting whored.

    -Leon
     
  8. seti870

    seti870
    Expand Collapse

    Joined:
    Jan 11, 2004
    24
    0
    Location:
    MA
    he's not particularly savvy, he's just screwing around with Yahoo/Aim/MSN messenger and free web hosting.

    Shoot, his computer is still using win98.

    I also suggested the parents begin beating him regularly and thoroughly... Torture, for him, is a visit to his grandma. They'll be ramping up on those, too.
     
  9. nothingness

    nothingness
    Expand Collapse
    singularitarian

    Joined:
    May 17, 2004
    35
    0
    Location:
    inferior orbital prefrontal cortex
  10. ronin_asano

    ronin_asano
    Expand Collapse

    Joined:
    Apr 13, 2004
    474
    0
    has anyone thought to ask him to remove the personal information? has anyone explained to him why it's not a good idea to have that stuff web accessible?

    it sounds to be like he's rebelling because people are treating him like a little kid, rather than trying to treat him more like an adult, and reason with him.
     
  11. seti870

    seti870
    Expand Collapse

    Joined:
    Jan 11, 2004
    24
    0
    Location:
    MA
    Yes. When he was over for the 4th, I asked him to pull up his webpage. He pulled up the one he admitted to (not the journal, or others). Showed me a few things. I suggested that he take some things off, then kept BSing, introduced him to counterstrike, etc.

    He did alter a few things. For example, he put my home phone number up, instead. ;a

    Yes, I have tried the reasonable approach.
     
  12. ronin_asano

    ronin_asano
    Expand Collapse

    Joined:
    Apr 13, 2004
    474
    0
    heh.

    then it sounds like the next step is to call the isp hosting the site, and work with them, as someone suggested.
     
  13. David_G17

    David_G17
    Expand Collapse
    /\/\/\/\/\/\/\/

    Joined:
    Oct 7, 2002
    2,046
    0
    i'd go the keylogger route. instruct his parents via phone how to install one.
     
  14. ronin_asano

    ronin_asano
    Expand Collapse

    Joined:
    Apr 13, 2004
    474
    0
    isn't the keylogger going to treat the symptom, not the disease?

    you get his password, and change this stuff, what's to stop him from changing it back?

    or you change the pw once you have access, what's to stop him from setting up another account and doing the same thing?
     
  15. seti870

    seti870
    Expand Collapse

    Joined:
    Jan 11, 2004
    24
    0
    Location:
    MA
    Right now, my focus is getting things down.

    His parents are giving him another lecture on 'why not to put your home address, name, and other info online'

    No, this alone isn't a perfect solution. We're working on the rest, including removal of computers, I just didn't think it was all that relevant to the subject of passwords and forced access.
     
  16. David_G17

    David_G17
    Expand Collapse
    /\/\/\/\/\/\/\/

    Joined:
    Oct 7, 2002
    2,046
    0
    it allows you to get a list of sites which he puts information on, not just the password to one site.
     
  17. SamBuca

    SamBuca
    Expand Collapse

    Joined:
    Aug 9, 2002
    317
    0
    Location:
    Carlisle, PA
    This is illegal. You cannot "brute force" a password legally, regardless if you're a legal guardian.

    Yes, there are easier ways. No, keyloggers are old technology.

    Hint for you: passwords are usually stored in cookies.

    Hint for you: ethereal or tcpdump.

    Hint for you: kismet (for a wireless net).
     
  18. ronin_asano

    ronin_asano
    Expand Collapse

    Joined:
    Apr 13, 2004
    474
    0
    i understand what a key logger does, that wasn't the reason for my comment.

    i'm saying if the site gets changed, and the kid didn't change it, then he will know someone else did, ie seti870 or the kid's parents.

    so what's to prevent him from doing it again?
     
  19. seti870

    seti870
    Expand Collapse

    Joined:
    Jan 11, 2004
    24
    0
    Location:
    MA
    Ronin

    In the short term, he won't have net access. He be in a position to change things.

    After whatever period his parents decide upon, and he has access again, it is hoped he'll have learned his lesson, or at least confine his activities to other avenues.

    Do you have any suggestion of a more effective solution?
     
  20. ronin_asano

    ronin_asano
    Expand Collapse

    Joined:
    Apr 13, 2004
    474
    0
    short term:

    if he refuses to give up the password, then i would try calling the freewebs people (or have the parents do it), explaining the situation and see if they will disable the account and the page. that way, the information is not displayed, and he has no way to do anything withit.

    or check the cookies stored on the box as someone above suggested. the pw might be in clear text, and if so, you can get and make the necessary changes.

    why is he being such an ass? but that's another thread.