|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: ICQ Pass Cracker.
Subject: Re: ICQ Pass Cracker.
From: Kerb (kerb
FNUSA.COM)
Date: Sun Jan 30 2000 - 13:45:21 CST
- Next message: WHiTe VaMPiRe: "Re: Napster a little insecure?"
- Previous message: Jordan Ritter: "Re: Napster a little insecure?"
- Maybe in reply to: WolF Knox: "ICQ Pass Cracker."
- Maybe reply: Kerb: "Re: ICQ Pass Cracker."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wednesday, January 26, 2000 11:03 PM, Blue Boar [SMTP:BlueBoarTHIEVCO.COM]
wrote:
| WolF Knox wrote:
| > One day i was doing absolutely nothing on the net and i though, hell,
| > why not make a password crack for ICQ since it's only 8 chars? something
| > like, you put that long-lost-UIN-with-fake-email in a field and the
| > program will try all the possibles combinations to discover the
| > password, of course, 8 chars is relatively small....the program would
| > need to have some kind of pause/resume system, like you try today, you
| > need to disconnect, you pause, go offline, later you come back and try
| > again resuming since the point you stopped.
|
| Please elaborate. Is there a local ICQ password on the HD that can be
| poked at? Do you know what the allowed character set is? Or are you
| talking about bruting the ICQ servers? If it's the latter, 8 characters
| can take a long, long time across a network, and that's assuming there is
| no lockout feature.
|
| BB
I am sure there ( are | can easily be written ) local crackers for ICQ. At
least
version 99a. If you check back in BugTraq from approx. 4 - 6 months ago, there
was
a message about ICQ99 storing passwords in cleartext in <youruin>.dat. I have
examined
my dat files, but they are so cluttered that I cannot find a pattern on where
it is stored. It is
never on the same line in every file, and nothing else I could find to mark a
definate spot on
where it would be. I'm sure someone can find that pattern. Hell, a "strings
123456.dat | grep -v iU"
would narrow down your search by probably half (iUserSound, etc all over the
file). As far as
cracking it via the ICQ Servers, I find that at least mildly retarded. You
figure
256^8 + 256^7 + 256^6, etc etc etc comes out with a whole helluva lot of
possible passwords
(and yes, control chars CAN be used) that would take forever on even a T1, and
would leave
a horrible mess in the logs on the servers. Call me crazy, but I'd probably
notice it.
-Kerb-
- Next message: WHiTe VaMPiRe: "Re: Napster a little insecure?"
- Previous message: Jordan Ritter: "Re: Napster a little insecure?"
- Maybe in reply to: WolF Knox: "ICQ Pass Cracker."
- Maybe reply: Kerb: "Re: ICQ Pass Cracker."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Sun Jan 30 2000 - 14:14:02 CST