Facebook to be hacked

**-zeroSKILL-** · 10-10-2011, 01:39 AM

Re: Facebook to be hacked

I have much practice. Any of the old VC regulars could tell you that~

**benguino** · 10-10-2011, 04:26 AM

Re: Facebook to be hacked

Originally posted by hi19hi19

Dear lord man that was pretty exhaustive.

p.s. I think I know the security flaw in that program and I don't even know what language it's programmed in lmfao

EDIT 2- hehe turns out I was right, dat AP computer science really coming through for me ^_^
I learned something new about programming today... *sigh* I really should learn something other than Java

Lol, AP Comp Sci last year. XD I got an "eh..." score but it was good enough to get me the credit. =] But there is no shame in knowing just Java right now, it's a good programming language to learn the fundamentals of object-oriented programming. It's also strictly-typed which reinforces good programming habits. We'll learn some other programming languages when the time comes. =]

**Izzy** · 10-10-2011, 05:25 AM

Re: Facebook to be hacked

Originally posted by fido123

Code:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int chkauth(char *password) {
        int auth_flag = 0;
        char buffer[16];
        strcpy(buffer, password);
        if(strcmp(buffer, "passwrd") == 0)
                auth_flag = 1;
        return auth_flag;
}

int main(int argc, char *argv[]) {
        if(argc < 2) {
                exit(0);
        }
        if(chkauth(argv[1])) {
                printf("%s\n", "You got it");
        } else {
                printf("%s\n", "Nope");
        }
}

This is bothering me, what is the answer? Does it have to do with putting in pointer deference as a string so when it copies it into buffer it copies something else?

Edit: nvm, I think I figured it out. I just don't understand why it wouldn't cause the program to crash.

**00Razor00** · 10-10-2011, 08:05 AM

Re: Facebook to be hacked

1337 h4X0r5 in this thread.

**fido123** · 10-10-2011, 09:05 AM

Re: Facebook to be hacked

Originally posted by Emithith

lol fido, umad? What's with the hostile behaviour. I obviously don't know much about hacking, so why would you be so aggressive? x-x;

Sorry, I meant to say that from wherever you heard that Minecraft DDOS thing is bullshit, not that you were necessarily coming in here and making it up as it's more than understandable why most people would believe it. Wasn't trying to come off as aggressive to you although reading back on my post it seems that way. Sorry.

Originally posted by -zeroSKILL-

From memory, what I was trying to say is that it isn't hard to do the kind of stuff Anonymous does. A large group of people focusing their efforts on defacing websites can easily accomplish the task. It's just a matter of whether or not they are willing to risk the consequences that determines how far they go.

Anonymous managed to hack a website who must have had the most insanely retarded IT staff in the world. They exploited a really simple hole and it's pretty shocking that a company as large as Sony didn't catch it. I can guarantee the vast, vast, VAST majorities of companies protect against SQL injection which is what brought Sony down.

Originally posted by -zeroSKILL-

A weeks worth of studying, a few programs downloaded, and I can get personal data off of websites with weak security through very basic and crude forms of SQLi.

Then those companies pretty much have their doors open to anybody waltzing in and taking their data. You have to know how to find it, but any company who know's anything about security would have sealed those holes. I have a server in my basement beside me with a fairly fresh installation of Debian and hardly any security set up on it. It's a webserver so you can try your techniques at castro.homelinux.net. Give it a try.

Originally posted by -zeroSKILL-

I know next to nothing of the finer workings of how the programs work, or what the commands I type into the URL bar mean, but they get information that I really shouldn't be able to. I was recently trying to learn the finer points of SQLi just for fun, but it grew boring and tedious to learn. I'm not trying to be a pro hacker and go vandalize stuff on the net, I just find it fun to learn how to do it, and then be able to do it.

Learning SQLi isn't going to help you much, other than understand one exploit which is just basically tricking a PHP/Perl/ASP webscript into running an altered database query through actually typing that query where the program is grabbing values out of. If you want to learn how to hack I suggest this book.

Sorry if I was a bit harsh on you but I guess you were drunk and were coming off as some kind of hacker extraordinaire. Just take it from me that hacking any website with even half assed security isn't going to be easy.

Originally posted by Izzy

This is bothering me, what is the answer? Does it have to do with putting in pointer deference as a string so when it copies it into buffer it copies something else?

Edit: nvm, I think I figured it out. I just don't understand why it wouldn't cause the program to crash.

EDIT: Sorry read your comment wrong. It doesn't because there's of the buffer variable. Leaves enough room on the RAM to move things around without causing a segmentation fault.

**Cavernio** · 10-11-2011, 10:31 AM

Re: Facebook to be hacked

The fact that facebook may or may not be hacked is totally the uniteresting side of this, the interesting one being the group/groups reason for doing it at all.

I see no reason why governments would not be collecting data on the people on facebook except for the fact that the governments themselves need a reason to.
Hell, didn't the Canadian government only very recently back down on proposed expensive legislation that would make it mandatory for ISP's to track all internet activity so that law-enforcers could access that information whenever they wanted?

In what is probably seen as an odd view for me, I really don't give a shit that people can track my personal information. I mean, anyone could do the same thing before I was on the internet anyways, now it's just a lot easier for someone to do it. Wherein the problem lies with this is what governments/industries DO with the information. I mean, obviously, if someone's going to stomp on free speech or start incarcerating people for things they haven't done but look like they might do, that's where the problem lies. Yes, the collection and synthesis of personal information can lead to human rights crimes, but we should work on preventing abuse of power that information gives. Crack down on that, not prevent information collection at all, especially when it can be used for good.

I suppose there's the total loss of privacy just in general, that that in and of itself is unwanted, but for some reason that doesn't bother me. Perhaps it's because I feel that anything I do or say on the internet isn't said in private and I shouldn't expect it to be private, even on personal websites or pages. I understand that someone out there, if they want to, can track every single webpage I go to, (or at least that my IP 'goes to'.) I don't even have the expectation that my emails are private. And I don't really have that desire to have it all be private either. But my parents for instance, really dislike the fact that the internet is so public, and my mom specifically doesn't use facebook because she knows that it IS public when she wouldn't like it to be. (It's also false to say that your settings are private on facebook if they're easily tracked by someone with a little skill.) I almost feel like this is a difference in a generation gap; not in the use of the internet, but in the desire and expectation of privacy while networking.

(Obviously I don't want people I know going through my email, but the less I know someone, the less I care that they know stuff about me. I DO still expect people to follow proper social etiquette, obviously, and at some point it is criminal to follow someone, aka stalking.)

**Emithith** · 10-11-2011, 11:38 AM

Re: Facebook to be hacked

Originally posted by fido123

Sorry, I meant to say that from wherever you heard that Minecraft DDOS thing is bullshit, not that you were necessarily coming in here and making it up as it's more than understandable why most people would believe it. Wasn't trying to come off as aggressive to you although reading back on my post it seems that way. Sorry.

Okay Apology accepted.

Just saying that Minecraft does have a main server you need to log onto in order to even play the game. So it could be hacked and become semi-big news quick. I'm not sure if bs, but there was an article. Also it was from back in January I think.

**Quigly** · 10-11-2011, 02:27 PM

Re: Facebook to be hacked

people getting drunk

and going on ffr

because ur worth it~

**benguino** · 10-11-2011, 02:38 PM

Re: Facebook to be hacked

Originally posted by Cavernio

The fact that facebook may or may not be hacked is totally the uniteresting side of this, the interesting one being the group/groups reason for doing it at all.

I see no reason why governments would not be collecting data on the people on facebook except for the fact that the governments themselves need a reason to.
Hell, didn't the Canadian government only very recently back down on proposed expensive legislation that would make it mandatory for ISP's to track all internet activity so that law-enforcers could access that information whenever they wanted?

In what is probably seen as an odd view for me, I really don't give a shit that people can track my personal information. I mean, anyone could do the same thing before I was on the internet anyways, now it's just a lot easier for someone to do it. Wherein the problem lies with this is what governments/industries DO with the information. I mean, obviously, if someone's going to stomp on free speech or start incarcerating people for things they haven't done but look like they might do, that's where the problem lies. Yes, the collection and synthesis of personal information can lead to human rights crimes, but we should work on preventing abuse of power that information gives. Crack down on that, not prevent information collection at all, especially when it can be used for good.

I suppose there's the total loss of privacy just in general, that that in and of itself is unwanted, but for some reason that doesn't bother me. Perhaps it's because I feel that anything I do or say on the internet isn't said in private and I shouldn't expect it to be private, even on personal websites or pages. I understand that someone out there, if they want to, can track every single webpage I go to, (or at least that my IP 'goes to'.) I don't even have the expectation that my emails are private. And I don't really have that desire to have it all be private either. But my parents for instance, really dislike the fact that the internet is so public, and my mom specifically doesn't use facebook because she knows that it IS public when she wouldn't like it to be. (It's also false to say that your settings are private on facebook if they're easily tracked by someone with a little skill.) I almost feel like this is a difference in a generation gap; not in the use of the internet, but in the desire and expectation of privacy while networking.

(Obviously I don't want people I know going through my email, but the less I know someone, the less I care that they know stuff about me. I DO still expect people to follow proper social etiquette, obviously, and at some point it is criminal to follow someone, aka stalking.)

You have a good point there. I do think what the government DOES with the information is much more important than the fact that they actually have our information. Like, if all they are doing to do is just take our information and store it in a database and then do nothing with it, well, I wouldn't give a ****. On the other hand, if they are going to use it for malicious purposes, like to blackmail people with there "private" photographs they uploaded, that would be a much greater concern.

There is also the question of what type of information they are going for. For example, quantitative data, like facebook posts per week, the comment to status update ratio, and such and such could provide immense statistical data that could be useful for research that may benefit the society as a whole. Qualitative data would be different on the other hand. With quantitative data, you could easily set up some script or program to pull all that quantitative data. But with qualitative data, an actual person has to read that data, interpret it, and log it down and this process would take an immense amount of time for a large amount of data. However, I would only see qualitative data being pulled if the government was suspicious of some person or if that person was involved in a crime (or possibly involved.)

**fido123** · 10-11-2011, 07:21 PM

Re: Facebook to be hacked

Although I totally disagree with the government monitoring our data whether we like it or not, Facebook is doing nothing wrong IMO. When you sign up for Facebook they make it really easy to understand that any information you put up there will be spread. If you don't want that don't make a Facebook.

**-zeroSKILL-** · 10-11-2011, 09:16 PM

Re: Facebook to be hacked

Originally posted by fido123

I'd like him to even see him decrypt this:

331bf5d65fc1553676bd09ffad765d8d704412a7

It's SHA1

I am still working on cracking this, but for the sake of time, could you narrow down what charsets I should be using and how long the pass is? Which of the following does it include: Lowercase/uppercase/numbers/symbols? Will a dictionary attack work? Should I be bruteforcing, etc. I've already attempted a bruteforce of possible pass's 1-7 digits long, and moved on to a dictionary attack when it failed. I've exhausted a "short" word list, and am now using what I call my "encyclopedia britannica" word list, which may take a week or more to go through at around 3.2 million pass's per second. For some reason my short word list was processing far slower, at about 1.8 million pass's per second. I would switch to a GPU bruteforce, but my computer was next to unusable when executing an attack like that, and I removed the program that allowed it, and can no longer find it.

So, again, just for the sake of time, could you please narrow the charset/length down a little?

**Emithith** · 10-11-2011, 09:45 PM

Re: Facebook to be hacked

little do we know, -ZS- is trying to figure out the pattern for fido, and it's a CD-Key for some game that he plans to pirate.
Harr har. Kidding aside, this will be interesting to see on the 5th next month.
But who knows this is probably just as bogus as 2012.

**Cavernio** · 10-14-2011, 07:22 AM

Re: Facebook to be hacked

Originally posted by fido123

Although I totally disagree with the government monitoring our data whether we like it or not, Facebook is doing nothing wrong IMO. When you sign up for Facebook they make it really easy to understand that any information you put up there will be spread. If you don't want that don't make a Facebook.

That said, if you're not on facebook, you're 'missing out' on like, a huge new social aspect that I suspect the majority of north americans use. Furthermore, some employers expect/need you to use Facebook or GooglePlus. Which would then be the the companies fault...
Gah, the thing I'm trying to say is that at some point the pervasiveness/popularity of a technology or ritual or other stuff will make it such that if someone just doesn't like an aspect of something, (like the fact that Facebook isn't private), is not a good enough reason to not participate. Like, say I have a dislike of petroleum products because they're raping the earth and are going to run out, it would be next to impossible to never use things that are manufactured using them, since most plastic uses them. If I chose not to use them, my life would change significantly and I'd have to go and live in the woods or something, which for most people is just not feasible.

Not that Facebook has reached such an extreme point yet, and it likely never will to such an extreme as with the plastic example, since there are other modes of communication, but I think the point still stands with Facebook, especially given that employers use it.

**Calcium Deposit** · 10-14-2011, 07:30 AM

Re: Facebook to be hacked

I don't quite understand why anyone would even care if the government knows what your favorite bands are, your relationship status, or how awesome you thought Ashton Kutcher's latest tweet was. Don't get me wrong, facebook's a stupid site. It's only a matter of time before it gets replaced by an even stupider social networking site. But trying to hack it for a 'good cause' is wasted energy.

Without even consulting facebook the government can learn where you live, where you work, who you hang out with, what types of food you eat, what allergies you have, what medications you take, how many hours you spend on the internet, your blood type, color of your feces, and how many episodes of the Big Bang theory you've seen.

**devonin** · 10-14-2011, 07:50 AM

Re: Facebook to be hacked

Originally posted by -zeroSKILL-

I am still working on cracking this, but for the sake of time, could you narrow down what charsets I should be using and how long the pass is? Which of the following does it include: Lowercase/uppercase/numbers/symbols? Will a dictionary attack work? Should I be bruteforcing, etc. I've already attempted a bruteforce of possible pass's 1-7 digits long, and moved on to a dictionary attack when it failed. I've exhausted a "short" word list, and am now using what I call my "encyclopedia britannica" word list, which may take a week or more to go through at around 3.2 million pass's per second. For some reason my short word list was processing far slower, at about 1.8 million pass's per second. I would switch to a GPU bruteforce, but my computer was next to unusable when executing an attack like that, and I removed the program that allowed it, and can no longer find it.

So, again, just for the sake of time, could you please narrow the charset/length down a little?

If his point was to suggest that you're not an "ace hacker" I don't see how asking what is essentially your -target- for help narrowing it down to make it easier helps. :P

Facebook to be hacked

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment