47 replies to this topic

[Famous5000]

Anavrins, on 14 January 2016 - 01:17 AM, said:

Famous5000, on 14 January 2016 - 12:35 AM, said:

You cannot use this as a thing against him, he was playing a practical joke, even after I asked him not to, and that's what friends do.

A practical joke which is also practical for actually bypassing, for malicious intent, even though it's not his goal.
What he could've done is send you a version that is not from the forum thread.

But hey, can't blame me, I warned you about it since my first post.

Anavrins, on 07 December 2015 - 04:59 AM, said:

The startup file also runs a pastebin link, which you can edit, and possibly replace with a virus or backdoor.

I will note that he did NOT warn me and shown me this post before he told me about it and let me install it on my computers.
Turns out that was a mistake before he removed the backdoor, or whatever it's called.

[Dragon53535]

LoganDark, on 13 January 2016 - 11:12 PM, said:

Crappy password but without logic, very hard to crack

Not hard, time consuming. with your password you have 52^28 different possibilities at that length, and that's without symbols or spaces. Running my brute force that I was using, I was implementing symbols into it, so it would of taken 93^28 possible permutations until it found your password. running it now, it's still going to take a long time. So I guess we'll see.
Running the brute force I made, I'm at 5 digits with only capital and lowercase letters. It still will take the computer over 52^27 permutations to get your password. Given what I've been using to actually do so, making it count up in digits amount, it's actually more of 53^28 - 1 permutations.

Edited by Dragon53535, 14 January 2016 - 03:38 PM.

[Anavrins]

Dragon53535, on 14 January 2016 - 10:17 AM, said:

LoganDark, on 13 January 2016 - 11:12 PM, said:

Crappy password but without logic, very hard to crack

Running the brute force I made, I'm at 5 digits with only capital and lowercase...

You are desperately trying to crack a password that isn't there anymore.
You'd be better off trying a dictionary attack before anything else, otherwise you're wasting time and power.

Edited by Anavrins, 14 January 2016 - 06:17 PM.

[Dragon53535]

Anavrins, on 14 January 2016 - 06:15 PM, said:

You are desperately trying to crack a password that isn't there anymore.
You'd be better off trying a dictionary attack before anything else, otherwise you're wasting time and power.

A dictionary attack wouldn't work with the password he's already provided. A dictionary attack is easily defeated anyways by a password that differs from the norm as well as salting. I already know that it will take a long time to crack the known password. But I find it a fun exercise to attempt it anyways.

[Luca_S]

LoganDark, on 13 January 2016 - 11:01 PM, said:

Now do you understand why I made the loader load from pastebin?

Sorry, not at all. If you wouldn't have that pastebin thing there, you wouldn't have been able to put a backdoor in, which would've saved you a lot of trouble, because I won't trust you anymore, we don't know if you really just put the backdoor in for debugging, you could also put it back in and I want my computer 100% Save, not having to trust ANYONE.

[LoganDark]

Luca_S, on 14 January 2016 - 08:44 PM, said:

LoganDark, on 13 January 2016 - 11:01 PM, said:

Now do you understand why I made the loader load from pastebin?

Sorry, not at all. If you wouldn't have that pastebin thing there, you wouldn't have been able to put a backdoor in, which would've saved you a lot of trouble, because I won't trust you anymore, we don't know if you really just put the backdoor in for debugging, you could also put it back in and I want my computer 100% Save, not having to trust ANYONE.

If you want to not trust me, go ahead and grab the code itself instead of the loader. It's not like I'm going to use it for evil anyway.

I'll never put in a backdoor if it means it will compromise my security system. I intended it as a joke, and not as a real way to abuse the system. I understand my mistake and I will never make it again.

Anavrins, on 14 December 2015 - 07:58 AM, said:

-snip-
It's also much slower than sha256.

Slower is better, it will make brute-force harder.

Edited by LoganDark, 14 January 2016 - 11:13 PM.

[Anavrins]

LoganDark, on 14 January 2016 - 11:12 PM, said:

It's not like I'm going to use it for evil anyway.

I do believe you won't, but the thing is, the way your lock is made do makes it possible, since you did exactly that, as a joke to a friend.
But as a security standpoint, that's unacceptable.

If you really want an update mechanism on your lock, it would be best to do it after authentication has been made, and that goes for most programs.

[LoganDark]

This thread hasn't been active for a while; anything anyone has to say? How do they use my system (if at all because my ex-friend virtually ruined my reputation by explaining what I did in the worst way possible)? Any issues?

Famous5000, on 14 January 2016 - 12:35 AM, said:

Surprisingly enough, I happen to be in very close contact with him. I'll make sure he removes it, and it DOES get annoying because he managed to use it to hack into my computer about 100 times, EVEN when I told him not to. Naughty naughty...

EDIT: I realized that he removed the secret password that he told me, so there should be no reason to be able to hack into the computers I use.

BEFORE you use this comment against him, read the spoiler below:

Spoiler

You cannot use this as a thing against him, he was playing a practical joke, even after I asked him not to, and that's what friends do.

You're saying I won't remove it, and that I'm naughty, and that I broke into your computers with bad intentions. It was a joke. I wouldn't use it for evil. Not trying to be greedy here, but you pretty much completely ruined my reputation. If somebody reads your post, they probably will leave because of how bad of a job you did explaining how I used it. You assumed I was a bad, horrible, heartless person. I won't accept this.

Edited by LoganDark, 04 March 2016 - 08:32 PM.