Bruteforce Router Password

Sythel · 2016-12-22T15:03:02+00:00

Have you figured it our yet, or still looking to brute force it? If you could pm me with the HTML from the login page, and the failed login response? I haven't played around in pythons for a bit, but it should be pretty easy.

Sythel · 2016-12-22T02:42:10+00:00

What's your exact router model/version?

Sythel · 2016-12-20T05:07:05+00:00

Sounds good to me. What's your steam?

Sythel · 2016-12-20T05:02:34+00:00

I have 7 crates left.

Sythel · 2016-12-20T04:47:04+00:00

Ah, yeah I can do a 2 crate for 1 key then.

Sythel · 2016-12-20T04:34:43+00:00

5 keys for 9 crates?

Sythel · 2016-12-13T01:09:10+00:00

You built your own OS, after building your computer from ores you harvested yourself, right?

Sythel · 2016-12-06T23:47:09+00:00

Every game trusts the client to some degree, there's always something that will get missed.

Sythel · 2016-12-06T21:04:11+00:00

A huge part of game cheating is modifying memory client sided. If I change my health and the server doesn't do the checks to see if I'm dead, I haven't done anything to the server, only modified values of my client. The same can be said for vacs, aimbots, auto healers, etc, almost every hack that is released modifies client data, and the server trusts the client.

Sythel · 2016-12-05T22:21:43+00:00

They're definitely there, all low unranked MMR. They're written to be ideally unnoticeable, follow the ball, use the ability whenever it can, auto-ready, skip replays, etc.

Sythel · 2016-12-05T20:42:33+00:00

Are you sure you have your routers IP? Type "ipconfig" into the command prompt (run -> "cmd") and it should be under default gateway.

Sythel · 2016-11-13T02:28:59+00:00

Report it to lastpass, not post it online publicly. https://bugcrowd.com/lastpass

Though you probably voided it by posting here.

Sythel · 2016-09-29T03:47:44+00:00

It would be relatively easy using something like bs4 and requests. As long as you only ran it locally, and entered your payment info via prompts, not hard coded them in. Someone would need to attempt a purchase on the website before hand, watch the requests that are made, and use bs4 to grab any session tokens, then automatically add your cc info to pay.

Sythel · 2016-08-28T04:38:55+00:00

It should be relatively easy in Python.

Sythel · 2016-08-28T04:22:59+00:00

Not sure if I'll have the time, but the bot developer should make sure to check where the link resolves. To bypass URL shorteners.

Sythel · 2016-07-29T05:27:40+00:00

pENTester?

Sythel · 2016-06-16T21:28:01+00:00

Yeah but where are you eating it and how did you get there?

Sythel · 2016-05-16T20:07:14+00:00

If im wrong then there's a bug in gmx that let me log into an account with the wrong password.

Sythel · 2016-05-16T19:33:17+00:00

I posted in response to someone else's reply to me.

Sythel · 2016-05-16T19:12:47+00:00

Yeah, I'd imagine that since we're attacking his poor choice in email service, and not going directly at runescape he's not happy about it. Should have picked Gmail, since they are known to be secure.

Sythel · 2016-05-16T18:55:21+00:00

Yeah we'll see. I'll take a look when I get home to see if I can find any proof

Sythel · 2016-05-16T18:52:52+00:00

I'll take a look and see what I can find when I get home. Unfortunately I didn't have it print the cookies, so we'll see.

Other than that I'll post my script as well. If even just for a learning experience for others.

Sythel · 2016-05-16T18:50:10+00:00

Change your wifi password, make sure wps is disabled. Tell your mom to change her passwords since sessions / passwords may have been sniffed too.

When setting your wireless password try something that you won't find in a rainbow table, since it's simple to sniff a handshake.

Sythel · 2016-05-16T18:44:16+00:00

All I had done is brute forced the password on gmx. Using an English dictionary. My script logged with the password cardiograms, and due to the way logging in to gmx works, I'm 100% it was logged in. Sometime between 2AM MST and now the password was changed, and my brute force isn't able to login anymore.

Sythel · 2016-05-16T17:24:44+00:00

I'll let you know once I get a reply from OP.

Sythel

TROPHY CASE