Jump to content

The 5 times login page wont work

dmg_killa

By dmg_killa
in General Discussion

 Share

Recommended Posts

dmg_killa

dmg_killa

Posted
Posted

I know this because I used to be a hacker myself :^o . I know how they work... They use these things called proxys that bypass MOST security measures. Quite often they use common passwords such as:

 

 

 

qwerty

 

sonyrocks

 

123456

 

monkey

 

google

 

 

 

etc..

 

 

 

The only solution is having a really freaky password.

 

 

 

My old runescape password:

 

Q42DFV43WS

 

 

 

You won't find that on a brute-forcer/password-cracker.

 

 

 

Note: Please don't use that. Any hackers now will add that to there password list. :-$

 

 

 

P.S. About me being a hacker? My Christianity got the better of me. I returned all the stuff and once the people I hacked logged on; I asked for their forgiveness. I was forgiven by all. :anxious:

 

 

 

Yours, Dmg Killa \'

 

 

 

First post gets a cookie ^^

Link to comment
Share on other sites
Makoto_the_Phoenix

Makoto_the_Phoenix

Posted
Posted

...Do you remember that you can't connect to RuneScape via a proxy server? It won't even let you get to the Java login page. Of course, this was 3 years ago and I can't find any of my old proxies from back then to work, so I'll have to reconfirm it later.

 

 

 

By the way, a bruteforce will figure out Q42DFV43WS before too long. It'll just be more complex than "cabbage".

Linux User/Enthusiast Full-Stack Software Engineer | Stack Overflow Member | GIMP User
s1L0U.jpg
...Alright, the Elf City update lured me back to RS over a year ago.

Link to comment
Share on other sites
rareghoul1

rareghoul1

Posted
Posted
...Do you remember that you can't connect to RuneScape via a proxy server? It won't even let you get to the Java login page. Of course, this was 3 years ago and I can't find any of my old proxies from back then to work, so I'll have to reconfirm it later.

 

 

 

By the way, a bruteforce will figure out Q42DFV43WS before too long. It'll just be more complex than "cabbage".

 

 

 

pretty much. hackers can get programs that can easily type in any combination of letters with a 20 letter limit within 30 minutes, if your computer sucks. most hackers update their computers every 6 months, when new computer technology makes 6 month old computers obsolete, so they'll probably crack it in 10 minutes. of course, with the new security update programs that only type in passwords and don't crack them will be obsolete, seeing as how the limit is 5 typing ins i think.

rare%20ghoul2.gif

rare%20ghoul2.gif

Link to comment
Share on other sites
mchainmail

mchainmail

Posted
Posted

Out of curiosity, if these things worked, why hasn't anyone hacked say... Zezima's or duke freedom's account (before duke was banned)

 

 

 

I'm sure they have longer/more difficult passwords, but if the reward was a lot more, wouldn't it be worth the time?

nh.jpg
Link to comment
Share on other sites
nomadmike

nomadmike

Posted
Posted
Out of curiosity, if these things worked, why hasn't anyone hacked say... Zezima's or duke freedom's account (before duke was banned)

 

 

 

I'm sure they have longer/more difficult passwords, but if the reward was a lot more, wouldn't it be worth the time?

 

 

 

Maybe Zezima is special and gets a longer password ::'

 

Just Kidding

 

 

 

 

 

But on topic again: I just dont think any hacker exists :-s If they did why go for small fries like those level 40's :-s

Link to comment
Share on other sites
biggy08755

biggy08755

Posted
Posted
Out of curiosity, if these things worked, why hasn't anyone hacked say... Zezima's or duke freedom's account (before duke was banned)

 

 

 

I'm sure they have longer/more difficult passwords, but if the reward was a lot more, wouldn't it be worth the time?

 

 

 

Maybe Zezima is special and gets a longer password ::'

 

Just Kidding

 

 

 

 

 

But on topic again: I just dont think any hacker exists :-s If they did why go for small fries like those level 40's :-s

 

 

 

Because most just grab usernames off the high scores

well today at 11:30 am 14 years ago i was born.. wo0t!!!
At 11:30 you should start holding your head underwater wo0t!!!
Stop acting such a moron.
Link to comment
Share on other sites
zeldaot

zeldaot

Posted
Posted

They haven't been hacked because they aren't stupid/careless/arrogant enough to get KEYLOGGED. Using brute force or planting a backdoor/trojan/keylogger is not hacking.

 

 

 

If i were you, I would also not play Runescape through a public proxy. Most proxies are unecrypted meaning all data sent to and from your PC to the server is available for anyone to read including your login and password.

 

 

 

Just my 2c

Zelda_ot.png
Link to comment
Share on other sites
Fredz

Fredz

Posted
Posted
So if i'm getting this right, anyone could be hacked, even if they have no viruses on their computer? :shock:

 

 

 

No.

 

 

 

This guy has no idea what he is talking about. He is talking a lot of bullcrap and this topic should be locked asap due to no discussion value.

 

 

 

You cant do a brute force at the rs servers externally. If you try do that you get automatically kicked from the server asap. Also, if you cross attack with multiple proxys it would be so slow it would take you decades just to solve a simple "monkey2" password.

 

 

 

 

 

As a side note, obtaining information through a keylogger or just randomly type passwords into the login screen can hardly be called hacking. In fact, it has nothing to do with it.

fredzsodbtt6.jpg

21 lag piles, 4 Pjs, 2 Party hat kills, 67 newbs teached.

Link to comment
Share on other sites
darkblade986

darkblade986

Posted
Posted

I believe I did math on this a while ago, and this would further support the fact that you can't use a program to brute force from an external server.

 

 

 

When you submit a password to be checked, it must be sent to the server, accepted or declined, and sent back to you with the result. For Runescape, this takes approximately 5 seconds. Now then, using the true math behind this, cracking a single-letter password would then take 180 seconds (using a possible 36 characters ranging from A-Z and 0-9). For each further attempt, the possible character combinations is multiplied by 36 (so 2 letters would take 1296 attempts [108 minutes / 1 hour, 48 minutes], 3 would be 46'656 [3'888 minutes / 64 hours, 48 minutes], etc). Now this is the possible combinations for passwords of that amount only. For it to pass through all 3 of those ones I exampled, it would be the sum of those.

 

 

 

Given just these first 3 numbers... tell me how plausible it is to brute force a program...

f475e02ecc.png

don't worry, you are going to "hell" anyway. wanna race to see who gets there first?

Officially reached 100 Combat at 1:33PM EST, June 14, 2007

First Dragon Drop: Dragon Chain (Dust Devils) @ 10:48PM EST, July 14, 2008, lv113 combat

Link to comment
Share on other sites
Makoto_the_Phoenix

Makoto_the_Phoenix

Posted
Posted
They haven't been hacked because they aren't stupid/careless/arrogant enough to get KEYLOGGED. Using brute force or planting a backdoor/trojan/keylogger is not hacking.

 

 

 

If i were you, I would also not play Runescape through a public proxy. Most proxies are unecrypted meaning all data sent to and from your PC to the server is available for anyone to read including your login and password.

 

 

 

Just my 2c

 

 

 

So, it is quite apparent to me that you know absolutely nothing of hacking. Bruteforcing would be considered a form of hacking (ever hear of bruteforce hacking?). Planting a keylogger in the form of a Trojan would also be hacking.

 

 

 

By the way, you CAN'T play RuneScape through a proxy. I wonder if anyone's ever actually tried to do it besides me? (Boredom, school + firewall = desperate attempts to entertain oneself.)

 

 

 

And just in case you didn't know, all the data sent between you and the website before you hit the Java client is unencrypted, too. It's not like runescape.com itself is an HTTPS website. Connect through https://www.runescape.com and you'll get a 404 error, too.

 

 

 

EDIT:

 

So if i'm getting this right, anyone could be hacked, even if they have no viruses on their computer? :shock:

 

 

 

No.

 

 

 

This guy has no idea what he is talking about. He is talking a lot of bullcrap and this topic should be locked asap due to no discussion value.

 

 

 

You cant do a brute force at the rs servers externally. If you try do that you get automatically kicked from the server asap. Also, if you cross attack with multiple proxys it would be so slow it would take you decades just to solve a simple "monkey2" password.

 

 

 

 

 

As a side note, obtaining information through a keylogger or just randomly type passwords into the login screen can hardly be called hacking. In fact, it has nothing to do with it.

 

 

 

Finally, someone that has at least some sense on the matter. However, what you described in your last statement would be called a "dictionary attack", and yes that is a form of hacking.

Linux User/Enthusiast Full-Stack Software Engineer | Stack Overflow Member | GIMP User
s1L0U.jpg
...Alright, the Elf City update lured me back to RS over a year ago.

Link to comment
Share on other sites
truffoo

truffoo

Posted
Posted

Surely surely surely Jagex log failed attempts to login, and surely surely surely they would IP block brute force password attacks. It's a sensible and logical thing to do, even for only 30 minutes as it would be a sufficient deterrent. The guys at Jagex aren't stupid, so I'd suggest they have good protection against this.

 

 

 

If you are going to put that much effort into hacking a site, there are much better candidates than a game site! Plus, you're more likely going to succeed with distributing a keylogger, or trying a SQL insertion attack to pull username and password information out of their database (betca it wouldn't work as well).

 

 

 

Untimately, if you get hacked, it's because you did something, not because there is some issue with the "RuneScape system".

WARNING: Prone to ramble ... but you probably already know that!

truffoo.png

1% F2P : 99% RL

Link to comment
Share on other sites
zeldaot

zeldaot

Posted
Posted

 

 

 

So, it is quite apparent to me that you know absolutely nothing of hacking. Bruteforcing would be considered a form of hacking (ever hear of bruteforce hacking?). Planting a keylogger in the form of a Trojan would also be hacking.

 

 

 

By the way, you CAN'T play RuneScape through a proxy. I wonder if anyone's ever actually tried to do it besides me? (Boredom, school + firewall = desperate attempts to entertain oneself.)

 

 

 

And just in case you didn't know, all the data sent between you and the website before you hit the Java client is unencrypted, too. It's not like runescape.com itself is an HTTPS website. Connect through https://www.runescape.com and you'll get a 404 error, too.

 

 

 

 

I know enough to be employed as a systems administrator. If you believe bruteforce cracking and masquerading destructive programs as legitimate forms of hacking then you've got a very dim view on it.

 

 

 

FYI you can't play RS on your schools proxy because port 443 used by SSL is not allowed not because you CAN'T. One of the reasons why it is commonly setup this way is so they (the admins) can monitor everything you are doing on school property since it is possible to record every information to and from the server without the need to decrypt.

 

 

 

Yes the main runescape website is not encrypted, however the RS client has 128-bit encryption, if you know anything about authentication, you would know that using a proxy as a middle-man can potentially allow someone (by comparing hash) to crack your password in a matter of hours rather than days (all while offline!) bypassing the lockout imposed by Jagex. Any smart hacker is not going to wait 5 seconds on each attempt, esp when modern PCs can do 10 million comparisions/second.

 

 

 

EDIT.

 

The lockout is enough to deter most people who claim to do "hacking" from trying to find someones password using trivial methods such as brute force, dictionary cracking or just plain guessing.

Zelda_ot.png
Link to comment
Share on other sites
Makoto_the_Phoenix

Makoto_the_Phoenix

Posted
Posted
...FYI you can't play RS on your schools proxy because port 443 used by SSL is not allowed not because you CAN'T. One of the reasons why it is commonly setup this way is so they (the admins) can monitor everything you are doing on school property since it is possible to record every information to and from the server without the need to decrypt.

 

 

 

Yes the main runescape website is not encrypted, however the RS client has 128-bit encryption, if you know anything about authentication, you would know that using a proxy as a middle-man can potentially allow someone (by comparing hash) to crack your password in a matter of hours rather than days (all while offline!) bypassing the lockout imposed by Jagex. Any smart hacker is not going to wait 5 seconds on each attempt, esp when modern PCs can do 10 million comparisions/second.

 

 

 

EDIT.

 

The lockout is enough to deter most people who claim to do "hacking" from trying to find someones password using trivial methods such as brute force, dictionary cracking or just plain guessing.

 

 

 

I guess it was a bit presumptuous of me to assume you knew nothing since you consider bruteforcing and dictionary attacks to be primitive. For that I apologize. However, not to get off track, I'd like to know what you consider to be a real hack/crack, through Private Message.

 

 

 

I'm already a sophomore in College. I only messed around with proxies/circumvention some 3 years ago. Having SSL enabled/disabled didn't really make much of a difference to the servers, as far as I knew, since we never used SSL to connect to RuneScape. In general, we used proxies and a circumvention tool (that port was eventually blocked). I don't recall it ever allowing us to connect to RuneScape through the circumventor, though.

 

 

 

I also am quite aware about 128-bit encryption. It's generally a very bad idea to play RuneScape through one since it could be easily taken apart (server does stand in the middle/holds both public and private PGP keys). In effect, using a proxy to play RS would be even less secure than becoming infected.

 

 

 

On topic (a bit more): Proxies do pass 90% of standard security measures. I don't think, however, that Jagex is just 'standard'.

Linux User/Enthusiast Full-Stack Software Engineer | Stack Overflow Member | GIMP User
s1L0U.jpg
...Alright, the Elf City update lured me back to RS over a year ago.

Link to comment
Share on other sites
deciever2

deciever2

Posted
Posted

I guess that's a good thing, I know how password hacking is done but i prefer to use my knowledge for good not evil O:) .

deciever2.gif

Dragon Drops: D spear x 2, D skirt, D half-shield, D axe, D 2h

Barrows Rewards: Ahrims hood, Karil's Coif, half key x 6, D med, torags legs, veracs flail

Link to comment
Share on other sites
mcneilp

mcneilp

Posted
Posted

+1 for the technical lingo

 

-100 for confusing the hell out of most of the forums <.<

It isn't in the castle, It isn't in the mist, It's a calling of the waters, As they break to show, The new Black Death, With reactors aglow, Do you think your security, Can keep you in purity, You will not shake us off above or below

Scottish friction

Scottish fiction

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept