Brute Force Hacking: Does It Exist?

[nvw08]

I guess I'm the first one to state that the applet won't let you log-in for 60 seconds after 7 invalid attempts. :lol:

 

 

 

Although if you were to attempt a brute force attack, you wouldn't use the applet, rather write a script which mimics the HTTP request that the applet sends to the server.

 

 

 

Hmmmmmm... Am I the only one that's noticing how much dwarfie knows about brute force hacking :P. But if what you say is true, then I guess it's possible :cry:

[dwarfie76]

I guess I'm the first one to state that the applet won't let you log-in for 60 seconds after 7 invalid attempts. :lol:

 

 

 

Although if you were to attempt a brute force attack, you wouldn't use the applet, rather write a script which mimics the HTTP request that the applet sends to the server.

 

 

 

Hmmmmmm... Am I the only one that's noticing how much dwarfie knows about brute force hacking :P. But if what you say is true, then I guess it's possible :cry:

 

 

 

Fear not, my knowledge is purely academic. Mandatory IT security units as part of my degree. Gotta know how to do it if I'm gonna know how to stop others from doing it to my applications :)

[nvw08]

I guess I'm the first one to state that the applet won't let you log-in for 60 seconds after 7 invalid attempts. :lol:

 

 

 

Although if you were to attempt a brute force attack, you wouldn't use the applet, rather write a script which mimics the HTTP request that the applet sends to the server.

 

 

 

Hmmmmmm... Am I the only one that's noticing how much dwarfie knows about brute force hacking :P. But if what you say is true, then I guess it's possible :cry:

 

 

 

Fear not, my knowledge is purely academic. Mandatory IT security units as part of my degree. Gotta know how to do it if I'm gonna know how to stop others from doing it to my applications :)

 

 

 

Just making sure, I want to know that my full iron and bronze scimmy is safe in my bank :wink:

[lankyman1]

i started playing this game in 2001 when it first came out, on and off but i don't see why you would believe someone cause of that. So has he/she played longer than me ?

 

 

 

I still think it is possible but i can't prove it and i don't want to waste my time doing so to a stooge like yourself.

[vercetti_69]

If people can hack jagex and unban their acc than I don't see why they couldn't.

[Duke_Freedom]

Fear not, my knowledge is purely academic. Mandatory IT security units as part of my degree. Gotta know how to do it if I'm gonna know how to stop others from doing it to my applications :)

 

 

 

If the 'denying client login/ip after 7 wrong attempts' is not written client side (which would be stupid if it was) then your not gonna be able to circumvent that though ;).

[Mordendravid]

It wouldn't happen on Jagex's side.. Jagex is a multi million buisness whhich could be shut down in an instant if they allowed someone to get hacked.

 

 

 

The data protection act states that all infomation stored about someone must be kept safe under penalty of law, and if someone were to hack their servers this makes this infomation no longer safe.. the company would be either fined millions (thus probable putting them outta business) or shut down completly.

 

 

 

You don't think that say NASA or the CIA are subject to more stringent security than our Data Protection laws? Both of these (along with a string of other high-profile sites) have been hacked. However my point remains that if someone has the necessary skills to get by Jagex's security measures I'm sure they'd be more interested in a more prolific target.

 

 

 

Whilst phats are widely respected in the RS community I doubt the same is true amongst the hacking fraternity :wink:

[lankyman1]

does anyone remember when jagex was hacked and the hacker changed all their stats to 99? It was way back in rsc and he got banned a couple hours after it happened.

[0ri]

does anyone remember when jagex was hacked and the hacker changed all their stats to 99? It was way back in rsc and he got banned a couple hours after it happened.

 

 

 

Dont remember that - I remember when tip it forum database got hacked and they found out loads of peoples rs passwords - well those with the same forum and rs password

[majinkamahl]

2 * 26 (alphabet capital + lower case) + 10 (0..9) = 62 characters

 

 

 

Let's say a password of 8 characters..

 

 

 

62^8 ~ 2 * 10^14

 

 

 

Let's say one trial takes 1 second :lol:.

 

 

 

2*10^14 / (3600 * 24 * 365) = 1.6 million years on average.

 

 

 

Nope, noone is getting brute force hacked in this game.

 

 

 

 

 

 

 

 

And that math only assumes that no one uses numbers in their password and that they do not use more than 8 characters, let alone change their password at all.

 

 

 

That math also negates someone using a PIN and uses all possible recovery questions.

 

 

 

You want Zezim'as account? Then prepare yourself for what is it? 3 million years of code cracking, also assuming that there is actually some purpose behind doing it. With Jagex being as partial as they are, there is no way they would let their star player get hacked so easy.

[glasscube]

However duke, if the person was actually serious about hacking someone, they could just send a virus to there friend. All the virus would need is something simple, so it could pass onto their friends. Have the brute forcing 'bot' login onto a IRC server and have all the bots communicate with eachother. After you have 50 or so bots, stop the virus by telling all the bots to stop passing it using a function you gave it.

 

 

 

Now say if you have 50 bots, all sharing the information they know... Now most people must atleast have a 4mb/s connection, so we can safely assume that they would not notice 30kb/s maxium. And dwarfie already said how to bypass the applet blocking you to only try 7 times.

 

 

 

Knowing this, brute forcing would be possible but unlikely.

[maximus]

From my extended knowlage in this field, most brute force programs dont actully use alph-generators

 

 

 

eg: a, aa, aaa, baa, aba, aab, caa, ect.

 

 

 

they use password lists.

 

1

 

12

 

1999

 

1998

 

frog

 

fruit

 

kitty

 

money

 

password

 

pa$$word

 

ect.

 

 

 

 

 

and most trials on these programs are within the hundreth of seconds. (i'll write a script if anyone doughts me)

 

 

 

Some are complex enough to actully try passwords beyond the little submission box by flooding the server with packets (bits of information) testing its limits.

[gigapowers1]

I think the only way to hacked is someone who you have give the password to or share accounts or whatever. I think dont ever share account to online friends unless you know them in real life, your never know what will happen even if it is your gf online. Well i do entrust them to trade for me to another account, but sharing account is also one of runescape rules, and the most painful to you. This only the way to get hacked by someone. Rumors about power hacking is false. So rest as sure just dont share account as in rule# 6, and your account will be safe. :)

[Duke_Freedom]

Sorry, but I'm locking this. It's a bit too much near the edge of what we can allow to be discussed on tip.it in my opinion.