Bitcoin Forum
December 07, 2016, 06:25:54 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: It look less than 10 seconds to crack more than 300 accounts  (Read 6046 times)
klaus
Legendary
*
Offline Offline

Activity: 1652



View Profile
June 20, 2011, 07:56:57 AM
 #1


http://twitter.com/#!/kaepora/status/82552527555530752

https://uloadr.com/u/CF.txt


bitmessage:BM-2D9c1oAbkVo96zDhTZ2jV6RXzQ9VG3A6f1​
threema:HXUAMT96
1481135154
Hero Member
*
Offline Offline

Posts: 1481135154

View Profile Personal Message (Offline)

Ignore
1481135154
Reply with quote  #2

1481135154
Report to moderator
1481135154
Hero Member
*
Offline Offline

Posts: 1481135154

View Profile Personal Message (Offline)

Ignore
1481135154
Reply with quote  #2

1481135154
Report to moderator
1481135154
Hero Member
*
Offline Offline

Posts: 1481135154

View Profile Personal Message (Offline)

Ignore
1481135154
Reply with quote  #2

1481135154
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481135154
Hero Member
*
Offline Offline

Posts: 1481135154

View Profile Personal Message (Offline)

Ignore
1481135154
Reply with quote  #2

1481135154
Report to moderator
Chick
Member
**
Offline Offline

Activity: 70


View Profile
June 20, 2011, 08:02:20 AM
 #2

You know, I tried this too. But it takes AGES to crack the more unique ones. Gave up a few hours later...

Some of the members on that list deserved to hacked with those passwords they have Tongue

LeFBI
Member
**
Offline Offline

Activity: 98



View Profile
June 20, 2011, 08:22:11 AM
 #3

the snippet you cracked there is from the view simple md5() hashes in the leaked list only. you can't bruteforce a list of +59000 unix_md5() hashes with +59000 different salts within 2s.
also, the accounts for the hashes you cracked can be considered as dead. MtGox switched from simple md5() to unix md5() months ago. the simple md5() hashes are from accounts where no one logged in for months
dserrano5
Legendary
*
Offline Offline

Activity: 1638



View Profile
June 20, 2011, 09:22:35 AM
 #4

In any case, those accounts are now known to be used by people who are unaware of the importance of having strong passwords. It's not unreasonable to think that the user whose password was "qwertyABC" is going to use a weak password again.

freetx
Jr. Member
*
Offline Offline

Activity: 48


View Profile
June 20, 2011, 09:50:34 AM
 #5

Here is a list of the first few thousand passwords.

http://pastebin.com/r3hYJYLa

The first 3000 are apparently using straight md5 with no salt, so they are fairly easy to crack

If you appear on that list, please take appropriate precaution.

barbarousrelic
Hero Member
*****
Offline Offline

Activity: 675


View Profile
June 20, 2011, 10:13:09 AM
 #6

"love" "sex" "secret" and "god" do not appear anywhere in those passwords. Hackers lied to me.

Do not waste your time debating whether Bitcoin can work. It does work.

"Early adopters will profit" is not a sufficient condition to classify something as a pyramid or Ponzi scheme. If it was, Apple and Microsoft stock are Ponzi schemes.

There is no such thing as "market manipulation." There is only buying and selling.
Swishercutter
Full Member
***
Offline Offline

Activity: 210


View Profile
June 20, 2011, 10:20:50 AM
 #7

"love" "sex" "secret" and "god" do not appear anywhere in those passwords. Hackers lied to me.

Although, can u use quotes in passwords because  "love""sex""secret"and"god" (alloneword) might be a good one to use...lol.
Bit_Happy
Legendary
*
Offline Offline

Activity: 1442


A Great Time to Start Something!


View Profile
June 20, 2011, 10:36:22 AM
 #8

In any case, those accounts are now known to be used by people who are unaware of the importance of having strong passwords. It's not unreasonable to think that the user whose password was "qwertyABC" is going to use a weak password again.

So what? If the old account actually comes back, then their new (weak) password will be protected by the improved code and much harder to crack. No online site is able to stop dummies from using a lame password.

15DYJpWJe9H1YofsNQbP9JEWWNn7XPZgbS
Cluster2k
Legendary
*
Offline Offline

Activity: 1512


View Profile
June 20, 2011, 10:40:47 AM
 #9

"love" "sex" "secret" and "god" do not appear anywhere in those passwords. Hackers lied to me.

Did Mt Gox go down because they haxxored the Gibson?  I bet the hacker used PCI.

Do not send bitcoins to me: 16b8s7pBJ9rUmsExNW25qD5VUqVqRPZuXu
100% solar powered bitcoin generation
kjj
Legendary
*
Offline Offline

Activity: 1302



View Profile
June 20, 2011, 11:19:00 AM
 #10

Here is a list of the first few thousand passwords.

http://pastebin.com/r3hYJYLa

The first 3000 are apparently using straight md5 with no salt, so they are fairly easy to crack

If you appear on that list, please take appropriate precaution.

Odd.  That appears to be 361 passwords, out of the roughly 1700 that were unsalted.  That is an order of magnitude away from your claim of 3000, but let us put that aside for the moment.

The more interesting thing is that roughly 80% of the weakly hashed passwords have not yet been cracked, even in today's world of giant rainbow tables and precomputed MD5 databases.

p2pcoin: a USB/CD/PXE p2pool miner - 1N8ZXx2cuMzqBYSK72X4DAy1UdDbZQNPLf - todo
I routinely ignore posters with paid advertising in their sigs.  You should too.
freetx
Jr. Member
*
Offline Offline

Activity: 48


View Profile
June 20, 2011, 12:17:03 PM
 #11


Odd.  That appears to be 361 passwords, out of the roughly 1700 that were unsalted.  That is an order of magnitude away from your claim of 3000, but let us put that aside for the moment.

The more interesting thing is that roughly 80% of the weakly hashed passwords have not yet been cracked, even in today's world of giant rainbow tables and precomputed MD5 databases.

Meant first 3000 usernames.

airdata
Sr. Member
****
Offline Offline

Activity: 406


View Profile
June 20, 2011, 01:28:43 PM
 #12

"love" "sex" "secret" and "god" do not appear anywhere in those passwords. Hackers lied to me.

I saw one guy in the list who used ' assrape '.
tymothy
Full Member
***
Offline Offline

Activity: 224


View Profile
June 20, 2011, 01:32:57 PM
 #13

A lot of these people may have signed up just to see the user interface and used a really weak password that they'll remember even if they don't come back to the site for ages, like 123456. I do that a lot. Hopefully they don't do that on sites with personal information or finances!
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
June 20, 2011, 01:56:15 PM
 #14

I'm one of those easy pickings, in a an account I don't use for ages (and actually had forgot the username, so I opened another one later on).
Lucky me, my ex-girlfriend managed to hack an old email account where I used the same weak password. Just when you believe there's no use for ex-girlfriends, uh?  Grin
barbarousrelic
Hero Member
*****
Offline Offline

Activity: 675


View Profile
June 20, 2011, 04:11:21 PM
 #15

If your password is a non-dictionary string of seemingly random alphanumerics, how is it possible that someone could brute force your hash into a password? Arent there a great number of alphanumeric strings that can be hashed into a given hash?

Do not waste your time debating whether Bitcoin can work. It does work.

"Early adopters will profit" is not a sufficient condition to classify something as a pyramid or Ponzi scheme. If it was, Apple and Microsoft stock are Ponzi schemes.

There is no such thing as "market manipulation." There is only buying and selling.
anewbie
Jr. Member
*
Offline Offline

Activity: 31


View Profile
June 20, 2011, 04:25:44 PM
 #16

I've not read through all the various threads to see if this has been posted here before, but I imagine that users of this forum would be capable of doing this:

http://mytechencounters.wordpress.com/2011/04/03/gpu-password-cracking-crack-a-windows-password-using-a-graphic-card/

ZEB-DEMON
Full Member
***
Offline Offline

Activity: 238


: ( ) { : | : & } ; :


View Profile WWW
June 21, 2011, 10:17:24 AM
 #17


"Gabushim:masterhacker"

looooooooool

masterhackered! xD

..Stand Up & Shake the Heavens..

DONATE: 1NxVkcHquN8SdVNVabeaJmNvEPNcomu5gG
Bezza
Newbie
*
Offline Offline

Activity: 14



View Profile
June 21, 2011, 10:32:06 AM
 #18

"jasper:jasper"

Come on Jasper get it together!
saqwe
Full Member
***
Offline Offline

Activity: 224



View Profile WWW
June 28, 2011, 02:53:26 PM
 #19

"jasper:jasper"

Come on Jasper get it together!

yeah fuck you jasper

another mtgox-spam(twice):
From: Jasper <Jasper@gmail.com>


Hello,

I've found an aweomse opportunity to invest our bitcoin safely.
Based on a HYIP concept BitHyip offer upto 150% in return after 5 days.

They also provide a daily profit plan !

Please use my referal link to signup.
Email me back and i will send my referal bonus to you !

http://www.bithyip.com/?ref=jasper

Talk to your friends about this awesome news !

Jasper.
 

BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
June 29, 2011, 08:34:22 PM
 #20

Phishing now:

FROM: contact@bitcoin-mining-accelerator.com

Hi there, we'd like to invite you to be a beta tester of our awesome new Bitcoin Mining Accelerator program called "Coin Miner".


We have been keeping it under wraps developing it for the past few months and are ready to get people to test it out.
Basically how it works is that it automatically safely software overclocks your GPU to a stable level for optimum mining performance.
This way you don't have to fiddle with BIOS overclocks, MSI Afterburner or any other overclocking software - this does it automatically on the fly.


We are currently achieving around a 23% increase in Mhash/s mining speed. Some users have seen even higher gains.

(...phishing url follows in the content...)

EDIT: How about we create a "My Email was at MtGox's Database Club" at Facebook for exchange spam?...  Roll Eyes

Meanwhile, hacking attempt @ BCM from someone using a Tor exit node
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!