What is the status of Hacking? from site
What is the status of Hacking? from site
Hey guys i need to know if they have fixed hacking, you the the 2nd way , for those people with email verification. GOd damit i lsot so much shit till now. ANyone know?
<<banned from SRF for bot admission. -SG>>
-
TheSyndicate
- Hi, I'm New Here
- Posts: 5
- Joined: Sun Dec 02, 2007 9:35 am
-
TheSyndicate
- Hi, I'm New Here
- Posts: 5
- Joined: Sun Dec 02, 2007 9:35 am
Sethzor wrote:thats when u have noobish IDs....
a typical dumb piece of shit reply lol
look at this pretty page
and inject some nice hacking stuff right thurrr leediez, and people can crack some accounts rofl... all u retards should acknowledge that joymax sux donkeydick
oh that reminds btw, before they "patched" the initial exploit, they could hack your secret answer too... did i mention that? so even when u think that your account is safe because you verified it with an email adress that you own and only you have access too... then think again
-edit-
oh i forgot too mention that at a moment in time joymax neglected the security of their forum database which left a wide open door for those wanting to obtain the ID's of certain members. so while you say that some people got "noobish" id's, at that time people could take a peek at the forum database and crack the ID that goes along with it. i wouldnt be surprised if there were some people that still have that long list on their harddrives :O
<<banned from SRF for bot support. -SG>>
Going through all possible IDs would be simple if someone wrote program to do automatically all the steps needed in hacking. It would take less than a day to go through all possible IDs written with only alphabetic letters (no numbers) when ID length is up to 9 letters. Having numbers in ID increases this time of course but that would probably lengthen the time up to week or so. Or they could just add more computers to speed up things. I don't think that anyones ID is safe until JM fixes all the exploits on their site.TheSyndicate wrote:as long as nobody has your ID your fine but like everyone is saying making your ID easy to figure out or something completely random will make all the difference.
For those interested how long time it would take to go through different combinations see Password recovery speeds page. Since sro hack doesn't need your password, just the ID, times from that pages can be applied to ID. On that page the Class E rows are the ones that you need to look. You'll be pretty safe if you have ID length 12 or more letters.
-
aazumak
- Active Member
- Posts: 918
- Joined: Sat Jun 09, 2007 12:56 pm
- Quick Reply: Yes
- Location: Artist Corner
- Contact:
if they know ur email, and ur account id, ur screwed
http://img218.imageshack.us/img218/8701/hackingcn2.jpg
ive been trying to get my character back but he changed the email >.<
so if you have ur email and id posted on a forum somewhere, i suggest you change it >.<
but yes, i believe there are a bunch of people that have every user name for sro... what they decide to do with it, no one knows
http://img218.imageshack.us/img218/8701/hackingcn2.jpg
ive been trying to get my character back but he changed the email >.<
so if you have ur email and id posted on a forum somewhere, i suggest you change it >.<
but yes, i believe there are a bunch of people that have every user name for sro... what they decide to do with it, no one knows
_____________________!!!!!!Rogue 7X !!!!!!
mKaaru wrote:Sethzor wrote:thats when u have noobish IDs....
a typical dumb piece of shit reply lol
look at this pretty page
and inject some nice hacking stuff right thurrr leediez, and people can crack some accounts rofl... all u retards should acknowledge that joymax sux donkeydick
oh that reminds btw, before they "patched" the initial exploit, they could hack your secret answer too... did i mention that? so even when u think that your account is safe because you verified it with an email adress that you own and only you have access too... then think again
-edit-
oh i forgot too mention that at a moment in time joymax neglected the security of their forum database which left a wide open door for those wanting to obtain the ID's of certain members. so while you say that some people got "noobish" id's, at that time people could take a peek at the forum database and crack the ID that goes along with it. i wouldnt be surprised if there were some people that still have that long list on their harddrives :O
lol they can still hack? dayum
Maddening
-
nimezhenhao
- Common Member
- Posts: 135
- Joined: Thu Nov 15, 2007 5:54 am
Barotix wrote:mKaaru wrote:Sethzor wrote:thats when u have noobish IDs....
a typical dumb piece of shit reply lol
look at this pretty page
and inject some nice hacking stuff right thurrr leediez, and people can crack some accounts rofl... all u retards should acknowledge that joymax sux donkeydick
oh that reminds btw, before they "patched" the initial exploit, they could hack your secret answer too... did i mention that? so even when u think that your account is safe because you verified it with an email adress that you own and only you have access too... then think again
-edit-
oh i forgot too mention that at a moment in time joymax neglected the security of their forum database which left a wide open door for those wanting to obtain the ID's of certain members. so while you say that some people got "noobish" id's, at that time people could take a peek at the forum database and crack the ID that goes along with it. i wouldnt be surprised if there were some people that still have that long list on their harddrives :O
lol they can still hack? dayum
No. not possible, everytime you recover a password for a char, the joymax server creates a EmailCertKey for each account, if that EmailCertKey doesnt match to the ID, you will fail and get the page not found error. The key thats getting generated is everytime random, there is no way to find a way to generate Randomness.They do prolly something like ~ rand(0, 100000) in java, so there is no way to generate a radnom key, means if you dont have the correct EmailCertKey for a account ID, then its impossible to change password. This method does NOT work anymore, there is NO way atm to get hacked by joymax.com , atleast not by this method :p
@aazumak
before you post shit, you should read your shit. That doesn't work, after you type the victims id/email, and type your own SA of the previous char, it will change the password for your own char, not the victim ones.