Was CrakRevenue Hacked?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Penny24Seven
    So Fucking What
    • Jun 2007
    • 6287

    #51
    Fiddy people who were not hacked but some thought they were so a thread was made and the votes were cast and the winner is....... YOU
    Our site is coming soon. It will be one of the best ever! I know so. Brian and Penny

    Comment

    • ladida
      Confirmed User
      • Nov 2005
      • 2179

      #52
      Well we found out they have a good hash decryption+ salt solution, which many companies would buy
      agentGFY *at* gmail.com

      Comment

      • Google Expert
        Webmaster
        • Jun 2004
        • 14294

        #53
        Originally posted by Brian837
        So were they hacked? Still not sure

        Comment

        • CurrentlySober
          Too lazy to wipe my ass
          • Aug 2002
          • 38946

          #54
          what is salt?


          👁️ 👍️ 💩

          Comment

          • ladida
            Confirmed User
            • Nov 2005
            • 2179

            #55
            Bumparooni for crack.
            agentGFY *at* gmail.com

            Comment

            • ladida
              Confirmed User
              • Nov 2005
              • 2179

              #56
              2 fiddy for hash decryption + salt solution!

              going once.
              agentGFY *at* gmail.com

              Comment

              • #23
                So Fucking Banned
                • Jan 2016
                • 555

                #57
                nobody got hacked

                Comment

                • ladida
                  Confirmed User
                  • Nov 2005
                  • 2179

                  #58
                  We don't know that.

                  But we do know there is an epic groundbreaking solution for hash decryption + salt!!!
                  agentGFY *at* gmail.com

                  Comment

                  • RandazzoXXX
                    Confirmed User
                    • Mar 2008
                    • 142

                    #59
                    So basically what we discovered is that if you're using crakrevenue your passwords are stored in plain text? Copy.

                    Comment

                    • ladida
                      Confirmed User
                      • Nov 2005
                      • 2179

                      #60
                      This went on the ignore list quick by crak
                      agentGFY *at* gmail.com

                      Comment

                      • ladida
                        Confirmed User
                        • Nov 2005
                        • 2179

                        #61
                        Another bump for perfect "hash decryption + salt" solution!
                        agentGFY *at* gmail.com

                        Comment

                        • ladida
                          Confirmed User
                          • Nov 2005
                          • 2179

                          #62
                          Busy for a bump, not busy for a great solution!
                          agentGFY *at* gmail.com

                          Comment

                          • ladida
                            Confirmed User
                            • Nov 2005
                            • 2179

                            #63
                            Hi + salt here
                            agentGFY *at* gmail.com

                            Comment

                            • ladida
                              Confirmed User
                              • Nov 2005
                              • 2179

                              #64
                              Another day, another great solution
                              agentGFY *at* gmail.com

                              Comment

                              • rowan
                                Too lazy to set a custom title
                                • Mar 2002
                                • 17393

                                #65
                                Reminds me a little of my bank.

                                Password length must be 6 characters exactly, letters and numbers only.

                                A few years ago they changed from a standard web field to an "onscreen keyboard" that you have to click to enter the password. It only lets you enter upper case, but there were no problems with logging me in, even though my password (previously entered with the keyboard) was mixed case. If they were using hashes, there's no way that the uppercase version I entered would match the stored mixed case password. Wouldn't be unreasonable to guess they could be storing the pass in plain text format. Then again, maybe they have some o' dat special decryption algorithm + salt

                                Comment

                                • CPA-Rush
                                  small trip to underworld
                                  • Mar 2012
                                  • 4927

                                  #66
                                  Originally posted by Muad'Dib

                                  automatic exchange - paxum , bitcoin,pm, payza

                                  . daizzzy signbucks caution will black-hat black-hat your traffic

                                  ignored forever :zuzana designs

                                  Comment

                                  • dynastoned
                                    mmm yeah!
                                    • Feb 2005
                                    • 5061

                                    #67
                                    i don't know why they have limitations on password length anyway

                                    Comment

                                    • rowan
                                      Too lazy to set a custom title
                                      • Mar 2002
                                      • 17393

                                      #68
                                      Originally posted by dynastoned
                                      could they have written something up for when people login it counts the characters of the password before it's encrypted/decrypted or however the login process works and once login page has finished it carries the true or false of $pw > 16 character information to your account. then if it's true that you have a password that is greater than 16 chars it sends the OP's email to your email addy they have for u in the db? or would that somehow compromise your password?

                                      im not sure how a login page works exactly so i don't know but it seems possible.
                                      Yes, this is possible, because even if the system uses hashes internally, you submit the password to the login page in cleartext. So it would certainly be possible for a program to do a once-off check and notify if it sees the password is too long.

                                      Question is WHY is there the limit in the first place for crak? Password prompts can be made fixed size on a page - they'll just scroll sideways - and there's no real performance difference between sending 5 characters or 500 characters. So why are passwords limited to this length? Even if crak are encrypting them (special decryption algorithm + salt) that means they can be decrypted. Why would a program ever need to access your cleartext password?

                                      Comment

                                      • klinton
                                        So Fucking Banned
                                        • Apr 2003
                                        • 8766

                                        #69

                                        Originally posted by Brian837
                                        So were they hacked? Still not sure

                                        Comment

                                        • klinton
                                          So Fucking Banned
                                          • Apr 2003
                                          • 8766

                                          #70

                                          Originally posted by ladida
                                          Another bump for perfect "hash decryption + salt" solution!

                                          Comment

                                          • dynastoned
                                            mmm yeah!
                                            • Feb 2005
                                            • 5061

                                            #71
                                            Originally posted by rowan
                                            Yes, this is possible, because even if the system uses hashes internally, you submit the password to the login page in cleartext. So it would certainly be possible for a program to do a once-off check and notify if it sees the password is too long.

                                            Question is WHY is there the limit in the first place for crak? Password prompts can be made fixed size on a page - they'll just scroll sideways - and there's no real performance difference between sending 5 characters or 500 characters. So why are passwords limited to this length? Even if crak are encrypting them (special decryption algorithm + salt) that means they can be decrypted. Why would a program ever need to access your cleartext password?
                                            lol good thing u caught my post i tried to add to the post n somehow edited it out. doing too many things at once.

                                            but yeah things that make you go hmm...

                                            Comment

                                            • ladida
                                              Confirmed User
                                              • Nov 2005
                                              • 2179

                                              #72
                                              Originally posted by rowan
                                              Reminds me a little of my bank.

                                              Password length must be 6 characters exactly, letters and numbers only.

                                              A few years ago they changed from a standard web field to an "onscreen keyboard" that you have to click to enter the password. It only lets you enter upper case, but there were no problems with logging me in, even though my password (previously entered with the keyboard) was mixed case. If they were using hashes, there's no way that the uppercase version I entered would match the stored mixed case password. Wouldn't be unreasonable to guess they could be storing the pass in plain text format. Then again, maybe they have some o' dat special decryption algorithm + salt
                                              No. They just stored it without case. Banks have specific limitations, and yours were letters and numbers only, so they "threw" your pass through something of an regex that would check if the pass had any of those and either block it (if it had special chars) or lowercase/uppercase all letters that were initially input. Thats why not it doesnt matter what u enter.
                                              agentGFY *at* gmail.com

                                              Comment

                                              Working...