Follow us on Twitter!
You cannot teach a man anything; you can only help him find it within himself. - Galileo
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 19
Guests Online: 16
Members Online: 3

Registered Members: 82893
Newest Member: mor-amit
Latest Articles
View Thread

HellBound Hackers | Computer General | Cryptography

Author

new hashcracking idea


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-07-09 00:05
During the creation of a hash cracker i came up with an alternative solution, i am not sure if this was a good idea but i want to know your ideas about it.

Me, having about 1gbit web space was thinking about the way how to store a hash, now i came up with the idea letting google everlasting index my site. People searching for a specific hash on google would come to the right place and can simply read out their hash.

What do you guys think about this, could this be a good alternative to password cracking or is there a gap in this fairytale.

I am concerned about the amount of bandwidth this might burn.

here it is: https://root.cd/hashcracker/hash.php

by the way, this is NOT an invitation to hack the site because it is in a redesign phase, please leave my site alone, later on i will let you guys re pentest it with money prices included.


Author

RE: new hashcracking idea


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-07-09 00:28
Keep your money! Im gonna pwn you! Pfft ( J/K )


Author

RE: new hashcracking idea

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 02-07-09 00:32
The idea of using Google's indexing service as rainbow table was expressed once on sla.ckers.org. I however, would never trust a third-party client with such data. Especially not Google.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce
Author

RE: new hashcracking idea


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-07-09 00:55
its not sensitive data or something, it are just boring hashes, i don't see a way how google could abuse this.


Author

RE: new hashcracking idea

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 02-07-09 01:03
jelmer wrote:
its not sensitive data or something, it are just boring hashes, i don't see a way how google could abuse this.


It's not the abuse that you should be worried about. It's a trivial task for google to stop indexing large collections of MD5 hashes, or stop people from searching for a hash.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce
Author

RE: new hashcracking idea


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-07-09 01:08
I dont think google is really caring, i heard rumours that google made their own algorithm, if it is really out there somewhere they wont really care i think.


Author

RE: new hashcracking idea

Futility
Member



Posts: 725
Location: USA
Joined: 17.12.07
Rank:
God
Posted on 02-07-09 01:14
jelmer wrote:
I dont think google is really caring, i heard rumours that google made their own algorithm, if it is really out there somewhere they wont really care i think.

Really?


i252.photobucket.com/albums/hh11/zanimabean/Zim.png
Futility91@hotmail.com Futility91
Author

RE: new hashcracking idea


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-07-09 01:32
well, yea, i cant really imagine a situation where google would care as long as they wont lose money/name. They know there are ways to proxy things through google trough translator, they don't have loss of money nor name so they wont really care lot about the entire problem. I do not think that google's intention of making the translator tool is making a proxy network too at the same place. It should not be too hard to fix such issues right? But no money involved, no loss of name involved, (no problem involved?)


Author

RE: new hashcracking idea


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-07-09 05:29
I think its a pretty cool idea. If you have a hash just enter it in google and you'll find what it is.

A couple of question though.

1) How would you store the list of hashes?

2) Up to how many hashes are you going to store on there?

3) Wouldn't take a long time and probably more memory than is economically possible (unless you have money to afford storage and bandwidth)?

I'm not trying to be a smart ass or anything I'm just wondering how you would achieve this.
Author

RE: new hashcracking idea


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-07-09 12:31
1) How would you store the list of hashes?

Not, the idea is that google will index me so i dont need more disk space, this was the problem where i had to come with an idea to store it in a different way

2) Up to how many hashes are you going to store on there?

untill im running out of bandwidth i think

3) Wouldn't take a long time and probably more memory than is economically possible (unless you have money to afford storage and bandwidth)?

You are right but it will index a lot of hash'es before my bandwidth will run out, in that case it will still be possible to push the 'in cache' button at google or see a glimp of the result in the google result.