Re: Hacking sorted

From: The Merciless Lord of Everything (
Date: 08/20/00

On Fri, 18 Aug 2000, Alex Mann wrote:

> 2) With tha removed I then jsut used the set file command to alter thier
> passwords, i then used self delete to remove them.
hm, Well, there's several ways.. I at some point decided to think up ways
to let me play, while still retaining my Implementor rights (Ie, I could
become lvl 1 if I wanted), How could this be made? Well, out of several
ways, I decided against doing anything at all (Got other things to
do.. :).

But one way of doing so would be to put you ID into an array, and have
that checked against your ID. OR! You could simply have a flag being set,
Though this would be exploitable (if anyone ever hacked your account :).

On the topic of hacking.

"Thou Shalst not hack" (old proverb or something :), So, how do accounts
get hacked? 99.5% of the cases will show "Bad Password!". Have a bit of
fun, grab your players passwords out of the plrfile and run a simple
dictionary password cracker on them (No, I've not done so, I believe in
privacy :), my guess is that if not all, you'll find a great deal of your
Immortals passwords are found within the first half hour :). So, what does
this lead up to? have your syslog scanned, make it prompt for Bad Password
attempts (and from where). Usually you have an idea which ISP your Imm's
use, so that should be easy to check. Secondary, make sure at least your
IMM password is neigh-unhackable (All passwords can be cracked, it's only
a matter of time), As I'm sure of all here on the list will agree on,
"qwerty" is not a good password, neither is "barkerdog" or similar type
passwords. Make it a bit harder, switch some letters for digits, People
call this leet, but face it, what's fastest, breaking "barkerthedog" or
"b4r|<3R-|-h|)0g" ?

So First line of defence is your password, second is "Ensure your
files". By this I mean that if you're running under Unix, have your
permissions like rwx------. This however does not ensure 100% safety
unless you're the admin of the box, in which case you want to lock down
the box for other reasons :). Should anyone gain access to your files,
it's only a matter of time before your password is hacked. Therefore,
change your password on a regular basis, that should keep them at bay.

How to do this on a Windows machine? I have no idea :), though I've held a
Microsoft Certification, it has been invalidated with time, and much has
happend in that field (Or at least I hope something has :), so can't help
you there.

graaah.. see what I made me do :) Hope this at least helps someone..


Sir Alec Guinness
 - May the force be with you, Always!

     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     |  |

This archive was generated by hypermail 2b30 : 04/11/01 PDT