Vulnerability Development mailing list archives
Re: ICQ pass cracking
From: wolfbh () BIGFOOT COM (WolF Knox)
Date: Thu, 3 Feb 2000 14:25:30 -0200
JklojLrnzn () AOL COM wrote:
| WolF Knox wrote: | > One day i was doing absolutely nothing on the net and i though, hell, | > why not make a password crack for ICQ since it's only 8 chars? something | > like, you put that long-lost-UIN-with-fake-email in a field and the | > program will try all the possibles combinations to discover the | > password, of course, 8 chars is relatively small....the program would | > need to have some kind of pause/resume system, like you try today, you | > need to disconnect, you pause, go offline, later you come back and try | > again resuming since the point you stopped. | | Please elaborate. Is there a local ICQ password on the HD that can be | poked at? Do you know what the allowed character set is? Or are you | talking about bruting the ICQ servers? If it's the latter, 8 characters | can take a long, long time across a network, and that's assuming there is | no lockout feature. | | BBOf course, local pass crackers can be written in fact they have already been written. Just take a look at the respective archives at packetstorm, neworder or AntiCode: http://packetstorm.securify.com/icq/ http://neworder.box.sk/box.php3?act=2&prj=neworder&gfx=neworder&srch=icq http://www.AntiCode.com/cgi-bin/showdsc.anticode?cat=icq.html I also found one program, homepage here: http://icqrinfo.headstrong.de/ derDoc
Hello, thanks for the URLS, for a local password cracker ICQRinfo works fine (http://icqrinfo.headstrong.de/).... and i've found in the Packetstorm site (http://packetstorm.securify.com/icq/) some programs made by the "Eyewitness" or something like that...one is the XYPROG a brute force passcracker that uses a dictionary, but it doesen't work...(gives an Timeout error), and the other is TOPROG something like a icq message spy, it says that he acts like a ptoxy and intercepts every msg between two users...but guess what...it doesn't work 2...gives some timeout msg error...both programs were coded in java and require a java virtual machine such JDK or something....i've already mail the author to know where may i get a version of the program that works but i have no response... well, now we have at least some where to get ideas for this program (if someone is interested in doing this of course). Thanks. Wolf Knox. -- .... UIN: 33778118 .... . . EMail: wolfbh () bigfoot com . . . . NICK: Wolf Knox . . ..... ..... "From ashes we rise, ..... ..... ..... ..... to ashes we shall ..... ..... .... Fall." .... []-----------Ex-Inferis----------[] [] S e c u r i t y s p h e r e [] [] www.exinferis.cjb.net [] []-----------Ex-Inferis----------[] ________________________________________________________________ GET PAID U$1,00/Hour for doing absolutely ANYTHING on your computer, as long as you are using your mouse!!! http://www.getpaid4.com/cgi-bin/joinnow.cgi?wolfknox you already do it, why not GetPaid4 it?
Current thread:
- Re: ICQ pass cracking JklojLrnzn () AOL COM (Feb 01)
- Re: ICQ pass cracking WolF Knox (Feb 03)