Thread: Getting other peoples pass

Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1 Getting other peoples pass 
    Registered Member
    Join Date
    Dec 2012
    Posts
    2
    Thanks given
    0
    Thanks received
    0
    Rep Power
    0
    Hey, how can I get other peoples password on 718+ based server, ::getpass not working, could I do it via source?
    Reply With Quote  
     

  2. #2  
    Registered Member
    Join Date
    Dec 2012
    Posts
    2
    Thanks given
    0
    Thanks received
    0
    Rep Power
    0
    Like im getting e34e802dd3fa0ea9e99524c41b44e3bc69c7d886sq as a password
    Reply With Quote  
     

  3. #3  
    Banned

    Join Date
    May 2011
    Posts
    1,773
    Thanks given
    854
    Thanks received
    853
    Rep Power
    0
    Wrong section i dont think people will be able to help you here go to 503+ section

    OT:

    Disable the encrypting in the playersaving

    Just ctrl+f your source for md5

    and comment the method out or something like that
    im not even sure if it uses md5 encryption
    Reply With Quote  
     

  4. #4  
    Registered Member
    Karma_K's Avatar
    Join Date
    Nov 2012
    Posts
    4,283
    Thanks given
    152
    Thanks received
    610
    Rep Power
    108
    Your server has rsa enabled. Probably have to disable it or something. Idk, my server doesn't have rsa, but gonna be adding it sooner or later
    Reply With Quote  
     

  5. #5  
    Registered Member

    Join Date
    May 2012
    Age
    28
    Posts
    1,548
    Thanks given
    415
    Thanks received
    231
    Rep Power
    81
    Quote Originally Posted by Karma_K View Post
    Your server has rsa enabled. Probably have to disable it or something. Idk, my server doesn't have rsa, but gonna be adding it sooner or later
    Why would you do this? What if someone needs their password changed?
    Inactive.


    Spoiler for FirstDesign:
    Reply With Quote  
     

  6. #6  
    Registered Member
    Karma_K's Avatar
    Join Date
    Nov 2012
    Posts
    4,283
    Thanks given
    152
    Thanks received
    610
    Rep Power
    108
    Quote Originally Posted by xLoeluex View Post
    Why would you do this? What if someone needs their password changed?
    do you even know what rsa is
    Reply With Quote  
     

  7. #7  
    Registered Member

    Join Date
    May 2012
    Age
    28
    Posts
    1,548
    Thanks given
    415
    Thanks received
    231
    Rep Power
    81
    Quote Originally Posted by Karma_K View Post
    do you even know what rsa is
    Honestly, I don't. Hehehe.
    Inactive.


    Spoiler for FirstDesign:
    Reply With Quote  
     

  8. #8  
    Member
    Join Date
    Aug 2012
    Posts
    261
    Thanks given
    3
    Thanks received
    39
    Rep Power
    0
    I don't think that's RSA, isn't it just hashing the entered password and checking it against the hash in the character file?
    I believe it's md5, you could always try cracking it.

    In any case, what valid reason could you have for needing their actual password?
    Reply With Quote  
     

  9. Thankful user:


  10. #9  
    Registered Member
    Karma_K's Avatar
    Join Date
    Nov 2012
    Posts
    4,283
    Thanks given
    152
    Thanks received
    610
    Rep Power
    108
    Quote Originally Posted by xLoeluex View Post
    Honestly, I don't. Hehehe.
    I don't even know much about it but I know its encryption that encrypts the packets that the client and server send to each other, like passwords. For example, if your passwords Karma, without rsa, it'll just be sent as Karma, with rsa it'll be sent aigdjemsndkieh. People have this on their server to prevent people from hacking player accounts and to stop cheat engines and clients from cheating/hacking. My server didn't have rsa and once had some kid hack about 100 or more player accounts and dropped their banks.
    Reply With Quote  
     

  11. Thankful user:


  12. #10  
    ???

    funkE's Avatar
    Join Date
    Feb 2008
    Posts
    2,612
    Thanks given
    255
    Thanks received
    989
    Rep Power
    1366
    Quote Originally Posted by Karma_K View Post
    I don't even know much about it but I know its encryption that encrypts the packets that the client and server send to each other, like passwords. For example, if your passwords Karma, without rsa, it'll just be sent as Karma, with rsa it'll be sent aigdjemsndkieh. People have this on their server to prevent people from hacking player accounts and to stop cheat engines and clients from cheating/hacking. My server didn't have rsa and once had some kid hack about 100 or more player accounts and dropped their banks.
    okay, you guys clearly don't understand what rsa is used for in the client.

    rsa is public/private key encryption. data encrypted with the public key (the one everyone has) can only be decrypted with the private key (the one that only the server has). the client only uses rsa encryption during login to encrypt your username, password, uid, and the isaac seed. it also sends a byte with the value of 10, but that's only there so that the server can test the integrity of the encrypted block. if the first byte is anything other than 10, the encryption failed - the public and private keys don't match. the "hacker" didn't get into your player's accounts because you didn't have rsa. isaac is used for encrypting (i guess would be the right word) the opcode for each packet so that it appears like random data to a third party observer. if you don't encrypt the login block (which also contains the isaac seed), then someone monitoring your network traffic could definitely get your password. i doubt the "hacker" could monitor their network data. with isaac enabled, you can't inject packets because the next packet the client sends would have an out of sync opcode. you can always use cheat engine to modify the client's data. it's up to the server to validate the data the client is sending the server (never trust the client).

    i'd go ahead and say that most servers use md5 to hash the password so that, in the event of a data breach, the password is "safe." the only way you can get the password is by taking the md5 hash and brute forcing it - generating guess hashes and matching them to see if they are the same. you can't get the original input string from md5.

    so that answers that.
    .
    Reply With Quote  
     

Page 1 of 2 12 LastLast

Thread Information
Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


User Tag List

Similar Threads

  1. sup peoples...
    By eTag in forum The Red Carpet
    Replies: 0
    Last Post: 02-04-2013, 08:09 PM
  2. hello peoples
    By ates1 in forum Help
    Replies: 0
    Last Post: 01-06-2010, 02:09 PM
  3. you peoples hates me?
    By Snow Cat123 in forum Voting
    Replies: 5
    Last Post: 09-22-2009, 08:12 PM
  4. Peoples Cant connect!
    By Chrham_2 in forum Help
    Replies: 1
    Last Post: 02-03-2009, 08:26 PM
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •