Quantcast

Jump to content


Photo

Scared Of Being CG'd?


  • Please log in to reply
109 replies to this topic

#26 Ziz

Ziz
  • 936 posts

Posted 20 January 2011 - 01:29 PM

So if you were CGed then logging out then back in won't help huh? As they have the hash of your password?

Logging out helps if you suspect someone is inside your account, because that way you logged him/her/that out too.
(I've personally proven this by entering on different browsers to an account, and logging out in one logged me out on everyone)
But it's not enough if they already have your info (hat's why one must also change password).

I told him we don't support that, and told him a way how he can use his knowledge for good.

I joined this site instead of other neopets cheat sites because I liked the way the admins think and how they worked :)

#27 Noitidart

Noitidart
  • Neocodex Co-Founder

  • 23,214 posts


Users Awards

Posted 20 January 2011 - 01:33 PM

Haha thanks Ziz.

#28 Information

Information
  • 246 posts

Posted 20 January 2011 - 02:08 PM

Oh - right I see. Well I was just wondering, as I am familiar with Abradix from a forum separate to this one. Either way, it is annoying... seeing this happen. Not the help, I am rather thankful however. It is like a Lion teaching others not to kill, but in another town he is killing all day long. Just seems strange, useful but strange... hahaha!



#29 Abradix

Abradix
  • 769 posts

Posted 20 January 2011 - 03:09 PM

Oh - right I see. Well I was just wondering, as I am familiar with Abradix from a forum separate to this one. Either way, it is annoying... seeing this happen. Not the help, I am rather thankful however. It is like a Lion teaching others not to kill, but in another town he is killing all day long. Just seems strange, useful but strange... hahaha!


I'm protecting members of this forum, it doesn't matter to me if everyone here is protected because there are still many more accounts around that are ripe for the taking! If anything this guide is to help me NOT snag one of out codex members. :p

#30 Jibrille

Jibrille
  • 456 posts


Users Awards

Posted 21 January 2011 - 08:20 AM

I've been using NoScripts for ages and seeing a CGer saying it prevents from being Cged is.. wonderful XD Btw, i would love to see those BDers CGed : p

People that use chrome can download "NotScripts":

NotScripts is inspired by the “NoScript” addon for Firefox (http://noscript.net) and seeks to emulate it within the limitations of the Google Chrome extensions API. It is not affiliated with “NoScript“, I just happen to like it’s functionality.


Link: https://chrome.googl...lpidmdajjpkkcfn

I use it :3

#31 Homer

Homer
  • 151 posts

Posted 21 January 2011 - 09:23 AM

Neat, I noticed some people were posting on the board claiming to be victims of "CGing". Guess I better start protecting myself as well. :whistling:

#32 Abradix

Abradix
  • 769 posts

Posted 21 January 2011 - 12:19 PM

+1 for NotScripts Jibri, I'll update the first post to reflect it.

And believe me Homer, they're not just claiming. At least a 4 or 5 people this week got "gifted" a ZDAP or WoDF. snatched right out of their gallery! So sad when that happens :(

#33 Dreww

Dreww
  • 552 posts

Posted 21 January 2011 - 12:28 PM

You mention de-hashing. Are you guys using a super-rainbow table?

#34 Abradix

Abradix
  • 769 posts

Posted 21 January 2011 - 12:59 PM

You mention de-hashing. Are you guys using a super-rainbow table?


We basically dump part of the hash and brute force it with our own custom-built dehashing engine, it can take a bit of time on slower computers. Theres also talk of a new MD5 hash which have been coined "salty hashes" which are (apparently) unable to be dehashed atm... But we're working on that too.

#35 Dreww

Dreww
  • 552 posts

Posted 21 January 2011 - 01:52 PM

Good luck breaking those salted hashes. It's very doable, but it might actually make your machines/servers overclock. The whole purpose of a salt is to make it too costly to even attempt to break an encryption.

#36 Abradix

Abradix
  • 769 posts

Posted 21 January 2011 - 02:01 PM

Good luck breaking those salted hashes. It's very doable, but it might actually make your machines/servers overclock. The whole purpose of a salt is to make it too costly to even attempt to break an encryption.


Yea, its been giving each and every one of us a headache. Luckily TNT hasn't implemented them, but we're all trying to keep on the ball.

#37 Waser Lave

Waser Lave

  • 25,516 posts


Users Awards

Posted 21 January 2011 - 02:05 PM

Yea, its been giving each and every one of us a headache. Luckily TNT hasn't implemented them, but we're all trying to keep on the ball.


Well personally I hope they do implement them. :p It would be about damn time they did something about their poor security.

#38 Dreww

Dreww
  • 552 posts

Posted 21 January 2011 - 02:11 PM

Well personally I hope they do implement them. :p It would be about damn time they did something about their poor security.

I came to learn that Neopets is one of those companies that builds a terrible foundation code then stacks more on top of it until an eventual tipping-over. I'm surprised they haven't made it into a Daily WTF yet.

What're you using to do your brute force?

#39 Abradix

Abradix
  • 769 posts

Posted 21 January 2011 - 02:40 PM

I came to learn that Neopets is one of those companies that builds a terrible foundation code then stacks more on top of it until an eventual tipping-over. I'm surprised they haven't made it into a Daily WTF yet.

What're you using to do your brute force?


This is totally accurate, Neopets has no idea what they're doing. They just wanna make the money. I'm sure they'll upgrade security again once they get the message that people don't like their stuff being stolen and are starting to leave.

Our brute was coded by Styzy from milw0rm, he could tell you much more about it than I could.

#40 Dreww

Dreww
  • 552 posts

Posted 21 January 2011 - 02:47 PM

Oh god, I haven't heard about milw0rm in nearly a decade. I didn't think they were still cyber-protesting these days.

#41 Abradix

Abradix
  • 769 posts

Posted 21 January 2011 - 02:53 PM

Oh god, I haven't heard about milw0rm in nearly a decade. I didn't think they were still cyber-protesting these days.


Heh, milw0rm might be basically dead but the people I met there are still around... Just a bit spread out. But who better to bring them together for great justice than Abradix the Android? No need for forums that outside parties can browse when we can do our buisness on IRC and keep things that need to remain secret, secret :p

#42 Dreww

Dreww
  • 552 posts

Posted 21 January 2011 - 02:57 PM

You just sounded like Numb3rs



#43 Abradix

Abradix
  • 769 posts

Posted 21 January 2011 - 03:02 PM

You just sounded like Numb3rs


As ridiculous as that whole clip was... Yes :D

|_0|_ 0|\/|G | 5P33|< 1337

#44 Kyle

Kyle
  • Legit.

  • 2,081 posts


Users Awards

Posted 21 January 2011 - 11:43 PM

I came to learn that Neopets is one of those companies that builds a terrible foundation code then stacks more on top of it until an eventual tipping-over. I'm surprised they haven't made it into a Daily WTF yet.

What're you using to do your brute force?

Are you the Drew from way back on Slop?

#45 Dreww

Dreww
  • 552 posts

Posted 22 January 2011 - 12:04 AM

Are you the Drew from way back on Slop?

The smod, not the admin.

#46 Aerith

Aerith
  • 1 posts

Posted 22 January 2011 - 06:22 PM

I'm pretty sure NoScript can't protect you from the CG o.o
Only RequestPolicy.. :o

#47 Abradix

Abradix
  • 769 posts

Posted 22 January 2011 - 06:50 PM

I'm pretty sure NoScript can't protect you from the CG o.o
Only RequestPolicy.. :o


Request policy works. But I'm sure you don't have the background that I do, so claiming NoScript doesn't work is nothing but a pant load.

#48 Homer

Homer
  • 151 posts

Posted 22 January 2011 - 07:03 PM

Wow, so what's like the best items you guys got from this? Don't need to be specific, but sounds like it could be a good bootleg story.

#49 Guest_jcrgirl_*

Guest_jcrgirl_*

Posted 22 January 2011 - 07:25 PM

If you got CG'd at a certain point in time but you always log out of your account is there a way for the CGer to find out your password and username regardless?

#50 Dreww

Dreww
  • 552 posts

Posted 22 January 2011 - 07:34 PM

If you got CG'd at a certain point in time but you always log out of your account is there a way for the CGer to find out your password and username regardless?

Yes. You need to change your password entirely, which will alter the hash in your cookie.

Wow, so what's like the best items you guys got from this? Don't need to be specific, but sounds like it could be a good bootleg story.

If you've been following the hijinks on the BD Chat this past week, multiple SuAPs, tons of older weapons, an m-skull, and a few wodf/istaffs have been compromised. Some even sold from the compromised accounts over the course of a month.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users