109 replies to this topic

[Ziz]

So if you were CGed then logging out then back in won't help huh? As they have the hash of your password?

Logging out helps if you suspect someone is inside your account, because that way you logged him/her/that out too.
(I've personally proven this by entering on different browsers to an account, and logging out in one logged me out on everyone)
But it's not enough if they already have your info (hat's why one must also change password).

I told him we don't support that, and told him a way how he can use his knowledge for good.

I joined this site instead of other neopets cheat sites because I liked the way the admins think and how they worked

[Noitidart]

Haha thanks Ziz.

[Information]

Oh - right I see. Well I was just wondering, as I am familiar with Abradix from a forum separate to this one. Either way, it is annoying... seeing this happen. Not the help, I am rather thankful however. It is like a Lion teaching others not to kill, but in another town he is killing all day long. Just seems strange, useful but strange... hahaha!

[Abradix]

Oh - right I see. Well I was just wondering, as I am familiar with Abradix from a forum separate to this one. Either way, it is annoying... seeing this happen. Not the help, I am rather thankful however. It is like a Lion teaching others not to kill, but in another town he is killing all day long. Just seems strange, useful but strange... hahaha!

I'm protecting members of this forum, it doesn't matter to me if everyone here is protected because there are still many more accounts around that are ripe for the taking! If anything this guide is to help me NOT snag one of out codex members.

[Jibrille]

I've been using NoScripts for ages and seeing a CGer saying it prevents from being Cged is.. wonderful XD Btw, i would love to see those BDers CGed : p

People that use chrome can download "NotScripts":

NotScripts is inspired by the “NoScript” addon for Firefox (http://noscript.net) and seeks to emulate it within the limitations of the Google Chrome extensions API. It is not affiliated with “NoScript“, I just happen to like it’s functionality.

Link: https://chrome.googl...lpidmdajjpkkcfn

I use it :3

[Homer]

Neat, I noticed some people were posting on the board claiming to be victims of "CGing". Guess I better start protecting myself as well.

[Abradix]

+1 for NotScripts Jibri, I'll update the first post to reflect it.

And believe me Homer, they're not just claiming. At least a 4 or 5 people this week got "gifted" a ZDAP or WoDF. snatched right out of their gallery! So sad when that happens

[Dreww]

You mention de-hashing. Are you guys using a super-rainbow table?

[Abradix]

You mention de-hashing. Are you guys using a super-rainbow table?

We basically dump part of the hash and brute force it with our own custom-built dehashing engine, it can take a bit of time on slower computers. Theres also talk of a new MD5 hash which have been coined "salty hashes" which are (apparently) unable to be dehashed atm... But we're working on that too.

[Dreww]

Good luck breaking those salted hashes. It's very doable, but it might actually make your machines/servers overclock. The whole purpose of a salt is to make it too costly to even attempt to break an encryption.

[Abradix]

Good luck breaking those salted hashes. It's very doable, but it might actually make your machines/servers overclock. The whole purpose of a salt is to make it too costly to even attempt to break an encryption.

Yea, its been giving each and every one of us a headache. Luckily TNT hasn't implemented them, but we're all trying to keep on the ball.

[Waser Lave]

Yea, its been giving each and every one of us a headache. Luckily TNT hasn't implemented them, but we're all trying to keep on the ball.

Well personally I hope they do implement them. It would be about damn time they did something about their poor security.

[Dreww]

Well personally I hope they do implement them. It would be about damn time they did something about their poor security.

I came to learn that Neopets is one of those companies that builds a terrible foundation code then stacks more on top of it until an eventual tipping-over. I'm surprised they haven't made it into a Daily WTF yet.

What're you using to do your brute force?

[Abradix]

I came to learn that Neopets is one of those companies that builds a terrible foundation code then stacks more on top of it until an eventual tipping-over. I'm surprised they haven't made it into a Daily WTF yet.

What're you using to do your brute force?

This is totally accurate, Neopets has no idea what they're doing. They just wanna make the money. I'm sure they'll upgrade security again once they get the message that people don't like their stuff being stolen and are starting to leave.

Our brute was coded by Styzy from milw0rm, he could tell you much more about it than I could.

[Dreww]

Oh god, I haven't heard about milw0rm in nearly a decade. I didn't think they were still cyber-protesting these days.

[Abradix]

Oh god, I haven't heard about milw0rm in nearly a decade. I didn't think they were still cyber-protesting these days.

Heh, milw0rm might be basically dead but the people I met there are still around... Just a bit spread out. But who better to bring them together for great justice than Abradix the Android? No need for forums that outside parties can browse when we can do our buisness on IRC and keep things that need to remain secret, secret

[Dreww]

You just sounded like Numb3rs

[Abradix]

You just sounded like Numb3rs

As ridiculous as that whole clip was... Yes

|_0|_ 0|\/|G | 5P33|< 1337

[Kyle]

I came to learn that Neopets is one of those companies that builds a terrible foundation code then stacks more on top of it until an eventual tipping-over. I'm surprised they haven't made it into a Daily WTF yet.

What're you using to do your brute force?

Are you the Drew from way back on Slop?

[Dreww]

Are you the Drew from way back on Slop?

The smod, not the admin.

[Aerith]

I'm pretty sure NoScript can't protect you from the CG o.o
Only RequestPolicy..

[Abradix]

I'm pretty sure NoScript can't protect you from the CG o.o
Only RequestPolicy..

Request policy works. But I'm sure you don't have the background that I do, so claiming NoScript doesn't work is nothing but a pant load.

[Homer]

Wow, so what's like the best items you guys got from this? Don't need to be specific, but sounds like it could be a good bootleg story.

[Dreww]

If you got CG'd at a certain point in time but you always log out of your account is there a way for the CGer to find out your password and username regardless?

Yes. You need to change your password entirely, which will alter the hash in your cookie.

Wow, so what's like the best items you guys got from this? Don't need to be specific, but sounds like it could be a good bootleg story.

If you've been following the hijinks on the BD Chat this past week, multiple SuAPs, tons of older weapons, an m-skull, and a few wodf/istaffs have been compromised. Some even sold from the compromised accounts over the course of a month.