ONLINE PUBLISHER Gawker is probably regretting appearing a little too confident in a web chat room.
A staff member happened to say on Gawker's Campfire logs that the magazine was not afraid of 4Chan. Apparently some members of 4chan decided that Gawker should be absolutely terrified of them and set to work hacking its website.
The hackers found their way into the database where the names, emails and passwords of anyone who had commented on Gawker story were stored. That is about 1.5 million people
.An unknown and unverified source said in a note to Mediaite
that the hack was motivated by Gawker's haughty attitude towards 4Chan.
Apparently it only took a few hours for the 4Chan hackers to find a way to dump all of Gawker's source code. It was a little more difficult to find their way into the user database, but they got there eventually.
Gawker initially denied that the hack had taken place, but later admitted it. It said that the hackers would have got the passwords, but those are encrypted. However it warned that simple ones might be vulnerable to a brute-force attack.
On the Gawker website it is recommending that users change their passwords on the Gawker comment system and on any other sites on which they've used the same passwords. Readers should also change their company email password and any passwords that might have appeared in email messages.
Gawker admitted that it is "deeply embarrassed by this breach".
Read more: http://www.theinquirer.net/inquirer/news/1931890/gawker-hacked#ixzz181fHicGc
The Inquirer - Computer hardware news and downloads. Visit the download store today.
Still trying to find some chick.
login: [email protected] Pass: facebook_fangle
They'll find the correlation with other accounts.
login: [email protected] Pass: [email protected]#gmail378facebook
So then the algorithm would be [email protected]#gmail378_____. If they don't know your other usernames and if you don't use that username on a shitton of sites there's no way they'd figure it out. No one is going to bother with 1.5 MILLION names. Plus they won't look at it and immediately think omg it's an algorithm.
Hehe that could take a while
Thats all right, im on it, should make a interesting wordlist in the future, i wish i wasnt drunk when i sarted on it, it would have occoured to me to actually awk the already cracked passwords to make a list to clear them off on the cleaned up 'full_db.log'
anyway 258147 password hashes cracked, 489955 left, once im done (as many as i can be fucked with XD) ill make a pass dictionary for NiS out of it
Check it and run a gawker like website. I already downloaded and looked it. It's awesome. Everything is in PHP and we can easily use gawker cms for totse cms . But I just want to learn from it and NO I will not go for the e-mails and passwords. But it's good to have some Million e-mails accessible to you .
You should release the passwords in a torrent with the TOTSE URL on it
Beat me to it.
But release the list in packs and in the pack we will add some Totse guides and other pamlets.
Now that would be a great package. Consider opening a wordlist and you already have guides on using it and some BI guides about exploiting things using that information.
I am sure the downloaders would love that.
We will have to do that, ill let it run for maybe 24 hours more but its slowing down im sad to report
guesses: 1011 time: 0:05:01:07 (3) c/s: 262294K trying: conghT - colix2
259035 password hashes cracked, 489067 left
wish i had compiled my own version with mpi support so it would support running on more than one core, dedicating 5 to the task and leaving one left to post "hey check this out" posts screenshot, would be entertaining imo.
261459 password hashes cracked, 486643 left
i compiled a seperate mpi patched jtr but it seems somewhat ineffective it seems it effectivly created 5 processes of john each searching the same 'hashspace' or whatever the correct word is judging by how it was displaying multiple success notifications for the same user and password
Of course it was awesome watching my shiny new processor get stressed, even if it was ultimately in vain
edit: if your wondering about the easily crackable dictionary attack in that pic, the mpi patched version was incompatible with the older binarys restore point so i had to start from scratch
Some of these passes have been interesting, when will people learn that 6 to 8 char des crypted passwords are insecure whatever the complexity
some 6 char examples for your entertainment, theres quite a few 8 char ones but they have scrolled too far for me to conveniently get them right now this second
guesses: 3352 time: 0:12:18:24 (3) c/s: 262752K trying: h18382 - h18333
guesses: 5930 time: 1:06:03:34 (3) c/s: 262746K trying: 28104048 - 28104636
That would be interesting, I would like to know how it works.
That's the only problem - I need to learn how to use it before actually writing the guide
I'll work on it over christmas, along with those other guides.