nemasis Posted November 23, 2012 Share Posted November 23, 2012 I just cracked a web password and try to log in using the password but can not be allowed because it asks for an extra security code does anyone know a way to get past this :-) Thank you in advance Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted November 24, 2012 Share Posted November 24, 2012 Sounds like unauthorized access to me... Quote Link to comment Share on other sites More sharing options...
Pwnd2Pwnr Posted November 27, 2012 Share Posted November 27, 2012 What was expected to be gained by unauthorized access... I am glad that their are certain protocols that you must abide by... BTW => read the FORUM MAN PAGE Quote Link to comment Share on other sites More sharing options...
digip Posted November 28, 2012 Share Posted November 28, 2012 Sounds like unauthorized access to me... Seems legit...lolActually, never know these days, with all the hackme things and ctf games there are, but yeah, sounds like someone got hold of a pastebin email and hash list and got lucky on one of them. To the Op, if they have two factor authentication turned on, you pretty much need to do just that. You'd need both your cracked pass and access to whatever their seconf form of authentication is, which could be any number of things from rsa keys, sms text messages, second email account notification, smart cards, etc. Quote Link to comment Share on other sites More sharing options...
01000010 Posted November 28, 2012 Share Posted November 28, 2012 (edited) wow this makes me wonder if there is a way to figure out what the second form is, other than signing up for the service yourself. example -- when you log on a webpage it could just check to see if your ip opened other special page on that server. Or it sends you that text measage. Is there a way you tell ? My guess is that you would need to see server code or sign up for the stuff yourself. Edited November 28, 2012 by leapole Quote Link to comment Share on other sites More sharing options...
digip Posted November 28, 2012 Share Posted November 28, 2012 wow this makes me wonder if there is a way to figure out what the second form is, other than signing up for the service yourself. example -- when you log on a webpage it could just check to see if your ip opened other special page on that server. Or it sends you that text measage. Is there a way you tell ? My guess is that you would need to see server code or sign up for the stuff yourself. I guess it depends on the site or services, but gmail for example, offers two factor authentication using your cell phone as the second factor, so unless someone has cloned your phone or intercepting your messages, pretty hard to get around, although I think Kos demonstrated a bypass on it once, but don't quote me on that..I may have dreamed that one up... Quote Link to comment Share on other sites More sharing options...
Pwnd2Pwnr Posted November 29, 2012 Share Posted November 29, 2012 (edited) I guess it depends on the site or services, but gmail for example, offers two factor authentication using your cell phone as the second factor, so unless someone has cloned your phone or intercepting your messages, pretty hard to get around, although I think Kos demonstrated a bypass on it once, but don't quote me on that..I may have dreamed that one up... I frequently make accounts VIA gmail... and everytime they ask me for verification... I am just fortunate enough to have a list of numbers which will verify me (Thank you, friends). Verify with your friend(s) first that they will receive a call. Tell them to write down the number... have them call you or text you. Gmail calls you with a code... you take that code and type it in... Bing...eerrrrp... DIng, you have a new email account (created by TOR exit node)... There is no downside as long you keep it legit... Teh means no worries :) PS.... Throw away phones do not have that type of authentication... go buy yourself a shit load of cheap phones (with cash!!!!!!!! <<<<)... register them for others so they will not connect teh dots... :D Edited November 29, 2012 by Pwnd2Pwnr Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.