Jump to content

security code problems

nemasis

By nemasis
in Hacks & Mods

 Share

Recommended Posts

digip Newbie

digip

Posted
Posted

Sounds like unauthorized access to me...

Seems legit...lol

Actually, never know these days, with all the hackme things and ctf games there are, but yeah, sounds like someone got hold of a pastebin email and hash list and got lucky on one of them.

To the Op, if they have two factor authentication turned on, you pretty much need to do just that. You'd need both your cracked pass and access to whatever their seconf form of authentication is, which could be any number of things from rsa keys, sms text messages, second email account notification, smart cards, etc.

Link to comment
Share on other sites
01000010 Newbie

01000010

Posted
Posted (edited)

wow this makes me wonder if there is a way to figure out what the second form is, other than signing up for the service yourself.

example -- when you log on a webpage it could just check to see if your ip opened other special page on that server.

Or it sends you that text measage.

Is there a way you tell ?

My guess is that you would need to see server code or sign up for the stuff yourself.

Edited by leapole
Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

wow this makes me wonder if there is a way to figure out what the second form is, other than signing up for the service yourself.

example -- when you log on a webpage it could just check to see if your ip opened other special page on that server.

Or it sends you that text measage.

Is there a way you tell ?

My guess is that you would need to see server code or sign up for the stuff yourself.

I guess it depends on the site or services, but gmail for example, offers two factor authentication using your cell phone as the second factor, so unless someone has cloned your phone or intercepting your messages, pretty hard to get around, although I think Kos demonstrated a bypass on it once, but don't quote me on that..I may have dreamed that one up...
Link to comment
Share on other sites
Pwnd2Pwnr Newbie

Pwnd2Pwnr

Posted
Posted (edited)

I guess it depends on the site or services, but gmail for example, offers two factor authentication using your cell phone as the second factor, so unless someone has cloned your phone or intercepting your messages, pretty hard to get around, although I think Kos demonstrated a bypass on it once, but don't quote me on that..I may have dreamed that one up...

I frequently make accounts VIA gmail... and everytime they ask me for verification... I am just fortunate enough to have a list of numbers which will verify me (Thank you, friends). Verify with your friend(s) first that they will receive a call. Tell them to write down the number... have them call you or text you. Gmail calls you with a code... you take that code and type it in... Bing...eerrrrp... DIng, you have a new email account (created by TOR exit node)...

There is no downside as long you keep it legit... Teh means no worries :)

PS.... Throw away phones do not have that type of authentication... go buy yourself a shit load of cheap phones (with cash!!!!!!!! <<<<)... register them for others so they will not connect teh dots... :D

Edited by Pwnd2Pwnr
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...