Thread: Absolute Soulreading/Rigged thread #3
View Single Post
  #910  
Old 09-21-2007, 04:34 PM
erbbysam erbbysam is offline
Senior Member
  
Join Date: Aug 2006
Location: life rewards bold&aggro moves
Posts: 314
Default Re: Absolute Cheating
<font color="red">The following are my security 101 analysis on the actual hack named "POTRIPPER", take what you want from it because I'm no expert </font>
[ QUOTE ]
[ QUOTE ]

Btw, POTRIPPER is the name of a hacking tool, or more specifically an exploiting tool as mentioned on this site http://www.imafia.net/forums/index.php?showtopic=2118

[/ QUOTE ]

[img]/images/graemlins/shocked.gif[/img]

[/ QUOTE ]
I downloaded it, but refuse to run it for what I hope are obvious security reasons. From the "Readme-potrip.txt" file:
[ QUOTE ]

-=Pot Ripper=-


This is a tool to extract the combos out of a raw pass file that you have not yet 'decrypted'
with JTR. That's it.


1. Choose the location of your john.pot.
2. Choose the location of you pass file.
3. Choose and output file.
4. Choose number of passes through the .pot file to make

If you are not concerned about memory usage, just leave this value at 1. This is
obviously the fastest method, but it is very resource intensive. If you are having
trouble running like this, try increasing this value. For instance, if you set it
to 3, then the program will load 1/3 of the files at a time. Hopefully, this will reduce
the drain on memory.

4. Go.


Again, setting up a shortcut to this program in your SendTo folder is the preferred method
(at least by me).


STYX


[/ QUOTE ]
My analysis:
JTR is refering to "John the Ripper" (link: http://en.wikipedia.org/wiki/John_the_ripper ) which is a basic password ("hash") cracking tool. The "raw pass file" that is referred to is the encrypted password file. It is possible that they are using a this as a method to break some level of weak encryption on AP's part and using "Pot Ripper" to assist them but as to what, is beyond me.
<font color="red"> /interesting implications </font>
WARNING: PERSONAL COMMENT:With the lack of overhead by a "real" monitoring gaming commission, or even a competent security team, I wouldn't be surprised if there is a few points at AP which are severely weak on the encryption side, which is scary with the amount of money that flows over their network daily.