Ok, I'm working on a new script and I need a name for it. I've noticed in the past that once I know my Windows logon password well I can type it without consciously thinking about it. Sometimes I do it so fast I hit the wrong series of keys and end up typing my password in the user name field by accented, which causes my password to be saved as a failed login name in the event log. What my new script does is:
1. Look in the even long for failed log on, and notes the name.
2. Finds the next log on that succeeded.
3. Compares the two names.
4. If they do not match, print both to the screen. The failed login name is a possible password and the next successful one is a possible user name for that password.
Any ideas for a good name for the project?
Sponsored by: █ Sparkhost - Hosting Without Compromises! █ Hybrid Performance Web Hosting █ Spark Host Stream Hosting █ Hybrid IRC & IRCd Server Shell Accounts
Need Name for a project
Started by
Irongeek
, Jun 10 2008 01:40 AM
8 replies to this topic
#1
Irongeek
-
- Members
-
- 23 posts
Private First Class
#2
SuRGeoN
-
- Members
-
- 83 posts
Private First Class
Posted 10 June 2008 - 02:18 AM
LSA Secrets? 
Just my opinion it doesnt worth the time to program something like that cause:
1) You can find better ways to hack a windows box
2) I dont think that it happes so offen (and even if it happens what about that it's not from default enable to log this kind of events?)
Anyway, nice thought and just to add that the same may happen to another login forms (like web a lot of them) and other login process in general (what about ssh? can you imagine that you've root access and sharing this ssh with some friends.. .how many of them when they want to login fast will fill their credentials for their boxes (root user), maybe you log for root failure attempts? and then try to connect with these credentials to their boxes?)
P.S.: welcome and congrats for your stuff
Just my opinion it doesnt worth the time to program something like that cause:
1) You can find better ways to hack a windows box
2) I dont think that it happes so offen (and even if it happens what about that it's not from default enable to log this kind of events?)
Anyway, nice thought and just to add that the same may happen to another login forms (like web a lot of them) and other login process in general (what about ssh? can you imagine that you've root access and sharing this ssh with some friends.. .how many of them when they want to login fast will fill their credentials for their boxes (root user), maybe you log for root failure attempts? and then try to connect with these credentials to their boxes?
)P.S.: welcome and congrats for your stuff
when a hungry man comes to ask your help, do not give him a fish, rather teach him how to catch a fish
#3
GroovyDude
-
- Sergeant Major
-
- 597 posts
Sergeant First Class
Posted 10 June 2008 - 04:46 AM
I can see some benefits to a script like this. Although you'd need some form of access to the box in order to parse the event logs.
Here are my goofy and not-so-creative thoughts on names:
1. Whoops
2. Asleep at the wheel
3. ELP (Event Log Passwords)
4. PIEL (Passwords in Event Logs)
5. PIE (Passwords in Events) <-- Hey, everyone likes pie, right?
I think an acronym is the way to go. Perhaps others in the forum have a good witty acronym you could use.
Here are my goofy and not-so-creative thoughts on names:
1. Whoops
2. Asleep at the wheel
3. ELP (Event Log Passwords)
4. PIEL (Passwords in Event Logs)
5. PIE (Passwords in Events) <-- Hey, everyone likes pie, right?
I think an acronym is the way to go. Perhaps others in the forum have a good witty acronym you could use.
#4
hugopnr
-
- Members
-
- 112 posts
Specialist
Posted 10 June 2008 - 05:46 AM
You can also check if failLogon.startsWith(successLogon); to produce more accurate results.
My name suggestion is -> MUPEL (Misstyped Username Password in Event Logger)
btw, it doesn't stand for anything other than that. I checked acronymfinder !
My name suggestion is -> MUPEL (Misstyped Username Password in Event Logger)
btw, it doesn't stand for anything other than that. I checked acronymfinder !
"Power tends to corrupt, and absolute power corrupts absolutely. Great men are almost always bad men." -LORD ACTON
hugo.pnr~
hugo.pnr~
#5
Irongeek
-
- Members
-
- 23 posts
Private First Class
Posted 10 June 2008 - 10:47 AM
Ok, I'm leaning towards PEBKAC ATTACK.
#7
webdevil
-
- Sergeant Major
-
- 1,195 posts
Retired GSO General
Posted 14 June 2008 - 05:12 PM
Its always against best practices to log passwords for failed attempts.
But how many admins actually do that is the real question...
But how many admins actually do that is the real question...
#8
Irongeek
-
- Members
-
- 23 posts
Private First Class
Posted 14 June 2008 - 05:20 PM
Well, in this case they are not logging passwords, they are just logging user names. The user just inadvertently type their password in the user field.
#9
ForcefullyRejected
-
- Members
-
- 7 posts
Private
Posted 16 June 2008 - 04:26 AM
TSU - Track Stupid Users?
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
