Huge Problem [ Regarding Passwords ]

General help on how to use Cerberus. Questions on how a particular feature works, how to use feature x with feature y... Please read the "How to use this forum" article before posting.
Post Reply
Crappp
Posts: 1
Joined: Thu Aug 09, 2007 9:31 pm

Huge Problem [ Regarding Passwords ]

Post by Crappp » Thu Aug 09, 2007 9:36 pm

This is really going to blow your minds away.

Okay, so this guy managed to get my password off of a website, and he NEARLY got into my e-mail account. So I changed my e-mail AND Cerberus FTP Server passwords to be one new password that I could keep for only e-mail and FTP Server access, allowing me to be more secure.

Well, what do you know... I forgot the password. I attempted to recover them through the e-mail, but when I registered my e-mail back in 2003, I registered Anonymously, so therefore my birth date, ZIP Code, and Country are far from what and where I am.

So, my only possible way of getting my e-mail back is by "brute forcing" Cerberus. Now, this doesn't necessarily mean like a DDoS. I'm talking more of finding a way around the password encryption, for the sake of saving my e-mail.

Please, anyone, help me get my e-mail back! I've had it for a very long long time, and it's my only one... I don't want to lose it. :(

~Z

mdj
Moderator
Posts: 656
Joined: Mon Aug 18, 2003 4:00 am
Location: Denmark
Contact:

Post by mdj » Fri Aug 10, 2007 3:59 am

I am afraid Cerberus is not gonna do you any good... Cerberus simply doesn't know your password! It only saves a hash value of the password... Sorry.
Please remember that it is not particularly safe to use the same password you use for Cerberus for something else as well - at least if you are using traditional non-ssl ftp. The user name and password are transfered unencrypted in the ftp protocol.
Don't be paranoid, but be advised that someone IS out to get you...
Morten Due Jørgensen
http://www.mdjnet.dk

NitroxDM
New User
Posts: 4
Joined: Sat Sep 01, 2007 1:12 pm

Losing passwords is fun!!!

Post by NitroxDM » Sat Sep 01, 2007 1:46 pm

Ok, not really. I have been using keepass from http://keepass.info/ for about two months now. I have enjoyed using it more then any other password manager app.

Good luck with that email!

Tornado
Senior User
Posts: 234
Joined: Tue Jun 08, 2004 9:39 am
Location: Australia

Post by Tornado » Sat Sep 01, 2007 6:36 pm

Do you have an email client that is storing your password? OR
Do you have an FTP client also storing your password?

If so, a simple packet sniff (Wireshark) will locate your password through outgoing traffic from the client.

According to Serin, the password is stored in an "irreversable hash(SHA-1) value" - http://www.cerberusftp.com/phpBB3/viewt ... t=password.
Maybe a little research may reveal a way to bypass this encryption.

Adain
Posts: 1
Joined: Wed Dec 16, 2009 1:23 am

Re: Huge Problem [ Regarding Passwords ]

Post by Adain » Wed Dec 16, 2009 2:11 am

Hi,

Good post....thanks for sharing.. very useful for me i will bookmark this for my future needed. thanks for a great source.

Post Reply