I lost my password. So I used Ruby it crack it, kinda. I will re-enact the story live in front of a group of strangers.
that and get started so has a really doing not good morning right off some of so I you're gonna talk to you guys about the time I use ruby to crack my Reddy password kind of frame is seed correction of softened you're not come in all I would tell you guys story so I used to be addicted chief of websites I still am but I used to be true and I know that I am sure you guys know what it is
like to use this knowledge depiction of what the flight might look like we offer and poisons you know I promise like this also should know that I have
no self-control speak of so that's pretty bad so this is
actually a at this time ever that here if you you and member here in this classroom like I something we read the odyssey of the famous story about what it is you tried to maintain some self control by times alters a master of my problem not quite a severe but the kind of similar in their own way and so
Europa keying off the story of of the odyssey of sense use that psychological technique that reduces you which is walking himself of online accounts of what he was a little bit of but basically I can say right the basic with others so did
exactly what I did the stress spends less time but wasted on on a useless
websites so almost as well so if you have some kind of passive system and also you can change your password so what they did is they type in some random direction I just I just grabbed my keyword search MacKinlay that came up with something sufficiently we're and and and and as my new password and and of course I don't remember with the string is this winter and characters of want and also change my can recover e-mail so now I have a new password that I had no idea what is also I change my can recover e-mail to a throwaway e-mail that is created that I also threw away the pasta too so there's no way to get my account that saved for this password again this password is the key to my kingdom right so but what I do is now my plan is to prevent myself from having access the password until some later date in the future right so that the overall for now and the crunch 1 study or practice or do whatever is I gotta do it you know at this time was websites accumulate from us so I need some way to receive this pasta at a later date now unfortunately normally when you do this is that this mechanism known as friends of not not not
use poison would automate this rate of new friends and so I don't know how you would use use the Google to try to figure this out and I come across this great wonderful website called that related and this kind of sounds nicely OK allows you send
e-mails at a future date and time you choose you know friends required this is pretty perfect for me so you know it's a little bit 1985 looking looking but that's OK you know maybe there's really focus on what they do so that's what I do is I go ahead
and I compose a new e-mail to itself a great account and what it do that fill in the subject line recall password my password set a date in the future when when the e-mail it myself about put in my my pattern there and I said on to hide mode and the high of what that allows you to is
not actually click on it were long and too little
later and the woods hidden I have actually no way to see it until it gets sent to me right so I get a foolproof I know that I urged and offer human being and so the only way that I will not active opacity there is literally no way I can get to so for a while but I actually use the system to keep myself from wasting time on the highly addictive use websites so I can make my talk is actually
not about you know productivity techniques this is the program covers after all so why material is up to the to the story the story is a little more involved so I use this for a while it's pretty effective but later on it and about coming back to bite so
tight to 10 years later
up to 2 years later I was working at a B&B and I had a job was Flintwood surprised Prize and I don't have the with that that's fine and 3 0 that means that a working interview the there which use real that a lot of test and of course that means a lot of waiting and waiting means that it's time to stop wasting company time so what can I do to jobs they can do work well tests with running that there be silly and so what I do
instead is I I want to go and you know get back in to get back into my time we that is not so 1 of the log back in to that to this website so go excellent later I remember that I you know what my possible away go back related to retrieve my password that's been was like a couple years after so I guess I a kick the habit for the bit of but outside you know go back new effects so I love bacon I
realize that it is still grayed out but how weird because you I think you need usually at edits and for itself with a month later at a time you oligomers of appears time the focus in the middle of time to you know get get back to the can and I realize that were shit I I settle it for 20 18 the last time that I voted for this that I guess I don't remember but I got like so annoyed at myself so that I actually like some days Superfund future just like screw you see like you need to get a grip on yourself and I was like I feel with a long since we know that for us so I so I
I I got something OK maybe there's visit somewhere around it so I hear a year is what emulator here's the the actual website and so you can look at my counter can see here this thing is hidden there's no way
community is scheduled for June on other than that I'm I'm I'm screwed up and so as not run on this I realized that I was about ready development but of course get attracted interest and I realize that there's this this search for OK well what I saw for so many for my name and see if my name is the it's not so it's not indexing the name for fine but now officer for bait book is a
popped up right so maybe they will not be looking for subject was right and so you can ascertain that frequently but I can possibly can see OK yet definitely it's indexing subject line it says remember the body of my of my my e-mail was just the actual password so if I search for a letter that's not in pastoralist with look for he
is not in there OK that 1 1 is that in there were about to to is in there OK so it's going to but a writer level that's that's that's increasing so I think this was done here that correctly as if I'm wrong but I have it will do such
inquiries that my password Ivan work Oracle will basically give me this square right or it will tell me if the body plus the subject so that was passive body with the actual password so if any of that in Canada together includes any string that after OK so I realize I ran home but I was I was offered his wasn't run home from work but I I I I ran all of bus another piece of paper and pen and will OK this hearing for user how territory of my password so here's the other guy let's think about this like thing that will force and stress the case so I have about this this big 1 thing and this subject to the top in the body down here but I don't know any the characters in body they do know the characters the subject you imagine they have little word at the word bank is all the letters a set already you can measure already tried the letters password because if I do a substring query for P and I find it returns to an erection no it's it's true because it was in the body or making the subject where the subject automatically give it but if you think about it if I try all the letters that are not in password they know for certain by here letter is only in the body and not on the password OK so if I keep trying letters that are not string password eventually I like it here whether making it I know I mean I have 1 of the characters somewhere and I passed that on average will take actually wanted era to get something so elastic imagine it sort of being somewhere in the leadoff middle try letters until you get a hit then what I do is they tried append another letter and longer because I know that you know that that letter plus the letter after it will be about substrate is keeps in reading through every single letter including the the letters and password is now a letter can be appended to the stupid substring edge keep going down 1 by 1 until I find the next character but Finacor to somewhere around the middle of the alphabet and so they just keep repeating that in every single time if you take a over 2 gasses were is the size of the alphabet Of until I finally have a letter where I can do with no other letter works if no other LetterWorks they don't fallen off the and that's the end of this part of the string so what that means I have is not the entire string it means have a suffix to 3 right but I don't know where industry has started with so we can do a flat the repeat the process going backwards rate is of a pen into the industry I prepared the beginning of history is keep going until again I fall off going the other direction and then I go OK cool that should be my entire straight so what if I do this now if you if you think like on I sort of miss those written exactly correct because in the end you take a guess is right there were 2 guesses that no I to exhaust entices reason OK there's no other letter that fulfill the string going longer so to a gas for the ends 8 over 2 times N minus 2 for everything beginning because the most 2 characters if they're the ends were is the alphabet and length so we assume that A is the alphabet is it is either not all lower case because that's a slam on the words also the parceling comma decimal 0 then of base so that means to do this entire thing will take about 432 queries the it but like that like a reasonable number of
things that you can just get used to has serially through calls on so soon as the sun now OK right let's do this OK so here's a need to someone to create a a letter Meet now they're the and that's given open that now that is in room the notes because that after the feeling that and let's have another be there we go OK so of suppressing 1st I gotta figure out how I'm going to actually I would do this do this prairie right some kind of accident or so ago bill that 1st so that so you can see here the way this is set up a slate led emulated outcome flesh account a PHP in a query string inflict you equals the query rates of a change this query to the other CQB becomes a OK so I'm using is the API snips rapists indirectly that's all I can do that so let's go ahead and start the summit a created a plaque last and here human have a URL that I use for the API class and a remove this part so can put the creation in grammatically so that when users we use the Ferriday AGM but which is a nice simple gem for making a big Nietzsche peer requests and of a deaf self-taught get method and to taken a query and when do them get URL and the 2nd argument affairs in the crater and the crater use the Q E that should be the query about the women do right now is the this and and see if I can make this work so let's open a prime number pieces codon and mistake state API that get but in the search for the string of password so that in work and the reason would workforces because it's given me a 302 redirects say you must be signed in to see this page on the the marvelous sword when EB TRA passes in in the headers so that should be easy enough just go to inspect
that go to network grab a any refresher and we can go in and look what's that we and look and
see OK we've got this be because rabbit I will which sign out when the thought but with the value but that's going to do is right to put people's lives alright great but always given the storing user declined side but but well you know of any storm of it's so so 1st argument is the query string 2nd argument is the the headers so I knew right cookie as cookie and now if I am not mistaken this should do the trick so if I do you can get low boom right this looks like the actual webpage so this is a 200 and you can see to to to yeah he's the looks looks good of the many many were there but the truth so 1 of the great so that's fine now of course when getting even getting all the HTML of this web page that's kind of not really what I want I want to
know what I want to know now like did this query return true or false so the way they can figure it out as a the is way is just look at OK in each you know it comes back there some unique strength they can they can find there will uniquely identify the yes in fact is which true so you can see the few things that show up when like the scheduled of the issues that arose in pays off a password that is showing slippage to use password for simplicity and will say that instead of having the so forget what self doubt but thought that include query and the Saudis return I get wary don't include the emissions turns out that our body and if the if the body of the Tschira quest includes the string password then that did go so let's go ahead and the pieces in overtime EPI don't include now 80 construe Endre AB which is false cool too I've got my work right so now as an testing is another all use the real work will because of we really slowly wattage request I don't do that to myself order them also McGowan previously studied PI they can use well and testing they can so that out later was really got so this 1 is to have a fake password but which is going to be some random characters OK great and then we have a deaf cellphone include same interface this is going to be a fake password don't include but the query OK and so now he said API sends me much faster it only each request test OK so I I need to build that out so that's the other going to that so we'll have a password cracker and the pasta cracker is going to have to the Fulton taken the EPI sold injector dependency to make things a little easier so will have the API tool that will also set up the password to start off as an empty string will successor we find the password the different stages of some of them are and also the number of iterations we can kick out of that initial that 0 OK so what is this actually do so we have a little scholar crack method and in the crack method I would sort of go through each of the steps of the albums if you're a member of the 1st thing we talked about was getting the 1st letter right any delay logic to figure out what the 1st letters so as to those find 1st letter that great but so fine 1st letter OK so what I found the 1st letter then I can keep building of forward appending different characters see for works so I will call that bill forward again but with a bill all the way for the fall of the and strain and some go backwards right so they will be build backward but then there analysis for the profit so that's roughly the other 1 of didn't do anything yet but but that's that that's the fix that but that so I find 1st letter so in order to find the 1st letter I need to know the alphabet of working with the also to know that the subject line right because remember I'm not trying characters in the subject line they don't necessarily tell me the character is in the past so that's makers constant so will say subject line equals the password Dutch shots those with all the characters in the subject line and he is remembered and the the alphabet but for the algorithm to use the letters of use the through the although a case because I'm assume that if you look as if there was uppercase or fail and all traffic is as well and uttered also do 0 through 9 0 through 9 and it's what that and and actually do as well as shuffle those 2 so that in case of justice can make the numbers more around in the distribution in case of the letters on 1 side or something of equal so that's why alphabet ago subject why now define the 1st letter I want to iterate through each of the characters that are not in the subject line but still in my office OK so that should be enough for the alphabet minus subject line that each to character and for each character I'm going to look it up in the Oracle so all say at BPI don't include that the charter so that's that check if this is the 1st characteristic if that's true but would only do if it's true there was a password equals that that character so I have my 1st return and I can return neuron and job out here it's if that completely fails I don't find anything Apollo arrays and say I could not find the 1st letter so they should be able to find a 1st letter now i cool under wonder they wanna do the 1 I keep count how many iterations and doing so of in that make abilities of myself most of you have to include method that both does all the API calls but but also logs the the iterations of a pair of at iterations plus equals 1 great announces include you get a little do just include the Fletcher returns in they but it's also had a lot of work cool so write a letter to get the 1st letter now if I wanna go forward so to build forward it's pretty similar logic right so I now I am not worried at subject anymore it's iterated the entire alphabet so the alphabet that each due character and for each character the alphabet of what I wanna do is I want to see up you know it try out the current password plus 1 water from the other right so all say our query equals that password plus chart just a penny into the into the current whom you know good password so I want to have a query sake if you include that which that include the query then then I know OK passage should be the grain of the prairie is correct so they password that equals query about the ticketron ended the easiest way I'd like to do this is the use of
personally and such prelude to recursively of so we do see this bill for again that and once you're done with all the building for then eventually build for finally terminates these job of all stacked frames and switch on all the way back up up so because we respect possibly very long to find and and the selected scrutinizes propre primatology but implement building forward now to build backward because remember we have 2 books of the Old backward to build that where we basically do the same thing except that so we can't you you copy the security here but instead of the passive plus the chart we prepender shock to the password to use for this rosy chop plus that password and suitable for we build backwards there came up and I think this should basically do the trick since provider where I wouldn't miss and the average is quite likely but but with fluency as so we can puts a password cracker don't news the pass in the stub EPI so we can see what's going on thing called OK that lets a crossing fingers by the renowned throughout follow that I was that it yeah that that a people so that they can to work with them so BPI those a little bit of the case of the model the plot of so that we get ugly like that more long middle interconnected so that the plot of screen so that so that that the get the feel of more context but fear of cracking passwords the group but that were the like like other part of the talk to me and some like computers and right so fibrous letters will puts a valid 1st letter I will put the at 1st letter right there OK so that then will say upwards building forward OK so that it's going forward puts building backward Bill's backwards and then at the end of state of revelations of your password was found in that that iterations iterations OK and then basically I either go forward go backward I want to always mention 1 site was a sea of a great Europe after his long it others for their passwords was puts a password and every time that happens so cool now 1 thing before we before actually run this out in world usually nurses and go duplication but that's that's refined as if a straight up so right and it is there's a nice review that so we can consider being built for backwards because of 1 medical build up and build the thing is the side of builders taken arguing that like forward the care of a keyword argument and wanna say it forward then it will be appended to charge the end of the the profit otherwise will say it's chart plus a possible pre-planned but if it's not forwarded from backed by those of Richard for and then basically instead of doing this bill forwards bills and we passed forward but whatever for was originally now we can do we the to these what's yet we can legal 1 and now instead of bill forward this just becomes the she becomes build what's that build forward to in this becomes build forward faults so what now we should be able to try out the real the P I could see what happens right things crossed of unit used did can request the trial but right here that goes and possibly Bluebird sentences about 4 slides for SLAs J. from a day to write this side of the family that a right of I use computer my controlled for this it's all it's all of the interconnection of you it's it's going get a 2 4 9 2 of will center the pool of OK we entered the energy bigger things a movement of the of what the passage is that I'm I'm just as the who the user our article it's it's something forceful going 2 9 OK I think it's like 20-something characters so this will be ground we all their promise there will really time OK regular Iowa at 6 2 out of which was there before but I J 9 it's going well right flowing out has a the idea that led that we have a mediator to discuss Chantecler another eye movements at the end of p OK you know though please please OK OK so if it fell off the handouts down to the build backwards is its fear that the the complete suffered at the end building backwards now in OK that the I things are moving this is good to good science It's is 100 jackals material in and then as paralyzed let's this is this this for partners in the service of I I can do what is actually a the we over the fun of it maybe a few days later colossal see with the Bulls of OK on AST energy rule OK of up in at that 1 2 3 relations only God did yeah I that I have
it does become a constant I know that I just want to quickly at the back to that so we decided to take on a 32 foot queries is doing the math before the end of the actual number was word 3 so we wouldn't have presented of the actual and so holy shit man afterward and 4 of this year so there's so that's the thing it so the ways that I did this was a different story but that the leaders of the there's of the year and and pull the only thing the election the
1st problem that I really actually had other unemployment that I solved the program I like it that it had a magic moment the programmer's life when there's like something that is like a broken or lost orders like you can't do that that's not your job-related a review logical weather or whatever we can get at me that sort of thing of the digital I I felt I lost my keys in a desert or something like that in way use tall and retrieval and with the power of programming I fix it I thought I could do this amazing thing that ever fragile part of their real with do and this is just an awesome to have that power the think as broader is easy to together get complacent get pissed off the tools are abilities but something really awesome level that that that I think it takes expressed like that to really draw letter and and and drive at home and I think he's
pretty crazy that we condition like that so that's that's it for me so the throwing you all undersea pressure I work at that come which is the watching companies check out you heard it out you found on Twitter and received by a blog where I about this and other stuff that have seed you that come they so much less against the the
