unforum

[Weeg]

[PUZZ][QUES]Using brute force on the login (don't freak out)

[darkphan]

Its OOG. Read Danas blog. She says the following:

[Weeg]

That's a valid point, but I just think the evidence goes against it in this case. We should at LEAST run some sort of word list through in case there is something. Let's also not forget that the entity that sent us the mail from ladybee777 mentioned that she had found and hidden a secret. That can't be overlooked.

[darkphan]

[penchanski]

I was thinking about this as well last night. (I didn't know that the login had been discovered then). Thing is she says:

[penchanski]

Sorry - that's not very clear above. I'm saying we shouldn't use general brute force but should try to get in using in-game words and phrases.

[fireball]

She has said over and over, "Do not try to hack the e-mail, voicemail, or any of that stuff." Ok, not a direct quote, but she has said it again and again. I take the PM wishes at face value: DO NOT TRY TO LOG IN TO THE VOICEMAIL OR E-MAIL!

[BoonIsha]

im with weeg on this one. seems like too much of a coincedence that she offered us commands with pipes in them, never mind they are commin in unix, and the PMs didnt disable them on the server. it should have been a simple fix...not to mention we ARE missing something on the site for sure. this could be it.

and like weeg said, and we talked about last night, if someone gets in, and its not IG, back off, and try to let the PMs know you got in, and ask them to change the Pass. i think they would understand, i know i would.

boon

[babbler]

I went ahead and took a look at both the page that comes up and the Netcraft data for the site. Seems like the host providers are running a deprecated version of Apache on Windows (1.3.19). There are known bugs with handling pipe characters in versions of Apache/Win prior to 1.3.24. That's probably what we're seeing when sending the "Widow" command line to the web server.

In other words, move along here, nothing to see here. Trying to brute-force the web server is:

1. Not part of the game;
2. A bad idea on a large number of real-world grounds;
3. Unlikely to successfully open up the site; and
4. Likely to cause the host provider to shut down the site over security concerns.

[Dorkmaster]

This is my first official ARG, so I don't have the sensibilities of say Fireball, or Magesteff or Varin, or so... but at the same time, I feel this would be going over the edge. If we get clue evidence as to what the login password may be, then I say all for it, use the words we have. However, if it's a matter of just brute forcing passwords till they work, using some dictionary list, then I say no way, not the spirit of the game. I think everyone agrees that this login thing has been around, and been discussed long enough that the PM has to know we know about it. So they could have disabled it already, so I do tend to think it's in game. But at the same time, this is not the way to go about it. I value that we have a poll about it, though, because I very much appreciate the option to speak on this topic before you guys tried it. Great use of the poll! But I voted for the second option: In game, but don't do it this way...

[BrianEnigma]

The Search link is your friend. The Search link helps you help us reduce clutter and redundant topics. The Search link helps you find this topic, in which the use of the pipe character (that little vertical line thing: | ) in URLs, no matter what the URL, causes this error to appear.