Store Page
hackmud
All Discussions Screenshots Artwork Broadcasts Videos News Guides Reviews

hackmud

Store Page
hackmud > General Discussions > Topic Details
DaveKap Oct 6, 2016 @ 2:40am
Feature request: Virtualization.
So I got hacked pretty well and good tonight, despite having been the most paranoid player since starting the game. You know what got me? I wanted to test out a new attack script that dropped from a t2. How do you test against a breached system that doesn't disappear as soon as you've hacked it (like every t1 and t2 I've breached?) Why, breach your alt of course!

Whoops, don't breach your alt. There are crawler scripts out there anticipating this move from every name that's ever chatted in 0000. Effectively, an alternative brute force method.

So, hey, while us folks who are trying to learn the game still want to, y'know, play the game and populate it so there's a playerbase, how about letting us get our hands on a virtualized environment to fool around in? If we can't breach our own alts for fear of our banks being emptied (and having to burn our names after the .locs get exposed) then how the hell are we ever supposed to learn how to build attack scripts?

Give us virtualization or you'll have a game run by all the oldest players who kept the best crawlers around. You need a way to usurp the throne in this game; being unable to test out our own breaching capabilities makes that impossible.

Before anyone whines, trust me, the amount I lost wasn't much at all and I don't mind burning my accounts for it. I just wish I knew ahead of time that you could crawl access logs on breached accounts without needing a .loc handy. I know that now, but what I won't know is how to effectively use the attack scripts I get off t2 drops. I'm gimped. That's what the real problem is here.
< >
Showing 1-15 of 21 comments
Skid Oct 6, 2016 @ 2:49am 
Check sys.access_log on your own system, you see all those connections, for the most part they are YOUR TERMINAL, the access loc changes periodically, but if you have just logged in, the top one in that list will be a fullsec breachable account. The problem, the access_log of that account contains your login attempts and full sys.loc of every user you have logged into.

In short, if you want to test a script, test it on that, or find a friend who left the game and get their loc.
#1
DaveKap Oct 6, 2016 @ 3:17am 
Originally posted by Skid:
Check sys.access_log on your own system, you see all those connections, for the most part they are YOUR TERMINAL, the access loc changes periodically, but if you have just logged in, the top one in that list will be a fullsec breachable account. The problem, the access_log of that account contains your login attempts and full sys.loc of every user you have logged into.

In short, if you want to test a script, test it on that, or find a friend who left the game and get their loc.
Ah is this the "stalker npc" I hear so much about? How is this a viable test method if my loc still manages to live on it where it's probably being crawled anyway?
#2
Skid Oct 6, 2016 @ 3:19am 
Because it's only listed in your own account_loc, it will never login itself, and you can not (as far as I know) login to a chat with it, and it changes priodically. So in otherwords, the only way to get it, is to view a persons access_log while they are online, or guess it (which would give a random user if you managed to find one).

But since it is a breachable account you can breach it, and run attack commands on it. Which make me think... (goes tests a thing).

Edit: NVM, it's a T1 account, you can't use T2 scritps on it.
Last edited by Skid; Oct 6, 2016 @ 3:25am
#3
DaveKap Oct 6, 2016 @ 3:56am 
Hah, almost then. But that is a fantastic way to fake virtualization. Sean just needs to up it to a t2.
#4
Skid Oct 6, 2016 @ 4:08am 
Originally posted by DaveKap:
Hah, almost then. But that is a fantastic way to fake virtualization. Sean just needs to up it to a t2.
He might not, I suppect the reason it's t1 only is so that the player can't use it as a bank account, IE you can send money to it, but there is no way to get it back. I also don't know if that loc can be accessed if the user isn't online, if it can't be then so long as your not online no one could get at money left in it.
#5
DaveKap Oct 6, 2016 @ 4:13am 
Originally posted by Skid:
Originally posted by DaveKap:
Hah, almost then. But that is a fantastic way to fake virtualization. Sean just needs to up it to a t2.
He might not, I suppect the reason it's t1 only is so that the player can't use it as a bank account, IE you can send money to it, but there is no way to get it back. I also don't know if that loc can be accessed if the user isn't online, if it can't be then so long as your not online no one could get at money left in it.
Makes sense. That still leaves us with the quandry of how to let a player safely test attack scripts, though.
#6
DezKaiZer Oct 6, 2016 @ 4:45am 
Originally posted by DaveKap:
Originally posted by Skid:
He might not, I suppect the reason it's t1 only is so that the player can't use it as a bank account, IE you can send money to it, but there is no way to get it back. I also don't know if that loc can be accessed if the user isn't online, if it can't be then so long as your not online no one could get at money left in it.
Makes sense. That still leaves us with the quandry of how to let a player safely test attack scripts, though.

Just Make your own T2 "NPC" :p
#7
th_pion Oct 6, 2016 @ 10:27am 
How do the crawler scripts work? No script can run longer than 5 seconds. Do the users just repeatedly spam it over and over again?
#8
Skid Oct 6, 2016 @ 10:51am 
Originally posted by th_pion:
How do the crawler scripts work? No script can run longer than 5 seconds. Do the users just repeatedly spam it over and over again?
Write a script that reads the users in chat and throws them into a database.
Read the database and for every user in it try to steal it's GC.
Get something like an auto clicker to up arrow, return, every 10 seconds or minute.
Bugger off for a few hours.
...
Profit?

It would however be nice, to choose to not be automatically thrown into 0000.
Last edited by Skid; Oct 6, 2016 @ 10:52am
#9
Poltifar Oct 6, 2016 @ 11:35am 
Just to be clear, are you saying that if a user is breached, I can use xfer_gc_from on it by only knowing the user name, without knowing the full loc?
#10
th_pion Oct 6, 2016 @ 11:50am 
Originally posted by Poltifar:
Just to be clear, are you saying that if a user is breached, I can use xfer_gc_from on it by only knowing the user name, without knowing the full loc?
yes, afaik
#11
Skid Oct 6, 2016 @ 12:01pm 
I have a cunning plan, but I don't want to have to retier both my accounts to pull it off. Get a t2 account, sit in 0000 for a while, put 1GC in that account, then breach it, wait for tha 1GC to disappear. Then check the accounts transaction, get the username that's being a lazy bugger, brute force their loc, counter hack, steal all the money they've taken, or at the very least get their alt if they've moved the money already.
Last edited by Skid; Oct 6, 2016 @ 12:02pm
#12
Poltifar Oct 6, 2016 @ 12:06pm 
Originally posted by Skid:
I have a cunning plan, but I don't want to have to retier both my accounts to pull it off. Get a t2 account, sit in 0000 for a while, put 1GC in that account, then breach it, wait for tha 1GC to disappear. Then check the accounts transaction, get the username that's being a lazy bugger, brute force their loc, counter hack, steal all the money they've taken, or at the very least get their alt if they've moved the money already.

Does using xfer_gc_from even leave logs? I assumed only the actual breach attempts left logs.

EDIT: Oh you mean you just get the user's name and try to bruteforce its loc? Pretty sure bruteforcing locs is unfeasible, no matter what others have you believe. Otherwise, how haven't dtr and the other trillionaires been cleaned out yet?
Last edited by Poltifar; Oct 6, 2016 @ 12:07pm
#13
Skid Oct 6, 2016 @ 12:09pm 
I would be shocked if it didn't, it lists every other transaction in there. And someone has already proven it's possible to brute force, the number of combinations is relatively small 6 lower case letters or numbers and up to about 7 prefixes. You have to write a script to test in chunks and then output a string for the next check, then copy paste over and over. And they haven't yet because it would potentially take hours.
Last edited by Skid; Oct 6, 2016 @ 12:12pm
#14
Poltifar Oct 6, 2016 @ 12:18pm 
6 lowercase letters and numbers and 7 prefexies is 7*36^6 = 15 billion possibilities. A script can't possibly get more than 1000 checks per run, likely closer to 100, before timing out. Assuming a generous 1000 checks per run, you'd need millions of script runs to even have a 50% chance of getting the loc. Millions of runs at 1 run per 5 seconds (again, rather generous) would take on the order of months. And, again, this is assuming a way too generous 1000 checks per run.

Either the user who claims to have bruteforced a loc is lying, or he got super lucky.
Last edited by Poltifar; Oct 6, 2016 @ 12:19pm
#15
< >
Showing 1-15 of 21 comments
Per page: 1530 50

hackmud > General Discussions > Topic Details
Date Posted: Oct 6, 2016 @ 2:40am
Posts: 21

Discussions Rules and Guidelines