Someone who really knows me can know the password for the posts; the other ones can crack the password using brute forcing or dictionary attacks.
My favorite password cracking tool is THC Hydra: https://www.thc.org/thc-hydra/
To crack the password you only need to load the web form, extracting it from the HTTP proxy, and passing it to Hydra.
Some augustian tips for cracking passwords:
- Don’t use rockyou.txt.. you will crash the server and never will get the password.
- Limit your attempts. When you’re attacking a company you don’t launch a simple dictionary or pass the output from Jhon The Ripper to Hydra. No!, you need to do a scouting, and taking it in mind create a dictionary, possible users, patters, etc… so, if you’re here and you’re looking to read the posts, it’s because you know me, so, limit your attacks to things that I can use as password.
- This blog is hosted in Amazon.. so chillout.. 2 or 3 attempts per thread, and 10ms between them.
- Don’t use BrutusAE or Bruter… we have passed the 90’s.
- Yeap… you can use the Burp Suite’s intruder, load the form, create a fuzzer list with your dictionary and attack!. I really love Burp Suite <3
- Don’t use WPscan… yiuck Linux? really? will you hack me using Linux?…
- To the person for who this blog is written: you don’t need to guess the password, the password is YOU lagabii.
- Since today… this blog is just for you. I’ll write all the days, all the time… to the end of my life, if is possible, as we did, when we we’re friends.
- This is my diary, if you want to see like that… like the little notebook you had, with the poem about the sycamore three.
- Some posts are protected, not because I don’t want you can read it, they are protected because I can be fragile and open to you, but somethings are not to all persons.
… oh yep!… maybe you can ask me 😛