NationStates

This tool does not yet exist, this is merely a draft of a possible to-be built tool that will be freely distributed and anyone can run.

This tool is entirely legal, there is nothing unethical or rule-breaking about attempting to move into a region and guessing at the password. This tool merely automates that process.

The tool will be a simple, small program that when given a password locked region, will begin to bruteforce the password login sequence. For regions that use the maximum length password of 30 characters, this will likely never work, as a bruteforce attack would take more time than the universe has existed for. However, my experiences have told me that most regions use a fairly short (6-8 character) password that is susceptible to bruteforcing. It might take a few weeks or a few months, but I am sure most dedicated raiders would find that a rather short time in return for the yield of the regions password.

I may also include different bruteforce modes, like dictionary attacks and possibly (if the legality can be determined) a way to crowdsource the bruteforcing to speed up the process among many users.

Comments and Suggestions are appreciated.

How is this legal, then?

Elke and Elba wrote:How is this legal, then?

>This tool is entirely legal, there is nothing unethical or rule-breaking about attempting to move into a region and guessing at the password. This tool merely automates that process.


To clarify it will follow NS rate limits and respect the rules of accessing the HTTP version of the site. This makes it entirely legal.

No, this is *NOT* legal.

In fact, it's stunning that you (or anyone) would think that bruteforce cracking a password would ever be considered legal.

Ballotonia