guppy wrote:k, so people who brute force passwords are just dumb since just changing the password is a lot easier.
You missed his point. He said the password was obtained from a leaf server, and used to access the hub. There should be no way to change the password on the hub from a leaf, if the hub is set to not accept userfile changes from leaf bots. Cracking someone's password is the cracker's "best" option in that case, especially if he wants to remain undetected for as long as possible.
Besides that, if you're able to read passwords from a userfile, you're not necessarily also able to write passwords into it (or at least with the same ease).
And yes, eggdrop userfile cracking has been common practise in the IRC warlords world for
years.