How to steal passwords on forums

cmxflash · - Joined: 11 Dec 2004 Posts: 872

Pretty simple script, I think you get the idea by just looking at it.

AbyssUnderground · - Joined: 31 Dec 2004 Posts: 3855

How exactly did you implement it onto the site?
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk

richardyork · - Joined: 22 Jun 2004 Posts: 410 Location: United Kingdom

I was just thinking that!
_________________
Please SEARCH the forums BEFORE asking questions!

Anonymoose · - Joined: 09 Sep 2003 Posts: 2192

Look at it again.

If I'm reading it right, it's a dynamic sig type script which causes the password auth box to pop up when a page containing the image is loaded. If you're dumb enough, you'll put your username and password in... et voila.
_________________

"Invent an idiot proof webserver and they'll invent a better idiot..."

AbyssUnderground · - Joined: 31 Dec 2004 Posts: 3855

Aah, I see now. Very naughty :-)
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk

comwiz3000 · - Joined: 19 Nov 2005 Posts: 51 Location: Wellington, NZ

Hi!
Very good, BUT be very carefull when you use it. My friend made one of these up for something I can't remember now and he was stupid enough to host it with his Service provider who knows his name address and phone number and he also stuck his email address from the service provider on the form.
The next thing he knew he had these people from the goverement as his doors.

p3 · - Joined: 17 Jun 2005 Posts: 615

The chance of anyone knowing what these do are slim to none.

cchase88 · - Joined: 26 May 2005 Posts: 96

wait somethings not making sense to me... if it write a .txt file.. wouldnt that just be stored onto the server? so if you didnt own the server... then you wouldnt be able to take the .txt file correct?

AbyssUnderground · - Joined: 31 Dec 2004 Posts: 3855

If you read it properly, you host it on your own server and the text file is stored on your own :-)
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk

MonkeyNation · - Joined: 05 Feb 2005 Posts: 921 Location: Cardiff

olly86 · - Joined: 25 Apr 2003 Posts: 993 Location: Wiltshire, UK

But again you've got to exploit the most unpredictable part of the computer, the users :D
_________________
Olly

hubson · - Joined: 10 May 2004 Posts: 94 Location: Coventry

wot do you call the file when u save it down??
_________________

olly86 · - Joined: 25 Apr 2003 Posts: 993 Location: Wiltshire, UK

AbyssUnderground · - Joined: 31 Dec 2004 Posts: 3855

We just did some stuff about the Computer misuse act and the data protection act and it is illigal to try and gain access to data such as passwords in such a way. As oly86 said it is illigal in the UK, but I would think it is also illigal in other countries.
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk

hubson · - Joined: 10 May 2004 Posts: 94 Location: Coventry

no probs I was just going to see if it worked on my server, as I know all the passwords on the forums to my server, as they are all family at the moment.
_________________

Anonymoose · - Joined: 09 Sep 2003 Posts: 2192

I don't know what illigal, but it sounds nasty. It's probably against the law too :P Better listen to the Inquisitor :lol:
_________________

"Invent an idiot proof webserver and they'll invent a better idiot..."

AbyssUnderground · - Joined: 31 Dec 2004 Posts: 3855

I actually think this topic should be deleted. We shouldnt promote or discuss something like this.
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk

cmxflash · - Joined: 11 Dec 2004 Posts: 872

I removed the source code from my post.
PM me if you want it.