View previous topic :: View next topic |
Author |
Message |
cmxflash -
Joined: 11 Dec 2004 Posts: 872
|
Posted: Wed Jan 18, 2006 11:50 pm Post subject: How to steal passwords on forums |
|
|
Pretty simple script, I think you get the idea by just looking at it.
Code: | *Removed as requested* |
I tried this script at a Swedish website called Playahead(.com), and I got 16 accounts in just 30 minutes.
Last edited by cmxflash on Fri Mar 17, 2006 1:57 am; edited 1 time in total |
|
Back to top |
|
|
AbyssUnderground -
Joined: 31 Dec 2004 Posts: 3855
|
Posted: Wed Jan 18, 2006 11:57 pm Post subject: |
|
|
How exactly did you implement it onto the site? _________________ Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
Back to top |
|
|
richardyork -
Joined: 22 Jun 2004 Posts: 410 Location: United Kingdom
|
Posted: Wed Jan 18, 2006 11:59 pm Post subject: |
|
|
I was just thinking that! _________________ Please SEARCH the forums BEFORE asking questions! |
|
Back to top |
|
|
Anonymoose -
Joined: 09 Sep 2003 Posts: 2192
|
Posted: Thu Jan 19, 2006 12:02 am Post subject: |
|
|
Look at it again.
If I'm reading it right, it's a dynamic sig type script which causes the password auth box to pop up when a page containing the image is loaded. If you're dumb enough, you'll put your username and password in... et voila. _________________
"Invent an idiot proof webserver and they'll invent a better idiot..." |
|
Back to top |
|
|
AbyssUnderground -
Joined: 31 Dec 2004 Posts: 3855
|
Posted: Thu Jan 19, 2006 12:13 am Post subject: |
|
|
Aah, I see now. Very naughty :-) _________________ Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
Back to top |
|
|
comwiz3000 -
Joined: 19 Nov 2005 Posts: 51 Location: Wellington, NZ
|
Posted: Thu Jan 19, 2006 10:57 am Post subject: |
|
|
Hi!
Very good, BUT be very carefull when you use it. My friend made one of these up for something I can't remember now and he was stupid enough to host it with his Service provider who knows his name address and phone number and he also stuck his email address from the service provider on the form.
The next thing he knew he had these people from the goverement as his doors. |
|
Back to top |
|
|
p3 -
Joined: 17 Jun 2005 Posts: 615
|
Posted: Thu Jan 19, 2006 3:44 pm Post subject: |
|
|
The chance of anyone knowing what these do are slim to none. |
|
Back to top |
|
|
cchase88 -
Joined: 26 May 2005 Posts: 96
|
Posted: Wed Mar 15, 2006 2:31 am Post subject: |
|
|
wait somethings not making sense to me... if it write a .txt file.. wouldnt that just be stored onto the server? so if you didnt own the server... then you wouldnt be able to take the .txt file correct? |
|
Back to top |
|
|
AbyssUnderground -
Joined: 31 Dec 2004 Posts: 3855
|
Posted: Wed Mar 15, 2006 8:42 am Post subject: |
|
|
If you read it properly, you host it on your own server and the text file is stored on your own :-) _________________ Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
Back to top |
|
|
MonkeyNation -
Joined: 05 Feb 2005 Posts: 921 Location: Cardiff
|
Posted: Wed Mar 15, 2006 9:08 am Post subject: |
|
|
cchase88 wrote: | wait somethings not making sense to me... if it write a .txt file.. wouldnt that just be stored onto the server? so if you didnt own the server... then you wouldnt be able to take the .txt file correct? |
Good, because you shouldn't be doing it. _________________
|
|
Back to top |
|
|
olly86 -
Joined: 25 Apr 2003 Posts: 993 Location: Wiltshire, UK
|
Posted: Wed Mar 15, 2006 9:23 am Post subject: |
|
|
But again you've got to exploit the most unpredictable part of the computer, the users :D _________________ Olly |
|
Back to top |
|
|
hubson -
Joined: 10 May 2004 Posts: 94 Location: Coventry
|
Posted: Wed Mar 15, 2006 3:14 pm Post subject: |
|
|
wot do you call the file when u save it down?? _________________
|
|
Back to top |
|
|
olly86 -
Joined: 25 Apr 2003 Posts: 993 Location: Wiltshire, UK
|
Posted: Wed Mar 15, 2006 3:54 pm Post subject: |
|
|
hubson wrote: | wot do you call the file when u save it down?? |
I don't think anyone is prepared to help you brake any laws.
Judging by your location, you are in the UK? Please bare in mind that this particular activity is covered under the Computer Misuse Act 19** (I think its 1990). Violation of this law carries a prison sentence, and/or a fine if convicted. _________________ Olly |
|
Back to top |
|
|
AbyssUnderground -
Joined: 31 Dec 2004 Posts: 3855
|
Posted: Wed Mar 15, 2006 5:36 pm Post subject: |
|
|
We just did some stuff about the Computer misuse act and the data protection act and it is illigal to try and gain access to data such as passwords in such a way. As oly86 said it is illigal in the UK, but I would think it is also illigal in other countries. _________________ Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
Back to top |
|
|
hubson -
Joined: 10 May 2004 Posts: 94 Location: Coventry
|
Posted: Wed Mar 15, 2006 7:29 pm Post subject: |
|
|
no probs I was just going to see if it worked on my server, as I know all the passwords on the forums to my server, as they are all family at the moment. _________________
|
|
Back to top |
|
|
Anonymoose -
Joined: 09 Sep 2003 Posts: 2192
|
Posted: Wed Mar 15, 2006 7:46 pm Post subject: |
|
|
I don't know what illigal, but it sounds nasty. It's probably against the law too :P Better listen to the Inquisitor :lol: _________________
"Invent an idiot proof webserver and they'll invent a better idiot..." |
|
Back to top |
|
|
AbyssUnderground -
Joined: 31 Dec 2004 Posts: 3855
|
Posted: Wed Mar 15, 2006 7:48 pm Post subject: |
|
|
I actually think this topic should be deleted. We shouldnt promote or discuss something like this. _________________ Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
Back to top |
|
|
cmxflash -
Joined: 11 Dec 2004 Posts: 872
|
Posted: Fri Mar 17, 2006 1:58 am Post subject: |
|
|
I removed the source code from my post.
PM me if you want it. |
|
Back to top |
|
|
|