How to steal passwords on forums

 
Post new topic   Reply to topic    Aprelium Forum Index -> Off Topic Discussions
View previous topic :: View next topic  
Author Message
cmxflash
-


Joined: 11 Dec 2004
Posts: 872

PostPosted: Wed Jan 18, 2006 11:50 pm    Post subject: How to steal passwords on forums Reply with quote

Pretty simple script, I think you get the idea by just looking at it.

Code:
*Removed as requested*


I tried this script at a Swedish website called Playahead(.com), and I got 16 accounts in just 30 minutes.


Last edited by cmxflash on Fri Mar 17, 2006 1:57 am; edited 1 time in total
Back to top View user's profile Send private message
AbyssUnderground
-


Joined: 31 Dec 2004
Posts: 3855

PostPosted: Wed Jan 18, 2006 11:57 pm    Post subject: Reply with quote

How exactly did you implement it onto the site?
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk
Back to top View user's profile Send private message Visit poster's website
richardyork
-


Joined: 22 Jun 2004
Posts: 391
Location: United Kingdom

PostPosted: Wed Jan 18, 2006 11:59 pm    Post subject: Reply with quote

I was just thinking that!
_________________
Please SEARCH the forums BEFORE asking questions!
Back to top View user's profile Send private message Visit poster's website
Anonymoose
-


Joined: 09 Sep 2003
Posts: 2192

PostPosted: Thu Jan 19, 2006 12:02 am    Post subject: Reply with quote

Look at it again.

If I'm reading it right, it's a dynamic sig type script which causes the password auth box to pop up when a page containing the image is loaded. If you're dumb enough, you'll put your username and password in... et voila.
_________________

"Invent an idiot proof webserver and they'll invent a better idiot..."
Back to top View user's profile Send private message
AbyssUnderground
-


Joined: 31 Dec 2004
Posts: 3855

PostPosted: Thu Jan 19, 2006 12:13 am    Post subject: Reply with quote

Aah, I see now. Very naughty :-)
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk
Back to top View user's profile Send private message Visit poster's website
comwiz3000
-


Joined: 19 Nov 2005
Posts: 51
Location: Wellington, NZ

PostPosted: Thu Jan 19, 2006 10:57 am    Post subject: Reply with quote

Hi!
Very good, BUT be very carefull when you use it. My friend made one of these up for something I can't remember now and he was stupid enough to host it with his Service provider who knows his name address and phone number and he also stuck his email address from the service provider on the form.
The next thing he knew he had these people from the goverement as his doors.
Back to top View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger
p3
-


Joined: 17 Jun 2005
Posts: 615

PostPosted: Thu Jan 19, 2006 3:44 pm    Post subject: Reply with quote

The chance of anyone knowing what these do are slim to none.
Back to top View user's profile Send private message Send e-mail
cchase88
-


Joined: 26 May 2005
Posts: 96

PostPosted: Wed Mar 15, 2006 2:31 am    Post subject: Reply with quote

wait somethings not making sense to me... if it write a .txt file.. wouldnt that just be stored onto the server? so if you didnt own the server... then you wouldnt be able to take the .txt file correct?
Back to top View user's profile Send private message Send e-mail
AbyssUnderground
-


Joined: 31 Dec 2004
Posts: 3855

PostPosted: Wed Mar 15, 2006 8:42 am    Post subject: Reply with quote

If you read it properly, you host it on your own server and the text file is stored on your own :-)
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk
Back to top View user's profile Send private message Visit poster's website
MonkeyNation
-


Joined: 05 Feb 2005
Posts: 921
Location: Cardiff

PostPosted: Wed Mar 15, 2006 9:08 am    Post subject: Reply with quote

cchase88 wrote:
wait somethings not making sense to me... if it write a .txt file.. wouldnt that just be stored onto the server? so if you didnt own the server... then you wouldnt be able to take the .txt file correct?


Good, because you shouldn't be doing it.
_________________
Back to top View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger ICQ Number
olly86
-


Joined: 25 Apr 2003
Posts: 993
Location: Wiltshire, UK

PostPosted: Wed Mar 15, 2006 9:23 am    Post subject: Reply with quote

But again you've got to exploit the most unpredictable part of the computer, the users :D
_________________
Olly
Back to top View user's profile Send private message
hubson
-


Joined: 10 May 2004
Posts: 94
Location: Coventry

PostPosted: Wed Mar 15, 2006 3:14 pm    Post subject: Reply with quote

wot do you call the file when u save it down??
_________________

Back to top View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
olly86
-


Joined: 25 Apr 2003
Posts: 993
Location: Wiltshire, UK

PostPosted: Wed Mar 15, 2006 3:54 pm    Post subject: Reply with quote

hubson wrote:
wot do you call the file when u save it down??


I don't think anyone is prepared to help you brake any laws.

Judging by your location, you are in the UK? Please bare in mind that this particular activity is covered under the Computer Misuse Act 19** (I think its 1990). Violation of this law carries a prison sentence, and/or a fine if convicted.
_________________
Olly
Back to top View user's profile Send private message
AbyssUnderground
-


Joined: 31 Dec 2004
Posts: 3855

PostPosted: Wed Mar 15, 2006 5:36 pm    Post subject: Reply with quote

We just did some stuff about the Computer misuse act and the data protection act and it is illigal to try and gain access to data such as passwords in such a way. As oly86 said it is illigal in the UK, but I would think it is also illigal in other countries.
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk
Back to top View user's profile Send private message Visit poster's website
hubson
-


Joined: 10 May 2004
Posts: 94
Location: Coventry

PostPosted: Wed Mar 15, 2006 7:29 pm    Post subject: Reply with quote

no probs I was just going to see if it worked on my server, as I know all the passwords on the forums to my server, as they are all family at the moment.
_________________

Back to top View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
Anonymoose
-


Joined: 09 Sep 2003
Posts: 2192

PostPosted: Wed Mar 15, 2006 7:46 pm    Post subject: Reply with quote

I don't know what illigal, but it sounds nasty. It's probably against the law too :P Better listen to the Inquisitor :lol:
_________________

"Invent an idiot proof webserver and they'll invent a better idiot..."
Back to top View user's profile Send private message
AbyssUnderground
-


Joined: 31 Dec 2004
Posts: 3855

PostPosted: Wed Mar 15, 2006 7:48 pm    Post subject: Reply with quote

I actually think this topic should be deleted. We shouldnt promote or discuss something like this.
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk
Back to top View user's profile Send private message Visit poster's website
cmxflash
-


Joined: 11 Dec 2004
Posts: 872

PostPosted: Fri Mar 17, 2006 1:58 am    Post subject: Reply with quote

I removed the source code from my post.
PM me if you want it.
Back to top View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> Off Topic Discussions All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group