Hacking Password Protected Website's
:: ..:: IT Cafe ::.. :: Articles
Page 1 of 1
Hacking Password Protected Website's
by Admin Fri Jul 31, 2009 12:18 am
Hacking Password Protected Website's By
Pinglocalhost
************************
There are many ways to defeat java-script protected websites. Some are very simplistic, such as hitting
[ctl-alt-del ]when the password box is displayed, to simply turning
offjava capability, which will dump you into the default page.You can
try manually searching for other directories, by typing the directory
name into the url address box of your browser, ie: you want access to
www.target.com .
Try typing
www.target.com/images .(almost ever y web site has an images directory)
This will put you into the images directory,and give you a text list of
all the images located there. Often, the title of an image will give
you a clue to the name of another directory. ie:
in www.target.com/images,
there is a .gif named gamestitle.gif . There is a good chance then,
that there is a 'games' directory on the site,so you would then type
in www.target.com/games, and if it isa
valid directory, you again get a text listing of all the files
available there.
For a more
automated approach, use a program like WEB SNAKE from anawave, or Web
Wacker. These programs will create a mirror image of an entire web
site, showing all director ies,or even mirror a complete server. They
are indispensable for locating hidden files and directories.What do you
do if you can't get past an opening "PasswordRequired" box? . First do
an WHOIS Lookup for the site. In our example, www.target.com . We find
it's hosted by www.host.com at 100.100.100. 1.
We then go to 100.100.100.1, and then launch
\Web Snake, and mirror the entire server. Set Web Snake to NOT download
anything over about 20K. (not many HTML pages are bigger than this)
This speeds things up some, and keeps you from getting a lot of files
and images you don't care about. This can take a long time, so consider
running it right before bed time. Once you have an image of the entire
server, you look through the directories listed, and find
/target. When we open that directory, we find its contents, and
all of its sub-directories listed. Let's say we find
/target/games/zip/zipindex.html . This would be the index page
that would be displayed had you gone through the password procedure,
and allowed it to redirect you here.By simply typing in the
url
www.target.com/games/zip/zipindex.html you will be onthe
index page and ready to follow the links for downloading.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
(DISCLAIMER)XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
The Info Above Is Lame!!!. I Dont Condone The Use Of This Document In A
Malisous Manner. I Suggest That U Dont Do it But U Do What Ever U Want.
I Will Not Be Responsible For Any Thing That Might Happen To U If U Use
This.
THANK YOU
HTTP://WWW.YAHOOMAZA.NET.TC
HTTP://WWW.ONLINEYAHOOMAZA.NET.TC
UMAR_JAN75@YAHOO.COM
UMAR.JAN75@GMAIL.COM
SWEET.KAARA@YMAIL.COM
Pinglocalhost
************************
There are many ways to defeat java-script protected websites. Some are very simplistic, such as hitting
[ctl-alt-del ]when the password box is displayed, to simply turning
offjava capability, which will dump you into the default page.You can
try manually searching for other directories, by typing the directory
name into the url address box of your browser, ie: you want access to
www.target.com .
Try typing
www.target.com/images .(almost ever y web site has an images directory)
This will put you into the images directory,and give you a text list of
all the images located there. Often, the title of an image will give
you a clue to the name of another directory. ie:
in www.target.com/images,
there is a .gif named gamestitle.gif . There is a good chance then,
that there is a 'games' directory on the site,so you would then type
in www.target.com/games, and if it isa
valid directory, you again get a text listing of all the files
available there.
For a more
automated approach, use a program like WEB SNAKE from anawave, or Web
Wacker. These programs will create a mirror image of an entire web
site, showing all director ies,or even mirror a complete server. They
are indispensable for locating hidden files and directories.What do you
do if you can't get past an opening "PasswordRequired" box? . First do
an WHOIS Lookup for the site. In our example, www.target.com . We find
it's hosted by www.host.com at 100.100.100. 1.
We then go to 100.100.100.1, and then launch
\Web Snake, and mirror the entire server. Set Web Snake to NOT download
anything over about 20K. (not many HTML pages are bigger than this)
This speeds things up some, and keeps you from getting a lot of files
and images you don't care about. This can take a long time, so consider
running it right before bed time. Once you have an image of the entire
server, you look through the directories listed, and find
/target. When we open that directory, we find its contents, and
all of its sub-directories listed. Let's say we find
/target/games/zip/zipindex.html . This would be the index page
that would be displayed had you gone through the password procedure,
and allowed it to redirect you here.By simply typing in the
url
www.target.com/games/zip/zipindex.html you will be onthe
index page and ready to follow the links for downloading.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
(DISCLAIMER)XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
The Info Above Is Lame!!!. I Dont Condone The Use Of This Document In A
Malisous Manner. I Suggest That U Dont Do it But U Do What Ever U Want.
I Will Not Be Responsible For Any Thing That Might Happen To U If U Use
This.
THANK YOU
HTTP://WWW.YAHOOMAZA.NET.TC
HTTP://WWW.ONLINEYAHOOMAZA.NET.TC
UMAR_JAN75@YAHOO.COM
UMAR.JAN75@GMAIL.COM
SWEET.KAARA@YMAIL.COM
Admin- Admin
- Posts : 131
Join date : 2009-07-04
Age : 33
Location : Karachi -
:: ..:: IT Cafe ::.. :: Articles
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum