protection

No explicit questions like "how do I hack xxx.com" please!
Post Reply
User avatar
n3rd
Staff Member
Staff Member
Posts: 1474
Joined: 15 Nov 2005, 17:00
18
Location: my own perfect world in ma head :)
Contact:

protection

Post by n3rd »

I found a site, know how to hack it, did it in the past. but now they made a new protection, does some 1 know what it is.

they wrote: input type="hidden" name="HHH" value="17e358ee6b15a8d988888a0a26dab8b2">, is this some kind of encrypted value?.

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11636
Joined: 06 Apr 2005, 16:00
18
Location: In your eye floaters.
Contact:

Post by bad_brain »

hm, most likely it's the session ID, check the cookie, it will most likely include the same. when deleting the cookie and/or reload the site you will get a new ID....but if you were already logged in it might be your password md5 hash (but it's most likely the first option) :wink:

User avatar
Gogeta70
^_^
^_^
Posts: 3275
Joined: 25 Jun 2005, 16:00
18

Post by Gogeta70 »

If you're talking about laazy.com, i helped him secure his site against that attack.

The guy had a hidden value in the form that gave your user nam. That form allowed you to create a web page on their server under laazy.com/user/index.html. Well, if you used javascript to edit the user name, you could edit anyone's web page.
¯\_(ツ)_/¯ It works on my machine...

User avatar
n3rd
Staff Member
Staff Member
Posts: 1474
Joined: 15 Nov 2005, 17:00
18
Location: my own perfect world in ma head :)
Contact:

Post by n3rd »

its not laazy.com.

Badbrain, do u happen to know that that number is vital to hack a account of some 1 if I acces the account modification section instantly?.

User avatar
DNR
Digital Mercenary
Digital Mercenary
Posts: 6114
Joined: 24 Feb 2006, 17:00
18
Location: Michigan USA
Contact:

cookies and milk

Post by DNR »

You replayed the cookie thats probably why it worked.

DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.

User avatar
n3rd
Staff Member
Staff Member
Posts: 1474
Joined: 15 Nov 2005, 17:00
18
Location: my own perfect world in ma head :)
Contact:

Post by n3rd »

no, the code is in the script of the website.

but I wanted to know if the code is vital to acces other account names and rewrite their data.

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11636
Joined: 06 Apr 2005, 16:00
18
Location: In your eye floaters.
Contact:

Post by bad_brain »

I don't think so....

User avatar
n3rd
Staff Member
Staff Member
Posts: 1474
Joined: 15 Nov 2005, 17:00
18
Location: my own perfect world in ma head :)
Contact:

Post by n3rd »

so I could easily replace my name with the name of the admin, and I would not need a cookie code to not get irregulair acces, since I didnt get that before.

Post Reply