Hacking password protected sites TUT

SUBMITTED BY: Donkeyramp

DATE: Aug. 14, 2016, 2:17 p.m.

FORMAT: Text only

SIZE: 2.4 kB

Raw Download

HITS: 84751

Report
  1. There are many ways to defeat java-script protected web
  2. sites. Some are very simplistic, such as hitting ctl-alt-del
  3. when the password box is displayed, to simply turning off
  4. java capability, which will dump you into t he default page.
  5. You can try manually searching for other directories, by
  6. typing the directory name into the url address box of your
  7. browser, ie: you w ant access to www.target.com . Try typing
  8. www.target.com/images .(almost ever y web site has an images
  9. directory) This will put you into the images directo ry,
  10. and give you a text list of all the images located there.
  11. Often, the title of an image will give you a clue to the
  12. name of another directory. ie: in www.target.com/images,
  13. there is a .gif named gamestitle.gif . There is a g ood
  14. chance then, that there is a 'games' directory on the site,
  15. so you wou ld then type in www.target.com/games, and if it is
  16. a valid directory, you aga in get a text listing of all thefiles available there.
  17. For a more automated approach, use a program like WEB SNAKE
  18. from anawave, or Web Wacker. These pro grams will create a
  19. mirror image of an entire web site, showing all directories,
  20. or even mirror a complete server. They are indispensable for
  21. locating hidden files and directories.
  22. What do you do if you can't get past an opening "Password
  23. Required" box? First do an WHOIS Lookup for the site. In our
  24. example, www.target.com . We find it's hosted by www.host.com
  25. at 100.100.100. 1. We then go to 100.100.100.1, and then launch \
  26. Web Snake, and mirror the entire server. Set Web Snake to NOT
  27. download anything over about 20K. (not many HTML pages are
  28. bigger than this) This speeds things up some, and keeps yo u
  29. from getting a lot of files and images you don't care about.
  30. This can take a long time, so consider running it right before bed time.
  31. Once you have an image of the entire server, you look through
  32. the directories listed, and find /target. When we open that
  33. directory, we find its contents, and all of i ts sub-directories listed.
  34. Let's say we find /target/games/zip/zipindex.html . This would be the index
  35. page that would be displayed had you gone through the
  36. password procedure, and allowed it to redirect you here.
  37. By simply typ ing in the url
  38. www.target.com/games/zip/zipindex.html you will be on
  39. the index page and ready to follow the links for downloading.
comments powered by Disqus