html password prompt
Results 1 to 8 of 8

Thread: html password prompt

  1. #1
    Junior Member
    Join Date
    May 2003
    Posts
    25

    html password prompt

    I was just wondering, If you veiw the html of a passworded web page can you change the html to bypass a password promt.

    For example the original code would be this:

    <form action="" method="POST"><input type="password" name="passwd"><input type="submit" name="Submit" value="Go"></form>

    could you change this to this:

    <input type="password" name="text1"> <font size="1"><input type="button" value="Go" name="Submit" onclick=javascript:validate(text2.value,"newbie",text1.value,"h4ck3r") >

    This is an example from www.hdcwargame.com that I came up with. I already passed these levels so I am not asking for help with the wargame I just wonderd if you could do this and if it would work. Of couse you would have to save the changed html and open it in your browser but if you did this would the page validate "newbie" and "h4ck3r" instead of comparing it to a pwd file or pwl file on the server?????

    by the way, I did try this and it didn't work but........ that dosen't mean that it dosen't work in theory. This is why I ask
    Hi, I don\'t care........ Thanks

    4sale

  2. #2
    Senior Member roswell1329's Avatar
    Join Date
    Jan 2002
    Posts
    670
    Hmm.. Probably not. If you could provide us with the "action" that the form was pointing to, I could be more specific. Password authentication is performed by a number of different things, but if it's done right the protected page is the one that will be checking for a valid password, not the gateway page as you're suggesting. People could be using Perl, PHP, Java, Ruby, Python, or any number of a hundred CGI scripting languages to do authentication, but with any of them the idea behind authentication is to create some method of knowing when a person has been authenticated or not. After the password has been approved, the system will probably have to do something to remember that you've already been authenticated (perhaps by adding a cookie to your machine, redirecting you to a specific directory, or maintaining a browsing "session"). The point is, each protected page will probably be verifying that authentication each time you load it. If you try to spoof the system with a pre-made password on a gateway page, each protected page would probably also have to be altered to accept the spoofed password.

    They could also be using the built-in .htaccess password authentication system provided with nearly all web servers out there. .htaccess authentication does not require any HTML code or CGI script in order for it to work, the web server will simply protect any web-pages where it finds a valid .htaccess file.

    So, the short and long answer are really, "No". Good idea, though. Shows lateral thinking.
    /* You are not expected to understand this. */

  3. #3
    Dead Man Walking
    Join Date
    Jan 2003
    Posts
    810
    well one problem i can see with your theory is that when you view site coding you are viewing it on your machine not on the server so even if you could change the code you would have to have a way to upload the modified html back to the server to replace the original.

  4. #4
    Banned
    Join Date
    Mar 2002
    Posts
    594
    Originally posted here by ZomBieMann77
    well one problem i can see with your theory is that when you view site coding you are viewing it on your machine not on the server so even if you could change the code you would have to have a way to upload the modified html back to the server to replace the original.
    Couldn't have said it better, when you view a webpage online and you change the source, your just changing it in your Temporary Internet Files folder, not on the server that holds the webpage. Thus any change, like changing the HTML coding to bypass a password prompt, is quite different. You would have to save the HTML file onto your computer, change it to do what you want, and still find a way to upload it to the server which holds the entire site.... so if you know how to do all that, have fun..

    - Cheers, jaguar291

  5. #5
    Junior Member
    Join Date
    May 2003
    Posts
    25
    Thanx alot guys. It wasen't so much a question on how to as much as just theory. Thanks alot for the info. I kinda knew it couldn't work cause if it did the whole web would be in trouble. Just a thought.

    P.S. but would you really have to load the page on the server? If you saved it in your computer wouldn't the go button (or whatever) still be pointing to protected page?? Like a web page you save as......... you can still click the links on the page even though the page is on your pc and not the server. I believe you that this type of thing won't work.... but this was just my line of thought when I started the thread.

    Have a wonderful day............. may the forces of evil become confused on the way to your house.
    Hi, I don\'t care........ Thanks

    4sale

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Lithium: Actually all you are doing is changing what would be sent back to the server. The server is looking for the things the original source would provide. You are changing what you are providing so you would get and access denied/page not found error from the server. As has been said you would need to alter the whole web site to do what you suggest.

    There are several systems that have been "hacked" where the actual submit is changed after authentication. For example.... Let's say you authorize to your online bank. The session is now set aside for you and you can browse all that lovely cash you have..... In many cases part of the url you request each time you move through your account would be something like "userid=736826461". There have been several information leaks where altering that user id to the next consecutive, (or any other valid one for that matter), and, instead of looking at your account, you would see someone elses. I believe this has occurred with at least 1 bank and a credit card company. I believe that it was possible to make alterations/transfers using that method too though I think they were discovered by the good guys before the bad guys found them......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    Junior Member
    Join Date
    May 2003
    Posts
    25
    oh yeah........... I know how to do all that. I run a website and have for about two years. Bad news is for the first year and 6 months it was a flop. Here in the past 3 months I have increased my traffic 10 fold. Makin about $2,000 a week PROFIT!!!!!! WOO HOO.

    thank you all
    Hi, I don\'t care........ Thanks

    4sale

  8. #8
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    I think the best way to go about that kind of thing would be to manually post your own values to the page in an attempt to break it with invalid input or test for SQL injection. See if you can make the server return sensitive information and work from there.

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •