Question about password protection on a site
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Question about password protection on a site

  1. #1
    Senior Member
    Join Date
    Jul 2003
    Posts
    113

    Question about password protection on a site

    My teacher has found out that some of his students (I am one of his students as well) have been trying to deface his teachers' page. His page is located at http://teacherweb.com/PA/GreatValley...iudice/hf0.stm (then click the flags at the top to view the password prompt (at the bottom of this page)). He knows that I have some computer knowledge, and asked me to see if it is possible to obtain the password for this page. I'm just wondering if someone could in fact obtian this password, and he should move to a more secure host, or if he needs not worry. I'm simply looking for a yes or no answer here, I am not trying to gain access to the password.

  2. #2
    I'm not a hacker, but this seems a bit fishy. Unless I possibly have a written and signed affadavid that I can do it, not worth.

  3. #3
    Senior Member
    Join Date
    Jul 2003
    Posts
    113
    Originally posted here by PM8228
    I'm not a hacker, but this seems a bit fishy. Unless I possibly have a written and signed affadavid that I can do it, not worth.
    Call me stupid if you must, but I couldn't make sense out of that.

  4. #4
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    To clear up what he said:

    No, we will not find out if we can "hack" the password. Unless we had a signed letter from the school or organization that runs this site telling us that we have permission to exploit the site.
    =

  5. #5
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    I don't understand. If you ask me, the only thing a password there would do for you is allow you to submit homework. It seems like every student is given a password and they use that to turn in their homework. I don't think there is only one password that will take you to some secret place where you can deface the website. The worst you could do is get someone you don't know a bad grade in the class, which is bad if you ask me. This whole thing sounds made up to me unless I'm wrong about how that password is used.
    Just my $2

  6. #6
    Senior Member
    Join Date
    Jul 2003
    Posts
    113
    To clear things up...

    1. I don't want someone to physically hack the password. Just given how the site is set up, and the scripts in use (it looks to be asp to me), would it be possible for someone who knows what they're doing to "hack" the password.

    2. All that site does is allow my instructor to update his page (which happens to have our homework assignment listed on it at the moment), nothing else.

  7. #7
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    OIC

    Basically, for some people, any page is hackable. Especially with human involvement. One thing I could think of is that someone could try and trick him with something like a cleverly worded email trying to prompt him for the password. Now I'm no hacker so I'm sure that there are many other ways without explicitly asking for the password. Just tell him to pick a strong password and keep it private. There's also the threat of a keylogger. But as long as he doesn't download things and keeps his password private, along with a good firewall and antivirus, he'll be okay. I would also recommend that he use some sort of encryption to send the password the the asp page to check it. I didn't really check so he may be doing that already. Basically be careful and trust noone. But if a skilled person wants to get in, they'll get in.

  8. #8
    Senior Member
    Join Date
    Jul 2003
    Posts
    113
    It's just some kids at school, and I'm probably more knowledgable than most of them. This is just one of those free teacher hosting sites, so I don't know how secure it actually is. He only accesses it from his school comp, from school, so theres no worry of a keylogger.

  9. #9
    Senior Member
    Join Date
    Sep 2003
    Posts
    500
    I'm with h3r3tic on this one, just keep a nice password (letters, numbers, and a special character to throw of any cracker jacks). If he makes it 9 bits long, then there are 3.11e^16 differant combinations for his password.

    On That note, if anyone can guess my password, I will buy them a brand new Computer of their choice (lol).

    And I doubt if a 'skilled hacker' is going to go out of his/her way just to deface a teachers homework site.

    That would have made Hackers a horrible movie:

    "Guys I hacked Mr. Gibson's web page."
    You shall no longer take things at second or third hand,
    nor look through the eyes of the dead...You shall listen to all
    sides and filter them for your self.
    -Walt Whitman-

  10. #10
    Of course if someone wants in they'll get in, as noted though, those w/the knowhow would never care to 'hack' up your teacher's page. I only briefly looked @ it but in the code was something like "<input type="password" maxlength="20"> Generally you should avoid little nuances as defining for anyone who may be trying to crack your site the max. length of a password. Also, there is no 'penalty' (lockout) for sitting there and trying passwords over and over and over again - someone could easily write a script that tries a password (especially since there is no username login), hits the back button [back cmd] ....repeat until a dictionary attack and a wordlist attack were exhausted, but I'd be willing to bet before this your teacher's password was something to the effect of 'Nawlins' lol

    If you want to find weaknesses in .asp head over to packetstormsecurity.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •