Asterix pass (more complex than what it seems!)
Results 1 to 8 of 8

Thread: Asterix pass (more complex than what it seems!)

  1. #1
    Senior Member
    Join Date
    Jul 2008
    Posts
    149

    Asterix pass (more complex than what it seems!)

    I have 2 accounts in a site. It has a place for changing passes.
    There, your username, password and email can
    all be seen in 3 uneditable boxes but pass is in asterix and as I said it can't be edited there.
    After you confirm to change your pass, you will go to
    another page that you must enter your old pass and new one twice.
    In the first page I just talked about that the pass is in
    asterix, I tried some "asterix password show applications" and
    even Cain. But the pass is not shown. (Maybe I used Cain in a wrong way..not sure)
    The pass can be copied and even accesses in page source but all
    in asterix. I copied it into a windows dialup screen and then again used cain. This time cain showed the pass but in asterix.

    One of my passes has 10 digits and the number of asterix is 10...
    The pass of my second account has 11 digits and still the number of asterix is 10...maybe it's a kind of encryption...any idea?

    Is there any way I can see my pass that's in asterix?

  2. #2
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Is the page your playing with HTTP or HTTPS

    Most Behind Asterisk apps work against locally stored passes.. if it isn't stored locally you need to go to plan B and in your situation the pass isn't local to you. that also means it won't be in the page source

    C&P the asterisks to try and crack... damned never even thought of that.. must do that next time I am trying to crack a password.. I've been doing it the hard way for too long.

    BTW: the security feature is.. The password is NOT sent to your PC in any way shape or form by the site.. what you have there are plain old asterisks..nothing hidden behind them.. so many of the simple trick won't work..
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  3. #3
    Senior Member
    Join Date
    Jul 2008
    Posts
    149
    HTTP my friend. I was wondering if there is any way to change the page source and resend it to site and after refreshing it shows the pass!!!!!! The pass isn't local but when I login to my own account it is in the source. How can it be cracked when Cain shows it in asterix as well!!!!!! I don't want you to crack it for me but plz tell me some keywords. I'll search, learn and do it myself...I don't understand why should a site has such a thing that shows the pass in asterix...it could simply give us the page for changing pass by entering the old and new passes without showing the old pass first in asterix!!!!
    I wish to post some lines of the source here............

    ///////////////////////////////////////////////////////////////////

    <P><STRONG>Password:</STRONG><BR>

    <input name="txtPassword" type="text" value="**********" maxlength="20" size="20" readonly="readonly" id="txtPassword" class="inputboxes" />
    <input type="submit" name="btnChangePassword" value="Change" onclick="if (typeof(Page_ClientValidate) == 'function') Page_ClientValidate(); " language="javascript" id="btnChangePassword" class="Buttons" /></P>
    <P><STRONG>Email Address:</STRONG><BR>
    <input name="txtEmail" type="text" value="ItWasRealButJust4Practice@yahoo.com" size="50" readonly="readonly" id="txtEmail" class="inputboxes" />
    <input type="submit" name="btnChangeEmail" value="Change" onclick="if (typeof(Page_ClientValidate) == 'function') Page_ClientValidate(); " language="javascript" id="btnChangeEmail" class="Buttons" /><BR>
    </P>
    Last edited by boyboy400; September 30th, 2008 at 06:07 PM.

  4. #4
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391
    Curiosity is getting the better of me, could you post the link to the site in question.

    Or even just send me a "PM" either way.

  5. #5
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Quote Originally Posted by boyboy400
    HTTP my friend. I was wondering if there is any way to change the page source and resend it to site and after refreshing it shows the pass!!!!!! The pass isn't local but when I login to my own account it is in the source. How can it be cracked when Cain shows it in asterix as well!!!!!! I don't want you to crack it for me but plz tell me some keywords. I'll search, learn and do it myself...I don't understand why should a site has such a thing that shows the pass in asterix...it could simply give us the page for changing pass by entering the old and new passes without showing the old pass first in asterix!!!!
    I wish to post some lines of the source here............

    ///////////////////////////////////////////////////////////////////

    <P><STRONG>Password:</STRONG><BR>

    <input name="txtPassword" type="text" value="**********" maxlength="20" size="20" readonly="readonly" id="txtPassword" class="inputboxes" />
    <input type="submit" name="btnChangePassword" value="Change" onclick="if (typeof(Page_ClientValidate) == 'function') Page_ClientValidate(); " language="javascript" id="btnChangePassword" class="Buttons" /></P>
    <P><STRONG>Email Address:</STRONG><BR>
    <input name="txtEmail" type="text" value="christ_jackson2002@yahoo.com" size="50" readonly="readonly" id="txtEmail" class="inputboxes" />
    <input type="submit" name="btnChangeEmail" value="Change" onclick="if (typeof(Page_ClientValidate) == 'function') Page_ClientValidate(); " language="javascript" id="btnChangeEmail" class="Buttons" /><BR>
    </P>
    Hmmm

    your password is not in that snip..

    The Asterisks are there for looks .. they ARE NOT YOUR PASSWORD.. in any way shape or form.. asterisk are not a magical password encryption store.. they are just characters..
    Me thinks TB may need to have a look to help give you a clue.. and certainly with out a look at the whole site.. we will be giving you a hair cut via email
    BTW: I hope that was not a real email you posted in that snip..
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  6. #6
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391

    Post

    Quote Originally Posted by Und3ertak3r
    BTW: I hope that was not a real email you posted in that snip..
    It is just the page that displays the options to type in original password, change password and change email addresse.

    Kind of like the one in your usercp

    http://antionline.com/profile.php?do=editpassword

    Anyhow i think i have finally understood after readin the OP a few more times what he is actually trying to achieve, and if it's what i think he is trying to do, then he would have to crack the md5 hash also...

    I'm pretty darn tired, so i'll re-check this latter
    Last edited by t34b4g5; September 30th, 2008 at 03:55 PM.

  7. #7
    Senior Member
    Join Date
    Jul 2008
    Posts
    149
    Thanks for your advices....
    I changed the email but its pass is long way different from my pass in that site that's shown in asterix. This email is so old and just for practice. Not anything important.
    The name in email ID is just for fun (It comes from the name of 2 singers).
    My username in that site is different from boyboy400 and email ID.

    By own mean t34b4g5...U have always helped me and I eagerly send u the name but u'll then understand why I don't post it here.......

    Of course maybe I post the name here..let me think a little...

  8. #8
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391
    Ok well when you can just send me a "Private Message" or even an email t34b4g5@hotmail.com
    (Email addresse isn't used for anything important so spammers do your worst lol)

    if you don't want to post it here in the thread then you don't have to, but you really do need to provide a little more information.

Similar Threads

  1. complex number calc
    By mnchur in forum Code Review
    Replies: 0
    Last Post: January 27th, 2006, 08:48 PM
  2. Explore ways to pass a Microsoft Excel file to the client side
    By NullDevice in forum Programming Security
    Replies: 2
    Last Post: October 15th, 2003, 09:06 PM
  3. Replies: 1
    Last Post: July 15th, 2002, 03:46 AM
  4. The Worlds Longest Thread!
    By Noble Hamlet in forum AntiOnline's General Chit Chat
    Replies: 1100
    Last Post: March 17th, 2002, 08:38 AM
  5. Complex Networks..
    By Matty_Cross in forum Non-Security Archives
    Replies: 5
    Last Post: October 30th, 2001, 05:47 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides