-
September 29th, 2008, 02:58 PM
#1
Asterix pass (more complex than what it seems!)
I have 2 accounts in a site. It has a place for changing passes.
There, your username, password and email can
all be seen in 3 uneditable boxes but pass is in asterix and as I said it can't be edited there.
After you confirm to change your pass, you will go to
another page that you must enter your old pass and new one twice.
In the first page I just talked about that the pass is in
asterix, I tried some "asterix password show applications" and
even Cain. But the pass is not shown. (Maybe I used Cain in a wrong way..not sure)
The pass can be copied and even accesses in page source but all
in asterix. I copied it into a windows dialup screen and then again used cain. This time cain showed the pass but in asterix.
One of my passes has 10 digits and the number of asterix is 10...
The pass of my second account has 11 digits and still the number of asterix is 10...maybe it's a kind of encryption...any idea?
Is there any way I can see my pass that's in asterix?
-
September 29th, 2008, 11:54 PM
#2
Is the page your playing with HTTP or HTTPS
Most Behind Asterisk apps work against locally stored passes.. if it isn't stored locally you need to go to plan B and in your situation the pass isn't local to you. that also means it won't be in the page source
C&P the asterisks to try and crack... damned never even thought of that.. must do that next time I am trying to crack a password.. I've been doing it the hard way for too long.
BTW: the security feature is.. The password is NOT sent to your PC in any way shape or form by the site.. what you have there are plain old asterisks..nothing hidden behind them.. so many of the simple trick won't work..
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
September 30th, 2008, 02:44 PM
#3
HTTP my friend. I was wondering if there is any way to change the page source and resend it to site and after refreshing it shows the pass!!!!!! The pass isn't local but when I login to my own account it is in the source. How can it be cracked when Cain shows it in asterix as well!!!!!! I don't want you to crack it for me but plz tell me some keywords. I'll search, learn and do it myself...I don't understand why should a site has such a thing that shows the pass in asterix...it could simply give us the page for changing pass by entering the old and new passes without showing the old pass first in asterix!!!!
I wish to post some lines of the source here............
///////////////////////////////////////////////////////////////////
<P><STRONG>Password:</STRONG><BR>
<input name="txtPassword" type="text" value="**********" maxlength="20" size="20" readonly="readonly" id="txtPassword" class="inputboxes" />
<input type="submit" name="btnChangePassword" value="Change" onclick="if (typeof(Page_ClientValidate) == 'function') Page_ClientValidate(); " language="javascript" id="btnChangePassword" class="Buttons" /></P>
<P><STRONG>Email Address:</STRONG><BR>
<input name="txtEmail" type="text" value="ItWasRealButJust4Practice@yahoo.com" size="50" readonly="readonly" id="txtEmail" class="inputboxes" />
<input type="submit" name="btnChangeEmail" value="Change" onclick="if (typeof(Page_ClientValidate) == 'function') Page_ClientValidate(); " language="javascript" id="btnChangeEmail" class="Buttons" /><BR>
</P>
Last edited by boyboy400; September 30th, 2008 at 06:07 PM.
-
September 30th, 2008, 03:18 PM
#4
Curiosity is getting the better of me, could you post the link to the site in question.
Or even just send me a "PM" either way.
-
September 30th, 2008, 03:32 PM
#5
Originally Posted by boyboy400
HTTP my friend. I was wondering if there is any way to change the page source and resend it to site and after refreshing it shows the pass!!!!!! The pass isn't local but when I login to my own account it is in the source. How can it be cracked when Cain shows it in asterix as well!!!!!! I don't want you to crack it for me but plz tell me some keywords. I'll search, learn and do it myself...I don't understand why should a site has such a thing that shows the pass in asterix...it could simply give us the page for changing pass by entering the old and new passes without showing the old pass first in asterix!!!!
I wish to post some lines of the source here............
///////////////////////////////////////////////////////////////////
<P><STRONG>Password:</STRONG><BR>
<input name="txtPassword" type="text" value="**********" maxlength="20" size="20" readonly="readonly" id="txtPassword" class="inputboxes" />
<input type="submit" name="btnChangePassword" value="Change" onclick="if (typeof(Page_ClientValidate) == 'function') Page_ClientValidate(); " language="javascript" id="btnChangePassword" class="Buttons" /></P>
<P><STRONG>Email Address:</STRONG><BR>
<input name="txtEmail" type="text" value="christ_jackson2002@yahoo.com" size="50" readonly="readonly" id="txtEmail" class="inputboxes" />
<input type="submit" name="btnChangeEmail" value="Change" onclick="if (typeof(Page_ClientValidate) == 'function') Page_ClientValidate(); " language="javascript" id="btnChangeEmail" class="Buttons" /><BR>
</P>
Hmmm
your password is not in that snip..
The Asterisks are there for looks .. they ARE NOT YOUR PASSWORD.. in any way shape or form.. asterisk are not a magical password encryption store.. they are just characters..
Me thinks TB may need to have a look to help give you a clue.. and certainly with out a look at the whole site.. we will be giving you a hair cut via email
BTW: I hope that was not a real email you posted in that snip..
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
September 30th, 2008, 03:47 PM
#6
Originally Posted by Und3ertak3r
BTW: I hope that was not a real email you posted in that snip..
It is just the page that displays the options to type in original password, change password and change email addresse.
Kind of like the one in your usercp
http://antionline.com/profile.php?do=editpassword
Anyhow i think i have finally understood after readin the OP a few more times what he is actually trying to achieve, and if it's what i think he is trying to do, then he would have to crack the md5 hash also...
I'm pretty darn tired, so i'll re-check this latter
Last edited by t34b4g5; September 30th, 2008 at 03:55 PM.
-
September 30th, 2008, 06:12 PM
#7
Thanks for your advices....
I changed the email but its pass is long way different from my pass in that site that's shown in asterix. This email is so old and just for practice. Not anything important.
The name in email ID is just for fun (It comes from the name of 2 singers).
My username in that site is different from boyboy400 and email ID.
By own mean t34b4g5...U have always helped me and I eagerly send u the name but u'll then understand why I don't post it here.......
Of course maybe I post the name here..let me think a little...
-
October 1st, 2008, 05:07 AM
#8
Ok well when you can just send me a "Private Message" or even an email t34b4g5@hotmail.com
(Email addresse isn't used for anything important so spammers do your worst lol)
if you don't want to post it here in the thread then you don't have to, but you really do need to provide a little more information.
Similar Threads
-
By mnchur in forum Code Review
Replies: 0
Last Post: January 27th, 2006, 09:48 PM
-
By NullDevice in forum Programming Security
Replies: 2
Last Post: October 15th, 2003, 09:06 PM
-
Replies: 1
Last Post: July 15th, 2002, 03:46 AM
-
By Noble Hamlet in forum AntiOnline's General Chit Chat
Replies: 1100
Last Post: March 17th, 2002, 09:38 AM
-
By Matty_Cross in forum Non-Security Archives
Replies: 5
Last Post: October 30th, 2001, 06:47 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|