Page 1 of 1

Pentesting my site.

PostPosted: Tue Jan 10, 2012 9:56 pm
by eggscrambler
Hello everyone,
I would like to see if anyone can find the password to my site http://www.foraxe.cu.cc/test.html Now I do not mean to say that it is ultra god code. in fact the code is probably noob level. The point of this is to see how easy it is to find the pass.as well as finding ways to better code a way to secure passwords. The backend is in python and is within a cgi-bin. This is all I will tell you about it, but if you find the password please let me know. However do not say the actual pass so others may try just tell me how you found it. Thanks :mrgreen:

Re: Pentesting my site.

PostPosted: Tue Jan 10, 2012 10:16 pm
by limdis
Before everyone freaks out. It is legit, see below:

Code: Select all
<html>
<head>
<title> Test of io </title>
</head>
<body>
<!-- HTS USERS MAY USE THIS PAGE TO PENTEST -->
<h1> First user interaction: forms </h1>
<form method=POST action="cgi-bin/test.py">
<p> Enter password here:</p>
<p><input type="password" name="pass"/ ></p>
<p><input type="submit" /></p>
</body>

</html>

Re: Pentesting my site.

PostPosted: Wed Jan 11, 2012 12:46 pm
by DegreesKelvin
I though I wanna just try and see if I could guess it, I couldn't, but then the page insulted me.
It is on.

Re: Pentesting my site.

PostPosted: Wed Jan 11, 2012 3:16 pm
by tremor77
I said I would help the last guy who needed pentesting - the one with the images for password.. never got around to it.. I'd say I'd do this one too, but chances are by the time I get home and play 6 hours of Minecraft I'll forgot I ever saw this post.

Re: Pentesting my site.

PostPosted: Fri Jan 20, 2012 7:55 pm
by centip3de
BRB, gotta call HF for this one.

Re: Pentesting my site.

PostPosted: Thu Jan 26, 2012 9:53 am
by tgoe
Didn't bother with the password. I was able to pull off a brony attack though: http://is.gd/sXqCVf.