Pentesting my site.

Discuss the many weaknesses of browser security and ways to mitigate the threat

Pentesting my site.

Post by eggscrambler on Tue Jan 10, 2012 9:56 pm
([msg=63639]see Pentesting my site.[/msg])

Hello everyone,
I would like to see if anyone can find the password to my site http://www.foraxe.cu.cc/test.html Now I do not mean to say that it is ultra god code. in fact the code is probably noob level. The point of this is to see how easy it is to find the pass.as well as finding ways to better code a way to secure passwords. The backend is in python and is within a cgi-bin. This is all I will tell you about it, but if you find the password please let me know. However do not say the actual pass so others may try just tell me how you found it. Thanks :mrgreen:
eggscrambler
New User
New User
 
Posts: 16
Joined: Thu Apr 28, 2011 11:30 pm
Blog: View Blog (0)


Re: Pentesting my site.

Post by limdis on Tue Jan 10, 2012 10:16 pm
([msg=63640]see Re: Pentesting my site.[/msg])

Before everyone freaks out. It is legit, see below:

Code: Select all
<html>
<head>
<title> Test of io </title>
</head>
<body>
<!-- HTS USERS MAY USE THIS PAGE TO PENTEST -->
<h1> First user interaction: forms </h1>
<form method=POST action="cgi-bin/test.py">
<p> Enter password here:</p>
<p><input type="password" name="pass"/ ></p>
<p><input type="submit" /></p>
</body>

</html>
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1382
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: Pentesting my site.

Post by DegreesKelvin on Wed Jan 11, 2012 12:46 pm
([msg=63650]see Re: Pentesting my site.[/msg])

I though I wanna just try and see if I could guess it, I couldn't, but then the page insulted me.
It is on.
[14:33:02] <FlutterBurp> Dear princess celestia, i finally found out what Alt + F4 Does, i lost a important document thanks to you. Yours pissed off Twilight sparkle.
User avatar
DegreesKelvin
New User
New User
 
Posts: 32
Joined: Wed Jan 04, 2012 6:36 pm
Blog: View Blog (0)


Re: Pentesting my site.

Post by tremor77 on Wed Jan 11, 2012 3:16 pm
([msg=63653]see Re: Pentesting my site.[/msg])

I said I would help the last guy who needed pentesting - the one with the images for password.. never got around to it.. I'd say I'd do this one too, but chances are by the time I get home and play 6 hours of Minecraft I'll forgot I ever saw this post.
Image
User avatar
tremor77
Contributor
Contributor
 
Posts: 884
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: Pentesting my site.

Post by centip3de on Fri Jan 20, 2012 7:55 pm
([msg=63803]see Re: Pentesting my site.[/msg])

BRB, gotta call HF for this one.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1426
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Re: Pentesting my site.

Post by tgoe on Thu Jan 26, 2012 9:53 am
([msg=63890]see Re: Pentesting my site.[/msg])

Didn't bother with the password. I was able to pull off a brony attack though: http://is.gd/sXqCVf.
User avatar
tgoe
Contributor
Contributor
 
Posts: 658
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests