Go Back   Xisp.org Forums > Porn Password Cracking > Other Site Problems

Cannot find form data on this site

Reply
Views: 2219 - Replies: 9  
Thread Tools Display Modes

Cannot find form data on this site
Old 07-15-2006, 10:14 PM   #1
jamie_p
Guest
 
Posts: n/a
Threads: 5107
Default Cannot find form data on this site

Tried all the auto-detects on www.realpunting.com , this site used to be basic auth and was no probs, switched to form with OCR but I'm positive the OCR is just for show and not used as part of the authentication process as I can find no reference to it in the "submit" part in the source of the form.

Am I doing something completely wrong ? I have tried the /members and /auth.form and CForce and AD state it's not a html protected site.

I don't want spoon feeding just a hint at where I'm going amiss.

Any help would be great.
  Reply With Quote

Old 07-16-2006, 02:57 AM   #2
slysnake
Cheshire Cat
 
slysnake's Avatar
 
slysnake is offline Offline
Join Date: Jan 2005
Posts: 5,507
Threads: 315
slysnake is on a distinguished road
Default

Quote:
where I'm going amiss.
By depending on auto detect of some bruteforce program to find the info you want. Learn what to look for yourself. Get firefox with live http headers and see what's happening, then you will have a better understanding. With understanding comes power.
__________________
"How do you know I'm mad?" said Alice.
"You must be," said the Cat, "or you wouldn't have come here."
  Reply With Quote

Old 07-16-2006, 08:29 AM   #3
jamie_p
Guest
 
Posts: n/a
Threads: 5107
Default

Thanks for the info. Added live http headers.

Post data is as follows :-

rlm=RealPunting+Members+Area&for=http%253a%252f%252fwww%252erealpunting%252ecom% 252fmembers%252f&uid=test&pwd=testpass&img=IYbd&submit=submit


I can fire away at http://www.realpunting.com/auth.form?rlm=RealPunting+Members+Area&for=http%253a%252f%252fwww%252erealpuntin g%252ecom%252fmembers%252f&uid=test&pwd=testpass&img=IYbd&submit=submit

but I notice the variable "img" is posted to the server, how can you tell if this info is actually used by a server side script without viewing the source. How do you tell if a site uses genuine OCR checking or if it's all for show/to deter.
if the OCR is used I will just get the failure keywords and never know if its the OCR or bad user/pass combo.

Once again thanks for the advice.
  Reply With Quote

Old 07-16-2006, 09:38 AM   #4
sPlico
The sPlicster
 
sPlico's Avatar
 
sPlico is offline Offline
Join Date: Jan 2005
Location: Croatia
Posts: 9,487
Threads: 408
sPlico is on a distinguished road
Default

Quote:
Originally Posted by jamie_p
how can you tell if this info is actually used by a server side script without viewing the source. How do you tell if a site uses genuine OCR checking or if it's all for show/to deter.
if the OCR is used I will just get the failure keywords and never know if its the OCR or bad user/pass combo.
You can't really be sure about that unless the website gives you some kind of error message stating differences between bad user/pass combo and ocr image.
  Reply With Quote

Old 07-16-2006, 05:27 PM   #5
jamie_p
Guest
 
Posts: n/a
Threads: 5107
Default

Thanks for the replies.. much appreciated.

One method I used to use (long time ago when @form was the tool) was find one login via form then hit a link inside thats basic auth.

Used to use that with easynews, form login but if you hit /survey or /edit you could crack it with GE. (Showing my age now). Been absent for a long while and my old sploits will be long gone. Time to get back into it.
  Reply With Quote

Old 07-16-2006, 07:45 PM   #6
sPlico
The sPlicster
 
sPlico's Avatar
 
sPlico is offline Offline
Join Date: Jan 2005
Location: Croatia
Posts: 9,487
Threads: 408
sPlico is on a distinguished road
Default

You can find hidden popups in forms through intellitamper tool. I actually fired that yesterday, and it started downloading several .rm files, and after that, site went down. I don't have a substantial connection to make it go down, unless they're hosted on some poor server:P

Anyway, i found no popups because when it started to download those files, i stop'd.
  Reply With Quote

Old 07-18-2006, 12:56 AM   #7
slysnake
Cheshire Cat
 
slysnake's Avatar
 
slysnake is offline Offline
Join Date: Jan 2005
Posts: 5,507
Threads: 315
slysnake is on a distinguished road
Default

Really, as sPlico said, the best way to determine if the OCR is a bluff is simply to put a fake code in the box and check the response. If you get back "wrong user:pass" probably a bluff. If you get back "wrong code" probably active.
__________________
"How do you know I'm mad?" said Alice.
"You must be," said the Cat, "or you wouldn't have come here."
  Reply With Quote

Old 07-18-2006, 06:59 PM   #8
jamie_p
Guest
 
Posts: n/a
Threads: 5107
Default

Thanks.. I tried that originally and it always returns you to the main auth.form regardless of what OCR or User/Pass. I ran intellitamper but as with above it hung after downloading. I'll keep plodding away and try get a login, failing that whack it with nmap.

Once again, really appreciate you guys replying.
  Reply With Quote

Old 07-18-2006, 07:09 PM   #9
[C-K]
    Super Moderator
 
[C-K]'s Avatar
 
[C-K] is offline Offline
Join Date: Jan 2005
Posts: 9,409
Threads: 2769
[C-K] has much to be proud of[C-K] has much to be proud of[C-K] has much to be proud of[C-K] has much to be proud of[C-K] has much to be proud of[C-K] has much to be proud of[C-K] has much to be proud of[C-K] has much to be proud of
Default

been my experience that sites using /auth.form are not recognized by cforce..beta or original..
  Reply With Quote

Old 07-18-2006, 07:32 PM   #10
jamie_p
Guest
 
Posts: n/a
Threads: 5107
Default

Seem to be correct.

I'm happily firing combo's at it now via AD (pains me to say it) and its merrily chugging away detecting failure keywords. I have no way of knowing if its a bad user/pass or bad OCR since it just seems to direct you back to /auth.form regardless of correct/incorrect OCR. I will perseve though, keep probing is my moto.
  Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump



All times are GMT -4. The time now is 05:54 PM.


vBulletin skin developed by: Xisp.org Crew
Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
2005 © Copyright Xisp.org