Cannot find form data on this site
07-16-2006, 02:57 AM
|
#2
|
Cheshire Cat
slysnake is offline
Join Date: Jan 2005
Posts: 5,507
Threads: 315
|
By depending on auto detect of some bruteforce program to find the info you want. Learn what to look for yourself. Get firefox with live http headers and see what's happening, then you will have a better understanding. With understanding comes power.
__________________
"How do you know I'm mad?" said Alice.
"You must be," said the Cat, "or you wouldn't have come here."
|
|
|
07-16-2006, 08:29 AM
|
#3
|
Guest
|
Thanks for the info. Added live http headers.
Post data is as follows :-
rlm=RealPunting+Members+Area&for=http%253a%252f%252fwww%252erealpunting%252ecom% 252fmembers%252f&uid=test&pwd=testpass&img=IYbd&submit=submit
I can fire away at http://www.realpunting.com/auth.form?rlm=RealPunting+Members+Area&for=http%253a%252f%252fwww%252erealpuntin g%252ecom%252fmembers%252f&uid=test&pwd=testpass&img=IYbd&submit=submit
but I notice the variable "img" is posted to the server, how can you tell if this info is actually used by a server side script without viewing the source. How do you tell if a site uses genuine OCR checking or if it's all for show/to deter.
if the OCR is used I will just get the failure keywords and never know if its the OCR or bad user/pass combo.
Once again thanks for the advice.
|
|
|
07-16-2006, 09:38 AM
|
#4
|
The sPlicster
sPlico is offline
Join Date: Jan 2005
Location: Croatia
Posts: 9,487
Threads: 408
|
Quote:
Originally Posted by jamie_p
how can you tell if this info is actually used by a server side script without viewing the source. How do you tell if a site uses genuine OCR checking or if it's all for show/to deter.
if the OCR is used I will just get the failure keywords and never know if its the OCR or bad user/pass combo.
|
You can't really be sure about that unless the website gives you some kind of error message stating differences between bad user/pass combo and ocr image.
|
|
|
07-16-2006, 05:27 PM
|
#5
|
Guest
|
Thanks for the replies.. much appreciated.
One method I used to use (long time ago when @form was the tool) was find one login via form then hit a link inside thats basic auth.
Used to use that with easynews, form login but if you hit /survey or /edit you could crack it with GE. (Showing my age now). Been absent for a long while and my old sploits will be long gone. Time to get back into it.
|
|
|
07-16-2006, 07:45 PM
|
#6
|
The sPlicster
sPlico is offline
Join Date: Jan 2005
Location: Croatia
Posts: 9,487
Threads: 408
|
You can find hidden popups in forms through intellitamper tool. I actually fired that yesterday, and it started downloading several .rm files, and after that, site went down. I don't have a substantial connection to make it go down, unless they're hosted on some poor server:P
Anyway, i found no popups because when it started to download those files, i stop'd.
|
|
|
07-18-2006, 12:56 AM
|
#7
|
Cheshire Cat
slysnake is offline
Join Date: Jan 2005
Posts: 5,507
Threads: 315
|
Really, as sPlico said, the best way to determine if the OCR is a bluff is simply to put a fake code in the box and check the response. If you get back "wrong user:pass" probably a bluff. If you get back "wrong code" probably active.
__________________
"How do you know I'm mad?" said Alice.
"You must be," said the Cat, "or you wouldn't have come here."
|
|
|
07-18-2006, 06:59 PM
|
#8
|
Guest
|
Thanks.. I tried that originally and it always returns you to the main auth.form regardless of what OCR or User/Pass. I ran intellitamper but as with above it hung after downloading. I'll keep plodding away and try get a login, failing that whack it with nmap.
Once again, really appreciate you guys replying.
|
|
|
07-18-2006, 07:09 PM
|
#9
|
Super Moderator
[C-K] is offline
Join Date: Jan 2005
Posts: 9,409
Threads: 2769
|
been my experience that sites using /auth.form are not recognized by cforce..beta or original..
|
|
|
07-18-2006, 07:32 PM
|
#10
|
Guest
|
Seem to be correct.
I'm happily firing combo's at it now via AD (pains me to say it) and its merrily chugging away detecting failure keywords. I have no way of knowing if its a bad user/pass or bad OCR since it just seems to direct you back to /auth.form regardless of correct/incorrect OCR. I will perseve though, keep probing is my moto.
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
Thread Tools |
|
Display Modes |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -4. The time now is 05:54 PM. |
|
|
|
|