OK,
I had success with my test on basic authentication sites like: mike's apartment, bangbros, Lightspeed ... (turned combo list into a basic auth list using a base64 decoder and used crowbar to brute)
Now it's time to try the ocr sites using session info: (no need for something that can recognize characters in images, maybe EASIER OCR,AVS access)
I'm going to make out profiles for the sites, I'll need to login first to see what type of info I need to come up with. kinda like this.
Cookie: PHPSESSID=a775fc584432d6fb16ab125f6fc81601; path=/
(Anyone know what method is generally use to encode/encrypt this info; I just started searching)
I've read that some are a random string that use as a key to look up the session information.
P.S.
Anyone know what happened to the strongbox old admin login cred (died like everything else). Props to JaNlOk for the long list. And has there been success with other flaws.
Last edited by CrashTest; 06-07-2007 at 12:10 AM..
|