Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > encryption decipher > Content
Hot Articles
Wireless network to crac
Teaches you to use IAT h
Kaspersky Lab the online
Cracking lost or forgott
The Radmin password expl
How to face strongest al
Simple does not ask othe
Explains the MYSQL passw
Explains the Oracle data
http://www.heibai.net/ar
The encryption decipher
Breaks through Windows E
Uses Ophcrack to explain
Uses the MD5 transformat
Cygnia Technologies sele
Recommend Articles
Orders with Dos to untie
Orders with Dos to carry
The specification explai
And uses to some ASC det
Teaches you to use IAT h
Summarizes some encrypti
Teaches you a few words
Wondrous use DEBUG elimi
The Oracle cryptographic
Teaches you to explain f
Introduces seven kind of
Windows system folder en
Teaches you to hide the
Explains the MYSQL passw
Simple does not ask othe
New Articles
About Flash files of enc
Explains how to manually
Javascript large collect
Sep UPX shells ideas
Upx shelling tutorials (
Yoda 's Crypter 1.2 of s
How to decrypt encrypted
Share the Armadillo simp
Tells the operating prin
Origin Storage's Enigma
Detailed explanation Mol
For encrypted NTFS parti
Take your feelings of cr
Wireless WEP crack detai
Shallow disk encryption
The Web violence explains
  Add date: 07/17/2008   Publishing date: 07/17/2008   Hits: 7
Total 2 pages, Current page:1, Jump to page:
 
Talks about the WEB violence to explain through everybody can use the small banyan tree to trace the snow, but was not all WEB explains traces the snow is goes hand to hand (do not say that I said small banyan tree his malicious remarks), because recently worked the relations, bumped into network management equipment's WEBPORTAL to need to make WEB to explain, have a look at HTML the sound code:



function login_send()

{

var f, p, page, url, option;

f = document.form_login.forced_.value;

u = document.form_login.username.value;

p = document.form_login.passwd.value;

pg = document.form_login.page.value;

url = “atm_login? username= " +u+ " &passwd= " +p+ " &forced_in= " +f+ " &page= " +pg;

option = “toolbar=no, location=no, directories=no, status=no, menubar=no, scrollbars=no, favorites=no, resizable=no, left=230, width=520, top=120, height=300”;

window.open (url, '_blank', option);

}



Username:

Password:



Here form action is gives local javascript to complete from defining function - login_send, with traces the snow the words:



Looks like is because transferred the javascript relations…

How to manage? Like this gives up? This is also not necessary, assigns out wvs (Acunetix Web Vulnerability Scanner, believed that many comrades have used it? What I use is 4.0, at present the newest edition is 5.x), chooses its HTTP the fuzzer function:



How then to use it? I reorganized the flow (actually and trace snow principle to be similar, but possible need more thorough understanding HTTP related knowledge):

Defines the HTTP request (Request) -" defines the storm broken operation parameter (Add generator) -" inserts the storm broken operation parameter (Insert into request) -" defines the successful triggering characteristic (Fuzzer Filters) -" scans (Start)

Below lecture really will hold specifically, first we from the goal HTML code may see that lands the process is actually through the POST four parameters [the - two hideaway parameters (forced_in and page) and two submission parameters (username and passwd)] to this page login_send function, then again through GET atm_login this page submission authentication data. Therefore before using wvs fuzzer we first to need to define submits the HTTP request the content, concrete for example:

GET http://xxx.xxx.xxx.xxx/ atm_login? username=alex&passwd=demon&forced_in=false&page= HTTP/1.1

User-Agent: WVS/4.0

Accept: */*

Below is joins the storm broken operation parameter to the HTTP request content, based on we this time goal is the account number (the username field) with the password (the passwd field), therefore needs to define two operation parameters, in this example I planned that lets username carry on the violence to explain, but passwd carries on the dictionary to explain.

The idle talk little said that establishes one the first username operation parameter which explains based on the violence: After click “Add generator” -" “Random string generator”, obtains:

 
Other pages: : 1 * 2 * Next>>
Prev:Open source code encryption tool GPG application method Next:Returns to original state the encryption ftp password after cain

Comment:

Category: Home > encryption decipher
Home