hacking password protected site


There are many ways to defeat java-script protected websites. Some are very simplistic, such as hitting ctl-alt-del when the password box is displayed, to simply turning off java capability, which will dump you into t he default page. You can try manually searching for other directories, by typing the directory name into the url address box of your browser, ie: you w ant access to http://www.target.com . Try typing
http://www.target.com/images .(almost ever y web site has an images directory) This will put you into the images directo ry, and give you a text list of all the images located there.
Often, the t itle of an image will give you a clue to the name of another directory. ie: in  www.target.com/images, there is a .gif named gamestitle.gif .

There is a good chance then, that there is a ‘games’ directory on the site, so you would then type in http://www.target.com/games, and if it is a valid directory, you again get a text listing of all the files available there.
For a more automated approach, use a program like WEB SNAKE from anawave, or Web Wacker. These pro grams will create a  mirror image of an entire web site, showing all directories, or even mirror a complete server. They are indispensable for locating hidden files and directories. What do you do if you can’t get past an opening “Password Required” box? First do an WHOIS Lookup for the site. In our  example, http://www.target.com . We find it’s hosted by http://www.host.com at 100.100.100. 1. We then go to 100.100.100.1, and then launch \Web Snake, and mirror the entire server. Set Web Snake to NOT  download anything over about 20K. (not many HTML pages are bigger than this) This speeds things up some, and keeps yo u
from getting a lot of files and images you don’t care about.
This can take a long time, so consider running it right before bed time. Once you have an image of the entire server, you look through the directories listed, and find /target. When we open that directory, we find its contents, and all of i ts sub-directories listed. Let’s say we find /target/games/zip/zipindex.html . This would be the index page that would be displayed had you gone through the password procedure, and allowed it to redirect you here.
By simply typing in the url http://www.target.com/games/zip/zipindex.html you will be on the index page and ready to follow the links for downloading.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s