Notice: Due to size constraints and loading performance considerations, scripts referenced in blog posts are not attached directly. To request access, please complete the following form: Script Request Form Note: A Google account is required to access the form.
Disclaimer: I do not accept responsibility for any issues arising from scripts being run without adequate understanding. It is the user's responsibility to review and assess any code before execution. More information

SSL and Login Boxes....

If you have a website that requires you to enter a username and password then you will need to make sure that all traffic to this form is using HTTPS, in other words ensure that all data is encrypted with a certificate.
Why? Well if you take the login box for my website which is shown below:
JAWS LOGIN
If you then make use of a program like WireShark which is a ethernet packet sniffer you will see the immediate issue shown below:
1. This is the raw packet capture data which can be detected by any network monitor or sniffer, this shows the flow of data from www.a6n.co.uk to the remote computer.....

0       host_ip external_ip     TCP     4912 > http [SYN] Seq=0 Win=65535 Len=0 MSS=1460
0.00123 external_ip     host_ip TCP     http > 4912 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1402
0.001264        host_ip external_ip     TCP     4912 > http [ACK] Seq=1 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
0.001301        host_ip external_ip     HTTP    POST /cms/admin.php HTTP/1.1  (application/x-www-form-urlencoded)
0.134971        external_ip     host_ip TCP     http > 4912 [ACK] Seq=1 Ack=742 Win=64794 Len=0
0.232414        external_ip     host_ip TCP     [TCP segment of a reassembled PDU]
0.232788        external_ip     host_ip TCP     [TCP segment of a reassembled PDU]
0.232813        host_ip external_ip     TCP     4912 > http [ACK] Seq=742 Ack=2805 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
0.234099        external_ip     host_ip HTTP    HTTP/1.1 200 OK  (text/html)
0.483833        host_ip external_ip     TCP     4912 > http [ACK] Seq=742 Ack=3699 Win=64641 [TCP CHECKSUM INCORRECT] Len=0
5.759593        external_ip     host_ip TCP     http > 4912 [FIN, ACK] Seq=3699 Ack=742 Win=64794 Len=0
5.75963 host_ip external_ip     TCP     4912 > http [ACK] Seq=742 Ack=3700 Win=64641 [TCP CHECKSUM INCORRECT] Len=0
 

2. Find the section where the data is going to be located.....which in my case in the TCP segment section....

0.232414        external_ip     host_ip TCP     [TCP segment of a reassembled PDU]
0.232788        external_ip     host_ip TCP     [TCP segment of a reassembled PDU]
 

3. Hidden in the bytes extracted from the packet capture is the following information:
input type="text" name=" username" id="username" value="Admin" title="Username"/>.

.Password: 
4. Login using the remote credentials.....
WARNING : Yes, this is my website but no I do not use (cuz thats stupid) Admin and Password so do not try this otherwise your IP will be blocked
Username : Admin
Password : password
Polite Note : The TCP port 4192 is the dymanic remote Apache port that my server assigns to web traffic, so this means that the remote computer (you) has a source HTTP port of TCP:4192 and the destination port is always TCP:80...so no you cannot hack TCP:4192 as this is dymanically opened and closed!
Previous Post Next Post

نموذج الاتصال