NOTE: THIS IS A REPLICA OF THE SAME POST IN INTERNET, NETWORKING & SECURITY FORUM. NOT SURE IF IT APPLIES TO THIS FORUM, SO POSTING IT ANYWAYS
I've done some researching on Dynamicdrive's password encryptor at Dynamicdrive's website on this password encryptor, and it seems like that Dynamicdrive's password protector is very simple. We'll test this password protector at my friend's site, http://ruey.i8.com/password.html.
As you see from a simple glance of the Source Code of the page, the dynamicdrive specifically commands that
if(usercode==*USERCODE*&&passcode==*PASSCODE*)
{
window.location=password+".htm"}
stating that the correct username/password combination would direct to the page with the name of the password, making the usercode obsolete. Also, you will notice that the passcode is a jumble of numbers multiplied together, with 97 as the alias for "A", and 122 for "Z", and for numbers: 48 for "0" and 57 for "9". To find the passcode, simply use a calculator to divide the passcode by every number from 97 to 122. In this case, the number is
16451021400.
After you get the six possible letters, use Andy's Anagram Solver in order to unscramble the letters into one word. You would get NOTES, and therefore the corresponding page would be http://ruey.i8.com/notes.html
This can pose a major security threat to sites such as GmailFree. Webmasters, do what Dynamic Drive recommends you: use CGI or other password protectors! (and you can figure out gmailfree's lotto number yourself, although the page is offline)
Question
darkhooda
NOTE: THIS IS A REPLICA OF THE SAME POST IN INTERNET, NETWORKING & SECURITY FORUM. NOT SURE IF IT APPLIES TO THIS FORUM, SO POSTING IT ANYWAYS
I've done some researching on Dynamicdrive's password encryptor at Dynamicdrive's website on this password encryptor, and it seems like that Dynamicdrive's password protector is very simple. We'll test this password protector at my friend's site, http://ruey.i8.com/password.html.
As you see from a simple glance of the Source Code of the page, the dynamicdrive specifically commands that
if(usercode==*USERCODE*&&passcode==*PASSCODE*)
{
window.location=password+".htm"}
stating that the correct username/password combination would direct to the page with the name of the password, making the usercode obsolete. Also, you will notice that the passcode is a jumble of numbers multiplied together, with 97 as the alias for "A", and 122 for "Z", and for numbers: 48 for "0" and 57 for "9". To find the passcode, simply use a calculator to divide the passcode by every number from 97 to 122. In this case, the number is
16451021400.
After you get the six possible letters, use Andy's Anagram Solver in order to unscramble the letters into one word. You would get NOTES, and therefore the corresponding page would be http://ruey.i8.com/notes.html
This can pose a major security threat to sites such as GmailFree. Webmasters, do what Dynamic Drive recommends you: use CGI or other password protectors! (and you can figure out gmailfree's lotto number yourself, although the page is offline)
Link to comment
Share on other sites
0 answers to this question
Recommended Posts