and ask my brother, is that real? And he says that it was real (actually it's a fake ghost, I know it now). So my sister made up an e-mail account for me, in yahoo mail. From songs, turns to how to's, and then blood effect, home-made hand bomb, recipe, art, social, image editor, game, audio editor, html, hacking, and now, software. So, I'm turning into a Youtube learner. In those day, I don't know how bomb are made of, but now I know. I don't know what is the relative between these and the 'Title' that I've wrote above. Okay, lately, I'm learning on how to crack a password on a shared computer. Reminder! This can be used only when the user saved their password in the browser. So when you type the user name in the username box, the password will come out and looks something like these => *******. So, to find what the password is, you must cracks it (This is working on every email account). Here's how:
1. First, open the mail service site that your victim use(to me, it's my brother). For example, Yahoo! mail. You can see the username and password forms there.
2. Then, type these into the uniform resource locator (URL) box; javascript:alert(document.forms.length)
3. Press Enter. A number will come out. Memorize it. Example: 3
4. Then, change the word to; javascript:alert(document.forms[x].name). Don't type the "x" word. I assume it as some specific number.
5. Replace the "x" with number start from zero to the number that had come out before, minus one. Okay, I'll use the example number given. 3-1=2. Type; javascript:alert(document.forms[2].name). See? replace the "x" word with the total number.
6. Again, press Enter.
7. Repeat the same method, from the specific number to 0 (my example number is 3, so, it would be like form 2 to 0). Test out every total number, one by one.
8. You'll see something like 'login' or 'on', or 'login_form', or 'username', or maybe 'IdentityProviderForm' and something like that. So now, you have the "x" number. In my case, "x" is equal to 0 (example number).
9. Now, type in; javascript:alert(document.forms[x].elements.length). My example number is 0, I'll type; javascript:alert(document.forms[0].elements.length).
10. Press Enter again.
11. A number would come out. Again, memorize it. Example:3 <= My second example number!
12. Type in; javascript:alert(document.forms[x].elements[y].name). The "y" number is now existed. Replace the the "y" number again, start form zero to the number that has come out in the second time. My second example number is 3, so replace the "y" start with 0 to 3.
13. This is stupid, press Enter, again!
14. Something like 'search_form' or 'login', or 'lang', or maybe 'rdirurl' would come out. Stop when you get something like 'psword' or 'password' and some thing like that. When you got that, it is the "y" number. To me, my 'y' number is 1.
15. So then, type these; javascript:alert(document.forms[x].elements[y].value). This is the final move. My "x" number is 0, meanwhile my "y" number is 1, so I will type in something like these; javascript:alert(document.forms[0].elements[1].value). Do not press Enter yet. Write out the user's id, and their password would come out like I said before, which is looks like these => *******.
16. Now, for the last time, press Enter.
17. Password is served, baby!
Okay, maybe you'll get a little puzzled. Maybe you'll said something like "WTF, how do I know my victim password??! ". As I said, this is only can be used in shared computer. A computer that groups of people use. Different people, on one same computer. And what's more important is, they'd save their password in the computer. In the mail service site, when you scroll down and click on the user e-mail, a bunch of dots will come out in the password's box. You can log in to the user account, but only on that shared computer. You wanted to open the user account in different computer, but you don't know the password. This is what we call by cracking the password. Password cracking is like you turns this bunch of dots => ******** into something like => dorkslot. Well, that just a fake password that I'd created, don't try it on me. It's fake. Okay, so, things would get succeeded only when the HTTP cookies is available. Known as, cookies. Cookies is like, when you filling a form, like eBay account, on a new browser, it will ask you whether you want the browser to save for your password or not. If you click 'yes', that's mean you have create a cookies. If someone hacks the computer, and you've forgot to delete the cookies, the hacker might just know your eBay id and password. On Chrome, you can press Shift+Ctrl+Del to get to the clearBrowserData page. Click on clear Delete cookies and other site and plug-in data. This will clear your cookies, but also your plug-in data (something like a site asking your permission to run a java, and you'll click 'Always Run on this site', so you'll ended up repeat the same thing, clicking on that same button because the site doesn't remember about you telling them to Always Run. This is happening for you had clear the cookies). That is what cookies is all about. It is more like a browsing history, a left-behind footprints. If you don't remove the tracks, someone will knows you were there before. Hey, I think I'm out of the topic. So, you'll use cookies to crack the other user password. They leave their cookies un-deleted, and you'll get advantage on that. Same things goes on the opposite ways. You leave the cookies un-deleted, someone will crack your password. Sorry, keep changing my topic.
 |
| To me, I'll delete all of the information. No cookies left! |
 |
| My URL box (See the red pointer? That one). For one's security, I'll mosaic the application used. |
 |
| Screenshot method. That's what happen when you press the 'Enter' button. |
 |
| Another screenshot method. Yay! Got it! The 'passwd' word! I'll tried about 20 times. T-T |
 |
| Final screenshot method. Password!! |
 |
| Some of my method. If you got weird word like 'ad' or 'partner' or 'lang', press Ctrl+U to view the page source. |
No comments:
Post a Comment