I am a 3x Entrepreneurs. Love writing code and sharing what I learn everyday as a programmer and an entrepreneur.

July 13, 2007

Getting Passwords-Cracking webpages

There is many different methods of hacking users web pages on a server. I will attempt to list as many ways possible but don't expect very much in depth information.

Getting Passwords

Okay suppose you found a page you want to hack, that is on someone else's server that's a basic server, light security. Okay very light security. I will be truthful. This pretty much works on servers with no security.
Getting a password file is pretty easy. Simply telnet into the servers FTP anonymously and look in the ETC directory and get the file called Passwd. Another way to get them is to find your target and in
a WWW browser type cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd after
the servers name.
For example the name may be http://www.hackme.com/,
you would goto
http://www.hackme.com/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd except instead of http://www.hackme.com/
you would replace that with your targets URL. You may get a passwd file that has no user accounds, but only defaults which where the encrypted password should be a * would be in its place. On certain servers with this you may have a shadowed passwd but on all passwd files i have come across there is some user names like FTP and NEWS that have no encrypted passwords which is replaced with *.
If you find only this and no encrypted passwds you probably have found a fixed passwd file and you must try another method of hacking the server.

You need to examine this file and look for a line in the text that looks like this:
rrc:uXDg04UkZgWOQ:201:4:Richard Clark:/export/home/rrc:/bin/kshdoes not need to look exactly like that, the only important part it needs it the uXDg04UkZgWOQ and rcc, which is the login part. Get a program called John the Ripper which can be found on any hacking site on the web. If you are to lazy, or stupid to find one on the web here is a good place to go for newbieshttp://www.hackersclub.com/km/
I will not go in depth right here on passwd files, but i have written a text on passwd's going good into the subject which can be found at
Anyway, using John the Ripper is easy, if you want to quickly hack something give the command (in DOS prompt) "john passwd -single" Replace "passwd" in there with the name of the passwd file, you may have saved it as passwd.txt or something. An important thing to remember is that the passwd file needs to be in the same directory as John.
To see a list of other methods for cracking a passwd file, just type John and it will give you a list of commands. I have found john won't work for me with wordlists but other people say that it works fine for them. You can use incremental mode (to use that the command is "John passwd -incremental" It takes like a few days to finish so I wouldn't really want it to let it go on forever and ever if it was just some normal passwd file. Unless its like NASA's passwd file (keep dreaming, they probably change passwords everyday and that file is very outdated)

I wouldn't want to use that too much. To see a complete list of John's cracking capabilities, just type john and it will give you a list of commands that you may use.


1 comment:

  1. Well, whtever maybe the issues of you and Mr Pokemon ,i am impressed by the stuff written here !

    And as for the link exchange, i am ready!