Quantcast
[ 3 / biz / cgl / ck / diy / fa / g / ic / jp / lit / sci / tg / vr ] [ index / top / reports / report a bug ] [ 4plebs / archived.moe / rbt ]

If you can see this message, the SSL certificate expiration has been fixed.
Become a Patron!

/g/ - Technology


View post   

[ Toggle deleted replies ]
File: 131 KB, 500x351, masked-hacker-with-hat.jpg [View same] [iqdb] [saucenao] [google] [report]
51582646 No.51582646 [Reply] [Original] [archived.moe] [rbt]

How do people mess up website security? Just finished my new site and it is like you would have to fuck up on purpose for it to be insecure at all.

Explain how people fuck this up?

>> No.51582657

>>51582646
post your code

>> No.51582669

Stupidity, third-party garbage, legacy support, and non-standard implementation?

>> No.51582677

inb4 gives up after SQL injection fails

cyberpatriotarchives.com

>> No.51582764
File: 20 KB, 782x272, _.jpg [View same] [iqdb] [saucenao] [google] [report]
51582764

>>51582677
good job on the security when anyone can just get the last password from the input field history

>> No.51582870

Good job posting the login page. Clearly that didn't help you get in

>> No.51582999
File: 4 KB, 278x100, a44ef876d95e312a9c15f6f4cc8b0660.png [View same] [iqdb] [saucenao] [google] [report]
51582999

oh look. someone tried. keyword: Tried

>> No.51583049

>>51582999
literally just me

>> No.51583078

>i don't understand how good security is difficult to make even though the website i made is tiny and simple as fuck and doesn't deal with inputs from users

durr fucking hurr durr

>> No.51583129

>>51582646
>html5up
lol faggit
also
>site called CyberPatriot
>fucking google analytics

>> No.51583203

>Trying to access my location.
>CP archives
FBI much ?

>> No.51583220

well this is lame. how do i delete this shit thread

>> No.51583233

>>51583220
how about you post the actual code so we can laugh at your rookie mistakes

>> No.51583256

nope

>> No.51583307
File: 8 KB, 690x102, lookicanNMAP.png [View same] [iqdb] [saucenao] [google] [report]
51583307

Well, might want to start with this

>> No.51583319
File: 105 KB, 1280x721, _.jpg [View same] [iqdb] [saucenao] [google] [report]
51583319

is this bait?

2nd page on google, the pastebin link

>> No.51583390

>>51582646
https://www.exploit-db.com/exploits/34133/
Haven't tried it yet, dunno if vulnerable.

>> No.51583415

>>51582646
OP where'd your site go?

>> No.51583423

New-ish-fag here.
If I nmap and trying get into his server, won't he have my IP address ?

>> No.51583427

>ERR_CONNECTION_REFUSED

>At this point in 2015, if you have a vulnerable website you might as well give up now. I have a website and it was clear that you would have to be stupid to have a vulnerable website.
quote from OP in reddit


>>51583415
we haxed his website, the login was literally admin:password

>> No.51583443

>>51583427
are you fucking serious I didn't even try that cuz I assumed no one was that retarded.

>> No.51583451

>>51583443
no it actually worked, see the screenshot above

>> No.51583462

'nother bored person here.

I got to the test_environment.php page. Was about to upload a dummy document. I uploaded a php script that dumps file contents, but I couldn't find where it went. I didn't get a chance to upload a dummy .pdf before the site died.

>> No.51583464

>>51583423
Yes, don't try shit outside lab environments until you know how to answer these kinds of questions. Unless you like anal sex with Tyrone.

>> No.51583482

>>51583451
God fucking damnit I'm disappointed in myself.

>> No.51583511

>>51583462
my guess is that the video, documents sites where built from the file names - hence he only allowed mp4 (video), doc and pdf (documents), everything else goes into the trash (or gets left behind somewhere, probably in htdocs still)

>> No.51583519

>>51582646

O-OP, you still here brah? What happened to your site?

>> No.51583538
File: 69 KB, 676x654, quacksec.jpg [View same] [iqdb] [saucenao] [google] [report]
51583538

>> No.51583563

how fast do mods respond to reporting?

>> No.51583578

>>51583563
depends if they are awake or not, from a few minutes to an hour usually

>> No.51583620

it's up again, same login details still

>> No.51583689

https://bitbucket.org/LaNMaSteR53/honeybadger/
>As seen in the presentation "Hide and Seek: Post-Exploitation Style" from ShmooCon 2013.

:^)

>> No.51583767

>>51583689
Oh no! Now he has a 10 mile radius of where I might be!

IP Geolocation is a joke. Especially with VPNs. Great job, OP.

>> No.51583772

>>51583689
Tor FTW.

>> No.51583786

>>51583767
>>51583772
yeah I misinterpreted that a bit, it's really just a geolocation tool thing, doesnt exploit anything

>> No.51583892

>>51583786
From what it looks like, the site is ridiculously unfinished. The admin page upload doesn't work (as far as I can tell). That honey.js file doesn't do anything either. Hell, I wouldn't be surprised if the Login_Check.php doesn't even check against a DB and just compares in plaintext.

If you really wanna do something, you'd probably need another route besides basic web app manipulation. Probably Apache server exploits or breaking in through SSH.

>> No.51583967

>>51583892
Also, if I had to guess, I'd say the website dev generates the file links on each of the content pages by PHP, so if you manage to upload a file to the Videos or Other folder, you might be able to make it show up on the front-facing page.

>> No.51584011

I can get in, bitches.

>> No.51584054

>>51582646
cyberpatriotarchives_com

OP, why don't you go back to W3schools and learn how to make a proper login and administration page? This bullshit reminds me of when I too learned how to PHP.

Before you criticize others on website security, you should probably try learning how to properly webdev.

>> No.51584061

>>51583967
They don't show up, I think it's broken or not meant to show up immediately, no idea

I'm just fucking around, no intent on doing serious hacking here. I think OP was trolling anyways.

>> No.51584110

What? is it not a proper log in page because it lacks flowery borders and a button to hold your hand when you forget a password?

>> No.51584130

>made a website specifically for shitposting
>whole first month was people trying to break into it.

I did even prepare statement. Made a scrubber.

Site eventually got taken down because someone hacked my host. lel

>> No.51584181

>>51584061
It might be static, however each link item in the HTML looks too uniform and copypasta to be static. Who knows, OP could be retarded and just copy-pasted all his links instead of looping in PHP for them.

And same here. I don't think OP is trolling though. Based on his reddit user page at CyberPatriotArchives, he just seems arrogant and stupid.

>> No.51584206

wow /g/ is pathetic, literally everyone fell for the shitty b8

>> No.51584235

>>51584110
No, its not a proper login page because you have no idea how to proper authenticate in PHP. The password field is plaintext and I don't even think you check your credentials against a DB, and even if you did, you probably stored your password in plaintext. Does Login_Check.php actually check a DB? Or does it just compare like if ($username == "admin" && $password == "admin")

>> No.51584267

>>51584235
Stop bumping this shit thread you fucking retard

>> No.51584290

>>51584235
>does it compare like
>posts python code

>> No.51584308

Okay guys, I'm in. OP is a mega noob. I got in through his shitty "honeybadger" thing. Got the geolocation applet running and used the code inside to inject commands right into his fucking server.

Top kek OP. Top kek.

>> No.51584309

>>51584290
Decent troll. Even if you were right, which you're not, you're still wrong.

>> No.51584312

Hey guys.
Keep me posted...k

>> No.51584352
File: 40 KB, 625x626, 5284631+_d0427bac0d1e3715c841a42722047d73.png [View same] [iqdb] [saucenao] [google] [report]
51584352

>>51584290

>> No.51584375

I'm running a LAMP RHEL in AWS
Is there a need to use firewall?
I just open few ports in the AWS "router", but I don't know how things works in the AWS' LAN traffic

>> No.51584392

>>51584267
Oh sorry. I should let you get back to sucking corporate cock discussing the newest phone or graphics card. Or even better, maybe you could go show off your l33t desktop on the desktop thread or your sooper_complex_program.c on the DPT while discussing traps.

Fuck off. This may be a shit thread, but its a change.

>> No.51584438

IE support

>> No.51584461

>>51584392
This famalam

>> No.51584666

bump

>> No.51584709

>>51584666
Thanks, satan.

>>
Name (leave empty)
Comment (leave empty)
Name
E-mail
Subject
Comment
Password [?]Password used for file deletion.
Captcha
Action