[ 3 / biz / cgl / ck / diy / fa / g / ic / jp / lit / sci / tg / vr ] [ index / top / reports / report a bug ] [ 4plebs / archived.moe / rbt ]

If you can see this message, the SSL certificate expiration has been fixed.
Become a Patron!

/g/ - Technology

View post   

[ Toggle deleted replies ]
File: 131 KB, 500x351, masked-hacker-with-hat.jpg [View same] [iqdb] [saucenao] [google] [report]
51582646 No.51582646 [Reply] [Original] [archived.moe] [rbt]

How do people mess up website security? Just finished my new site and it is like you would have to fuck up on purpose for it to be insecure at all.

Explain how people fuck this up?

>> No.51582657

post your code

>> No.51582669

Stupidity, third-party garbage, legacy support, and non-standard implementation?

>> No.51582677

inb4 gives up after SQL injection fails


>> No.51582764
File: 20 KB, 782x272, _.jpg [View same] [iqdb] [saucenao] [google] [report]

good job on the security when anyone can just get the last password from the input field history

>> No.51582870

Good job posting the login page. Clearly that didn't help you get in

>> No.51582999
File: 4 KB, 278x100, a44ef876d95e312a9c15f6f4cc8b0660.png [View same] [iqdb] [saucenao] [google] [report]

oh look. someone tried. keyword: Tried

>> No.51583049

literally just me

>> No.51583078

>i don't understand how good security is difficult to make even though the website i made is tiny and simple as fuck and doesn't deal with inputs from users

durr fucking hurr durr

>> No.51583129

lol faggit
>site called CyberPatriot
>fucking google analytics

>> No.51583203

>Trying to access my location.
>CP archives
FBI much ?

>> No.51583220

well this is lame. how do i delete this shit thread

>> No.51583233

how about you post the actual code so we can laugh at your rookie mistakes

>> No.51583256


>> No.51583307
File: 8 KB, 690x102, lookicanNMAP.png [View same] [iqdb] [saucenao] [google] [report]

Well, might want to start with this

>> No.51583319
File: 105 KB, 1280x721, _.jpg [View same] [iqdb] [saucenao] [google] [report]

is this bait?

2nd page on google, the pastebin link

>> No.51583390

Haven't tried it yet, dunno if vulnerable.

>> No.51583415

OP where'd your site go?

>> No.51583423

New-ish-fag here.
If I nmap and trying get into his server, won't he have my IP address ?

>> No.51583427


>At this point in 2015, if you have a vulnerable website you might as well give up now. I have a website and it was clear that you would have to be stupid to have a vulnerable website.
quote from OP in reddit

we haxed his website, the login was literally admin:password

>> No.51583443

are you fucking serious I didn't even try that cuz I assumed no one was that retarded.

>> No.51583451

no it actually worked, see the screenshot above

>> No.51583462

'nother bored person here.

I got to the test_environment.php page. Was about to upload a dummy document. I uploaded a php script that dumps file contents, but I couldn't find where it went. I didn't get a chance to upload a dummy .pdf before the site died.

>> No.51583464

Yes, don't try shit outside lab environments until you know how to answer these kinds of questions. Unless you like anal sex with Tyrone.

>> No.51583482

God fucking damnit I'm disappointed in myself.

>> No.51583511

my guess is that the video, documents sites where built from the file names - hence he only allowed mp4 (video), doc and pdf (documents), everything else goes into the trash (or gets left behind somewhere, probably in htdocs still)

>> No.51583519


O-OP, you still here brah? What happened to your site?

>> No.51583538
File: 69 KB, 676x654, quacksec.jpg [View same] [iqdb] [saucenao] [google] [report]

>> No.51583563

how fast do mods respond to reporting?

>> No.51583578

depends if they are awake or not, from a few minutes to an hour usually

>> No.51583620

it's up again, same login details still

>> No.51583689

>As seen in the presentation "Hide and Seek: Post-Exploitation Style" from ShmooCon 2013.


>> No.51583767

Oh no! Now he has a 10 mile radius of where I might be!

IP Geolocation is a joke. Especially with VPNs. Great job, OP.

>> No.51583772

Tor FTW.

>> No.51583786

yeah I misinterpreted that a bit, it's really just a geolocation tool thing, doesnt exploit anything

>> No.51583892

From what it looks like, the site is ridiculously unfinished. The admin page upload doesn't work (as far as I can tell). That honey.js file doesn't do anything either. Hell, I wouldn't be surprised if the Login_Check.php doesn't even check against a DB and just compares in plaintext.

If you really wanna do something, you'd probably need another route besides basic web app manipulation. Probably Apache server exploits or breaking in through SSH.

>> No.51583967

Also, if I had to guess, I'd say the website dev generates the file links on each of the content pages by PHP, so if you manage to upload a file to the Videos or Other folder, you might be able to make it show up on the front-facing page.

>> No.51584011

I can get in, bitches.

>> No.51584054


OP, why don't you go back to W3schools and learn how to make a proper login and administration page? This bullshit reminds me of when I too learned how to PHP.

Before you criticize others on website security, you should probably try learning how to properly webdev.

>> No.51584061

They don't show up, I think it's broken or not meant to show up immediately, no idea

I'm just fucking around, no intent on doing serious hacking here. I think OP was trolling anyways.

>> No.51584110

What? is it not a proper log in page because it lacks flowery borders and a button to hold your hand when you forget a password?

>> No.51584130

>made a website specifically for shitposting
>whole first month was people trying to break into it.

I did even prepare statement. Made a scrubber.

Site eventually got taken down because someone hacked my host. lel

>> No.51584181

It might be static, however each link item in the HTML looks too uniform and copypasta to be static. Who knows, OP could be retarded and just copy-pasted all his links instead of looping in PHP for them.

And same here. I don't think OP is trolling though. Based on his reddit user page at CyberPatriotArchives, he just seems arrogant and stupid.

>> No.51584206

wow /g/ is pathetic, literally everyone fell for the shitty b8

>> No.51584235

No, its not a proper login page because you have no idea how to proper authenticate in PHP. The password field is plaintext and I don't even think you check your credentials against a DB, and even if you did, you probably stored your password in plaintext. Does Login_Check.php actually check a DB? Or does it just compare like if ($username == "admin" && $password == "admin")

>> No.51584267

Stop bumping this shit thread you fucking retard

>> No.51584290

>does it compare like
>posts python code

>> No.51584308

Okay guys, I'm in. OP is a mega noob. I got in through his shitty "honeybadger" thing. Got the geolocation applet running and used the code inside to inject commands right into his fucking server.

Top kek OP. Top kek.

>> No.51584309

Decent troll. Even if you were right, which you're not, you're still wrong.

>> No.51584312

Hey guys.
Keep me posted...k

>> No.51584352
File: 40 KB, 625x626, 5284631+_d0427bac0d1e3715c841a42722047d73.png [View same] [iqdb] [saucenao] [google] [report]


>> No.51584375

I'm running a LAMP RHEL in AWS
Is there a need to use firewall?
I just open few ports in the AWS "router", but I don't know how things works in the AWS' LAN traffic

>> No.51584392

Oh sorry. I should let you get back to sucking corporate cock discussing the newest phone or graphics card. Or even better, maybe you could go show off your l33t desktop on the desktop thread or your sooper_complex_program.c on the DPT while discussing traps.

Fuck off. This may be a shit thread, but its a change.

>> No.51584438

IE support

>> No.51584461

This famalam

>> No.51584666


>> No.51584709

Thanks, satan.

Name (leave empty)
Comment (leave empty)
Password [?]Password used for file deletion.