[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Voyeur Cams | Click for more| Home]

website security

This is a blue board which means that it's for everybody (Safe For Work content only). If you see any adult content, please report it.

Thread replies: 56
Thread images: 7

How do people mess up website security? Just finished my new site and it is like you would have to fuck up on purpose for it to be insecure at all.

Explain how people fuck this up?
>>
>>51582646
post your code
>>
Stupidity, third-party garbage, legacy support, and non-standard implementation?
>>
inb4 gives up after SQL injection fails

cyberpatriotarchives.com
>>
File: _.jpg (20KB, 782x272px) Image search: [iqdb] [SauceNao] [Google]
_.jpg
20KB, 782x272px
>>51582677
good job on the security when anyone can just get the last password from the input field history
>>
Good job posting the login page. Clearly that didn't help you get in
>>
oh look. someone tried. keyword: Tried
>>
>>51582999
literally just me
>>
>i don't understand how good security is difficult to make even though the website i made is tiny and simple as fuck and doesn't deal with inputs from users

durr fucking hurr durr
>>
>>51582646
>html5up
lol faggit
also
>site called CyberPatriot
>fucking google analytics
>>
>Trying to access my location.
>CP archives
FBI much ?
>>
well this is lame. how do i delete this shit thread
>>
>>51583220
how about you post the actual code so we can laugh at your rookie mistakes
>>
nope
>>
File: lookicanNMAP.png (8KB, 690x102px) Image search: [iqdb] [SauceNao] [Google]
lookicanNMAP.png
8KB, 690x102px
Well, might want to start with this
>>
File: _.jpg (105KB, 1280x721px) Image search: [iqdb] [SauceNao] [Google]
_.jpg
105KB, 1280x721px
is this bait?

2nd page on google, the pastebin link
>>
>>51582646
https://www.exploit-db.com/exploits/34133/
Haven't tried it yet, dunno if vulnerable.
>>
>>51582646
OP where'd your site go?
>>
New-ish-fag here.
If I nmap and trying get into his server, won't he have my IP address ?
>>
>ERR_CONNECTION_REFUSED

>At this point in 2015, if you have a vulnerable website you might as well give up now. I have a website and it was clear that you would have to be stupid to have a vulnerable website.
quote from OP in reddit


>>51583415
we haxed his website, the login was literally admin:password
>>
>>51583427
are you fucking serious I didn't even try that cuz I assumed no one was that retarded.
>>
>>51583443
no it actually worked, see the screenshot above
>>
'nother bored person here.

I got to the test_environment.php page. Was about to upload a dummy document. I uploaded a php script that dumps file contents, but I couldn't find where it went. I didn't get a chance to upload a dummy .pdf before the site died.
>>
>>51583423
Yes, don't try shit outside lab environments until you know how to answer these kinds of questions. Unless you like anal sex with Tyrone.
>>
>>51583451
God fucking damnit I'm disappointed in myself.
>>
>>51583462
my guess is that the video, documents sites where built from the file names - hence he only allowed mp4 (video), doc and pdf (documents), everything else goes into the trash (or gets left behind somewhere, probably in htdocs still)
>>
>>51582646

O-OP, you still here brah? What happened to your site?
>>
File: quacksec.jpg (69KB, 676x654px) Image search: [iqdb] [SauceNao] [Google]
quacksec.jpg
69KB, 676x654px
>>
how fast do mods respond to reporting?
>>
>>51583563
depends if they are awake or not, from a few minutes to an hour usually
>>
it's up again, same login details still
>>
https://bitbucket.org/LaNMaSteR53/honeybadger/
>As seen in the presentation "Hide and Seek: Post-Exploitation Style" from ShmooCon 2013.

:^)
>>
>>51583689
Oh no! Now he has a 10 mile radius of where I might be!

IP Geolocation is a joke. Especially with VPNs. Great job, OP.
>>
>>51583689
Tor FTW.
>>
>>51583767
>>51583772
yeah I misinterpreted that a bit, it's really just a geolocation tool thing, doesnt exploit anything
>>
>>51583786
From what it looks like, the site is ridiculously unfinished. The admin page upload doesn't work (as far as I can tell). That honey.js file doesn't do anything either. Hell, I wouldn't be surprised if the Login_Check.php doesn't even check against a DB and just compares in plaintext.

If you really wanna do something, you'd probably need another route besides basic web app manipulation. Probably Apache server exploits or breaking in through SSH.
>>
>>51583892
Also, if I had to guess, I'd say the website dev generates the file links on each of the content pages by PHP, so if you manage to upload a file to the Videos or Other folder, you might be able to make it show up on the front-facing page.
>>
I can get in, bitches.
>>
>>51582646
cyberpatriotarchives_com

OP, why don't you go back to W3schools and learn how to make a proper login and administration page? This bullshit reminds me of when I too learned how to PHP.

Before you criticize others on website security, you should probably try learning how to properly webdev.
>>
>>51583967
They don't show up, I think it's broken or not meant to show up immediately, no idea

I'm just fucking around, no intent on doing serious hacking here. I think OP was trolling anyways.
>>
What? is it not a proper log in page because it lacks flowery borders and a button to hold your hand when you forget a password?
>>
>made a website specifically for shitposting
>whole first month was people trying to break into it.

I did even prepare statement. Made a scrubber.

Site eventually got taken down because someone hacked my host. lel
>>
>>51584061
It might be static, however each link item in the HTML looks too uniform and copypasta to be static. Who knows, OP could be retarded and just copy-pasted all his links instead of looping in PHP for them.

And same here. I don't think OP is trolling though. Based on his reddit user page at CyberPatriotArchives, he just seems arrogant and stupid.
>>
wow /g/ is pathetic, literally everyone fell for the shitty b8
>>
>>51584110
No, its not a proper login page because you have no idea how to proper authenticate in PHP. The password field is plaintext and I don't even think you check your credentials against a DB, and even if you did, you probably stored your password in plaintext. Does Login_Check.php actually check a DB? Or does it just compare like
if ($username == "admin" && $password == "admin") 
>>
>>51584235
Stop bumping this shit thread you fucking retard
>>
>>51584235
>does it compare like
>posts python code
>>
Okay guys, I'm in. OP is a mega noob. I got in through his shitty "honeybadger" thing. Got the geolocation applet running and used the code inside to inject commands right into his fucking server.

Top kek OP. Top kek.
>>
>>51584290
Decent troll. Even if you were right, which you're not, you're still wrong.
>>
Hey guys.
Keep me posted...k
>>
>>51584290
>>
I'm running a LAMP RHEL in AWS
Is there a need to use firewall?
I just open few ports in the AWS "router", but I don't know how things works in the AWS' LAN traffic
>>
>>51584267
Oh sorry. I should let you get back to sucking corporate cock discussing the newest phone or graphics card. Or even better, maybe you could go show off your l33t desktop on the desktop thread or your sooper_complex_program.c on the DPT while discussing traps.

Fuck off. This may be a shit thread, but its a change.
>>
IE support
>>
>>51584392
This famalam
>>
>>51584666
Thanks, satan.
Thread posts: 56
Thread images: 7


[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y] [Search | Top | Home]
Please support this website by donating Bitcoins to 16mKtbZiwW52BLkibtCr8jUg2KVUMTxVQ5
If a post contains copyrighted or illegal content, please click on that post's [Report] button and fill out a post removal request
All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from that site. This means that 4Archive shows an archive of their content. If you need information for a Poster - contact them.