[beta site] Please can you broke this ?

[DanSteph]

I've finished the login process for the reviewer site,
can you shake it and try to broke it or hack it ?
It doesn't seem but it's an important part that required many coding.

You can create as many account as you want (fake data) , try special character.
Please notice that password are MD5 coded (hash) in the database, no one
is able to get their value. (would take forever even with bigger computer on world)


What work:
-create account
-login/logout
-remember my login (log you automatically next visit)
-show your profile
-change language / remember your setting (work for unregistered user also)
-change theme  / remember your setting (work for unregistered user also)

-"send me new password" don't work yet.

Please don't report typo or bad translation I'll see this at completion.

The first that can HACK the site gain a.. hem heuu.. a brand new DGIII

here: http://www.dansteph.com/reviewer

Dan



Post Edited ( 05-14-04 04:18 )

[freespace2dotcom]

A new DG3? I'll crack it even if you hired a guy at the NSA to stop it. just gimme time.. fwahaha!

[DanSteph]

pikachu.com, uh ?  

You welcome, broke it now so it don't broke later.

Dan



Post Edited ( 05-14-04 04:25 )

[freespace2dotcom]

I try. I'm also responisble for quite a few others...

[DanSteph]

freespace2dotcom wrote:
I try. I'm also responisble for quite a few others...

Good luck ! I would personaly not know how to do with the system I use,
but it's possible that I've missed a hole.

Dan

[freespace2dotcom]

I *will* find a hole.

[DanSteph]

For info register global are off and no value others than predefined
are possible in input. Anyway one can try uh ?

Dan

[freespace2dotcom]

yeah, I accidently sent you an email via this site I was using to try to "forge" your name.

sorry bout that.

[DanSteph]

Well a mail would not kill me

Intteresting try with & # 100;& # 97 ;& # 121;

Dan



Post Edited ( 05-14-04 05:14 )

[DanSteph]

another info: I'm logged as dansteph in the database

Immo the weakest point is the cookie "remember me" but that's true for any
site that use this system.

Anyway if you crack the first string you will have to crack a MD5 coded
session id that change at each user's visit.
Notice that the md5 session id is double coded with my hown system also.

Dan



Post Edited ( 05-14-04 05:21 )

[freespace2dotcom]

I know.. Arent I cool? (this is freespace.)

You'd best at least do something about this. you know?



Post Edited ( 05-14-04 05:22 )

[DanSteph]

Hey I'm glad you seem proficient...

Dan

[DanSteph]

Yes I didn't reworked the phorum's login system, send me a mail
about how you have done.

Dan

[DanSteph]

got it:

&# 100; &# 97;&# 110; he he ,

Dan

[freespace2dotcom]

that's good. Just trying my best to keep you alert.

[DanSteph]

patch for reviewer will be up in a couple of minute
for phorum I'll do it in the meaning time.

Dan

[freespace2dotcom]

That's nice.. Can I maybe get that new DG3? please? no rush...

I suppose I have bad motivation. but it helps in the long run



Post Edited ( 05-14-04 05:39 )

[DanSteph]

hey that's not *really* an hack

anyway here you are: http://orbiter.dansteph.com/index.php?disp=dgIII
nobody used it, the paint is brand new

Try again on the reviewer the "& #" hack

Dan

[freespace2dotcom]

DanSteph wrote:
hey that's not *really* an hack
Try again on the reviewer the "& #" hack
Dan

Is it just me or are you contradicting yourself? maybe just trying to get me to wait like everyone else?

Oh well.. I'm just glad I can help...

[DanSteph]

mhhh typo sorry I must have said the & # *tips*
It's true that this tips might work on some bad written things.


Anyway many thanks for your help, keep trying if you find another
idea

Dan



Post Edited ( 05-14-04 05:57 )

[freespace2dotcom]

I'll be working on it, but I think that's all I can think of for right now. maybe I can consult with my "super hacker"
friends and they can give me some "suggestions"

fwahah.. look forward to that day. just as I look forward to that new release of the DG3 that will eventually come.



Post Edited ( 05-14-04 06:07 )

[DanSteph]

freespace2dotcom wrote:
I'll be working on it, but I think that's all I can think of for right now. maybe I can consult with my "super
hacker"

Please do so, I'm used to app crack (I even cracked a 1500$ app with dongle*)
but I know nothing (yet) about web cracking, notice I try also from my side
reading some ressource about that.

*notice I never released anything that I cracked, was only for the fun

Dan



Post Edited ( 05-14-04 06:12 )

[freespace2dotcom]

Gosh, dan.. How much stuff *DO* you know? I feel like just kicking something, you're so smart.

all I can do is measure and estimate electric circuits, and poorly at that.   Being stupid's the price of being a teenager,
I guess. *sigh*

[DanSteph]

The key is to absolutely love to learn about anything...
I must say sadly that one of my kid doesn't seem to follow this.
He don't seem to be concerned (appart "bang bang war war" but perhaps
it's a concern of his age ? (he's five old)

Thirty of learning that's the most usefull quality for a humain I think.
Many people lost it when they grow.

Dan



Post Edited ( 05-14-04 06:39 )

[freespace2dotcom]

ah, give'm time. At five years old all I ever did was play video games. (actually, that's *STILL* all I do. orbiter qualifies
and is proof)

But now I'm realizing that the world is a huge place, and I need to start getting smart or else I'll just be average.

And who wants to be average? we all want to excel!