--------------------------------------------------------------------------------------- [+] Login Form Password Stealing - Tutorial [+] Author: Rohit Bansal --------------------------------------------------------------------------------------- Intro: It seems that alot of people these days are gaining shell access, downloading a database then attempting to crack the hashes. If they are salted, sha1 or a hard to crack plain ole' MD5, they start bitchin and moaning when they can't get the plain text. So here it is, a tutorial on how to get user:pass format in plain text of ANY hash type. Method: Modify the login form of a site to catch the password remotely, before it is encrypted. I will explain this more simply via an example. Take the following login form for example,
Now we can see that the action of this form points to 'cookies.php'. Now cookies.php will probably include a function similar to this depending on the encryption type, etc. $user = $_POST['username']; $pass = $_POST['password']; if(md5($user) == $usermd5 && md5($pass) == $passmd5){ setcookie("Whatever", $cookie, time()+3600, "/"); header("Location: index.php"); die(); } Now on to bypassing the encryption before it happens, thus gaining the username and password in plain text we need to edit the 'cookie.php' site, add the following code at the start of the php tags. Now the php file 'plain.php' will include the following code: Notice you will also need to upload a file 'lol.txt', and chmod it to 777. Conclusion: Now everytime a user logs into the site you are editing the code of, it will send the username and password to the 'plain.php' text file and save it in 'log.txt', on a remote server in theformat of: user:pass --------------------------------------------------------------------------------------- [+]^Rohit Bansal [rohitisback@gmail.com] [+] Schap, Infysec ---------------------------------------------------------------------------------------