Cracking WebSites Login Password (Authorizations)

Salam! Everyone, today we will take a look at How Crackers able to crack the auth System of Websites.

Maybe you don't notice i said CRACKERS Not Hackers

So let me tell the difference, Hackers are the Crackers too But according to My knowledge Crackers are those who break the security...But wait Hackers are those who break the security too? confusing right?.

So here is difference Crackers are Blackhat While Hackers are White hat who makes and break (black hat) the security too! .You can say crackers those left some marks who can be used to detect the information (like ip address, browser and it's screen width height and OS etc) But Hackers don't leave anything like this behind ;) .

Now you are asking wot anything like this? like they don't use any os browser and hack the system lol nope that's not wot i mean.I mean to say that they use fake information that don't let them detected ;) .

I hope you understand the little bit difference between Hackers and Crackers.

Now let's see how they crack the login system and get access in website.

First Of all target the website for example i'll be using SEN (Soney Entertain Network) But Please Note this is just for Education Purpose! :p and i'm telling you in little bit advance.

After That we have to search for Web Form for checking it's Login Parameters.

Wot are Parameters?:

Parameters are those data who defines the scope of activity.

Almost all Websites using POST method for auth system.And later on i'll also tell wot are parameters in our login form.

so first start let's Footprinting 

Footprinting is a process in which we try to gather information about our target as much we can.

so for gathering information we will use google ;)
we will search like:

PSN Login or SEN Login

PSN (PlayStation Network) is part of SEN, and you about target you have to gather information as much you can coz like PSN is a part of SEN so wot if it can be vulnerable? (have some Bugs).

and another thing that i want to tell we go on google we also get some suggest searches like:

So according to our target which is to crack the login system and our search keywords are relative to it. so why not tets it too? right? in penetration testing we must check EVERYTHING! every point of our target.

so let's choose 

sony psn

And why we choose this? even if our it was above our top suggest search.That's coz it was according to our target like i said wot our target ? our target is crack the auth system of SEN. Now let's check wot are results of our search:

So our results are those...

now let's try to check the link:

Sony Entertainment Network: Sign In

and again why we select that link? coz of our target....

after opening that link we are on login form of PSN Which is a part of SEN

Now for checking its login form and it's data (parameter and their content)

we will use addon httpfox and let's switch to Firefox for making our testing easy :p

after installing addon click to tools > Web developer > tools > Toggle HttpFox

After clicking (or using the short key for opening it) another window will be pop up then click on Start. then fill the login form and the captcha too ;)

You Better fill the form first then start

then click on submit button of form (Which is Sign in) to check parameters headers etc

after that you'll be watching that an request which method is POST is send and wait for it's response

after that click on it and then go to post data then u can see the post data it's parameters

POST DATA: struts.token.name=struts.token&struts.token=GPRY506ORKZURFD9RY9QTN2CWVYHRCYQ&j_username=EMAIL&j_password=Pass%40&captchaType=recaptcha&g-recaptcha-response=03AIezHSZqENHkATOvm3v46QV774xcv5QRY9x2amupXdovAiroR9BLlO2HQZt55dAV0-LjU718wZDWGbADwaopSR1N9FSbRSH-4RE-LzTUu1ehM75WiLZ5iyTibc3Eq05Pt3-yZY1IcnfmQWcX5145sBB2i5UnXXdLl3xR3MjLdJLIAevNUHlOcEK_v9J5ojcBdYULJYxv-1b03F67gV57MorbAZF6BGKKONDQntgPpuS8WleJDqO7P-f_HuruqZTVZ-36OxXoikEKRPnPjDLD9rkX0wzQ3QiKDqujhu1RFM6oOigOPklla3Ve706nGTdJljer28AIJrErY7mfrfmnYFYa39SJIVRkfKQmy6OQAhhiTvw7QH75YW4&auth-flow=true&service-entity=np

and it's a actually encoded form which is encoded in URL encoding and parameters are

j_username &  j_password & captchaType & response & auth-flow & service-entity=np

Now the problem is a Captcha! Which is used to prevent from Bots and we are doing this all for coding our bot :/

so now let's leave it? no way :( :p . let's try to check more like wot if it's using somekind of api URL :/

let's try more search or search the header where the hell is :p request sending..

i'll be searching more in google and strings like:

psn login or psn api

or ("more others but we have to focus hard and use brain") :p

let's try psn login

results are:

See? many urls to login in PSN (SEN) and let's try the weirdo one like i said some kind of api :p

let's try:

 Sign In: Sony Entertainment Network

And Here we don't see :D captcha

and now do the same thing as we do toggle httpfox bla bla

this time we got post data:

params=YXV0aGVudGljYXRpb25fZXJyb3I9dHJ1ZQ%3D%3D&j_username=EMAIL&j_password=PASSWORD

Now we have the form parameters ;) without captcha problem sooo...

but now for checking if our login is successful or not we have to use some messages of like "auth failed" and successful login auth message like "Login Successfully!" 

we have to give those messages or use in our program to detect valid login ;)

let's try to make bot or you can use Hydra or Sentry SMBA

i will suggest you to use sentry coz this is wot it made for ;) and basically cracking = brute force

I hope you understand it well :)

Don't forget to upvote and Follow me

AmmadKhalid