Games Word game

[EmptyBottle]

amicable

View attachment 179756

what am i even looking at

blend

basically, this piece of code writes (credentials) to a file if inserted into a login form at the code level (something only a rogue admin or someone with write access to a site's code can do)

• file_put_contents (writing function)
• . The example uses .htaccessPassword because .htaccess* files are typically hidden from public view with both Apache and nginx
• $_POST['u'] can be a username entry field
• ^^^ is a separator, optional.
• $_POST['pw'] can be a password
• \n is a new line (so you don't get all the data in one line)
• 8 = FILE_APPEND (don't overwrite, write as if one adds to a diary)

PS: There is a reason I use unique passwords (and save to encrypted password manager on Firefox)... log resistance (can't login to the email I used for signup with any of my SaSu passwords, and vice versa)... and anti phishing (password manager checks domain for me as well)

PS 2: this code doesn't check for blank values, so an attacker will have to grep (search file) for non blank lines before beginning use of their ill-obtained credentials.

PS 3: There is little risk sharing this coz a variant of this has already been used ages ago by hackers on different sites.

 

[R. A.]

endear

blend

basically, this piece of code writes (credentials) to a file if inserted into a login form at the code level (something only a rogue admin or someone with write access to a site's code can do)

• file_put_contents (writing function)
• . The example uses .htaccessPassword because .htaccess* files are typically hidden from public view with both Apache and nginx
• $_POST['u'] can be a username entry field
• ^^^ is a separator, optional.
• $_POST['pw'] can be a password
• \n is a new line (so you don't get all the data in one line)
• 8 = FILE_APPEND (don't overwrite, write as if one adds to a diary)

PS: There is a reason I use unique passwords (and save to encrypted password manager on Firefox)... log resistance (can't login to the email I used for signup with any of my SaSu passwords, and vice versa)... and anti phishing (password manager checks domain for me as well)

PS 2: this code doesn't check for blank values, so an attacker will have to grep (search file) for non blank lines before beginning use of their ill-obtained credentials.

i need to learn this kind of shit; i don't reuse passwords but this is next level.

 

[EmptyBottle]

endear



i need to learn this kind of shit; i don't reuse passwords but this is next level.

earrings

Yep. That could be how some password lists are generated... most passwords from lists are either phished, logged thru site compromise.. or not hashed / poorly hashed (but even poor hashing is better than none... 16 random characters take ages to crack)

Thise lists can be used legally to try and block insecure passwords (eg, the top 10,000)

By suggesting random passwords on a site I control... even if an attacker gains access and inserts this kind of logger in... there is less use, coz the users already are suggested random passwords.

 

[R. A.]

rings
(lol)

i barely understand any of what you said, but that makes me feel like i should learn...

 

[EmptyBottle]

rings
(lol)

i barely understand any of what you said, but that makes me feel like i should...

streams

TLDR: avoid reusing passwords (use random passwords on new accounts, etc)... and use an encrypted password manager.

 

[R. A.]

Amsterdam
(maybe cheating...)

what is the deal with password managers? aren't they tied to a device, or profile? don't i need a password if there's a profile? haha

 

[EmptyBottle]

Amsterdam
(maybe cheating...)

what is the deal with password managers? aren't they tied to a device, or profile? don't i need a password if there's a profile? haha

dams

They can help one generate random passwords (firefox uses 15 random chars), ensure one doesn't logon to phishing/cloned sites (assuming they didn't always use the clone site in the first place) coz they will not fill in the password, and some can even sync encrypted passwords between devices.

Oh yes, they have a master password usually. Remember 1 password vs many :)

 

[R. A.]

serpent
(had to escape that)

but what happens if you forget the one password to rule them all?? and/or someone else figures it out? then they have all your passes right?

 

[EmptyBottle]

serpent
(had to escape that)

but what happens if you forget the one password to rule them all?? and/or someone else figures it out? then they have all your passes right?

pentagon

oh yep, which is why locking the PC when I step away from it... and regularly entering that password (at least a few times a week, coz I'll eventually close firefox) occurs

 

[R. A.]

gonad

i know it's probably safer overall but for now i think i may keep my passes in my brain...have to read more about this when less

 

[EmptyBottle]

gonad

i know it's probably safer overall but for now i think i may keep my passes in my brain...have to read more about this when less

advertisement

okie. I keep some passes in my brain still.

 

[R. A.]

mentality

thank you for explaining!

 

[EmptyBottle]

mentality

thank you for explaining!

yoyo

no worries

 

[kazatte]

yonder

 

[EmptyBottle]

derpy :3