• ⚠️ UK Access Block Notice: Beginning July 1, 2025, this site will no longer be accessible from the United Kingdom. This is a voluntary decision made by the site's administrators. We were not forced or ordered to implement this block.

EmptyBottle

EmptyBottle

🔑 Can be offline/online semi randomly.
Apr 10, 2025
1,432
amicable

View attachment 179756

what am i even looking at
blend

basically, this piece of code writes (credentials) to a file if inserted into a login form at the code level (something only a rogue admin or someone with write access to a site's code can do)

  • file_put_contents (writing function)
  • . The example uses .htaccessPassword because .htaccess* files are typically hidden from public view with both Apache and nginx
  • $_POST['u'] can be a username entry field
  • ^^^ is a separator, optional.
  • $_POST['pw'] can be a password
  • \n is a new line (so you don't get all the data in one line)
  • 8 = FILE_APPEND (don't overwrite, write as if one adds to a diary)

PS: There is a reason I use unique passwords (and save to encrypted password manager on Firefox)... log resistance (can't login to the email I used for signup with any of my SaSu passwords, and vice versa)... and anti phishing (password manager checks domain for me as well)

PS 2: this code doesn't check for blank values, so an attacker will have to grep (search file) for non blank lines before beginning use of their ill-obtained credentials.

PS 3: There is little risk sharing this coz a variant of this has already been used ages ago by hackers on different sites.
 
Last edited:
  • Informative
  • Like
Reactions: darksouls and R. A.
R. A.

R. A.

Some day the dream will end
Aug 8, 2022
1,695
endear

blend

basically, this piece of code writes (credentials) to a file if inserted into a login form at the code level (something only a rogue admin or someone with write access to a site's code can do)

  • file_put_contents (writing function)
  • . The example uses .htaccessPassword because .htaccess* files are typically hidden from public view with both Apache and nginx
  • $_POST['u'] can be a username entry field
  • ^^^ is a separator, optional.
  • $_POST['pw'] can be a password
  • \n is a new line (so you don't get all the data in one line)
  • 8 = FILE_APPEND (don't overwrite, write as if one adds to a diary)

PS: There is a reason I use unique passwords (and save to encrypted password manager on Firefox)... log resistance (can't login to the email I used for signup with any of my SaSu passwords, and vice versa)... and anti phishing (password manager checks domain for me as well)

PS 2: this code doesn't check for blank values, so an attacker will have to grep (search file) for non blank lines before beginning use of their ill-obtained credentials.

i need to learn this kind of shit; i don't reuse passwords but this is next level.
 
  • Like
Reactions: darksouls and EmptyBottle
EmptyBottle

EmptyBottle

🔑 Can be offline/online semi randomly.
Apr 10, 2025
1,432
endear



i need to learn this kind of shit; i don't reuse passwords but this is next level.
earrings

Yep. That could be how some password lists are generated... most passwords from lists are either phished, logged thru site compromise.. or not hashed / poorly hashed (but even poor hashing is better than none... 16 random characters take ages to crack)

Thise lists can be used legally to try and block insecure passwords (eg, the top 10,000)

By suggesting random passwords on a site I control... even if an attacker gains access and inserts this kind of logger in... there is less use, coz the users already are suggested random passwords.
 
  • Informative
  • Like
Reactions: darksouls and R. A.
R. A.

R. A.

Some day the dream will end
Aug 8, 2022
1,695
rings
(lol)

i barely understand any of what you said, but that makes me feel like i should learn...
 
  • Informative
  • Like
Reactions: darksouls and EmptyBottle
EmptyBottle

EmptyBottle

🔑 Can be offline/online semi randomly.
Apr 10, 2025
1,432
rings
(lol)

i barely understand any of what you said, but that makes me feel like i should...
streams

TLDR: avoid reusing passwords (use random passwords on new accounts, etc)... and use an encrypted password manager.
 
  • Informative
  • Like
Reactions: darksouls and R. A.
R. A.

R. A.

Some day the dream will end
Aug 8, 2022
1,695
Amsterdam
(maybe cheating...)

what is the deal with password managers? aren't they tied to a device, or profile? don't i need a password if there's a profile? haha
 
  • Informative
  • Like
Reactions: darksouls and EmptyBottle
EmptyBottle

EmptyBottle

🔑 Can be offline/online semi randomly.
Apr 10, 2025
1,432
Amsterdam
(maybe cheating...)

what is the deal with password managers? aren't they tied to a device, or profile? don't i need a password if there's a profile? haha
dams

They can help one generate random passwords (firefox uses 15 random chars), ensure one doesn't logon to phishing/cloned sites (assuming they didn't always use the clone site in the first place) coz they will not fill in the password, and some can even sync encrypted passwords between devices.

Oh yes, they have a master password usually. Remember 1 password vs many :)
 
  • Informative
  • Like
Reactions: darksouls and R. A.
R. A.

R. A.

Some day the dream will end
Aug 8, 2022
1,695
serpent
(had to escape that)

but what happens if you forget the one password to rule them all?? and/or someone else figures it out? then they have all your passes right?
 
  • Like
Reactions: darksouls and EmptyBottle
EmptyBottle

EmptyBottle

🔑 Can be offline/online semi randomly.
Apr 10, 2025
1,432
serpent
(had to escape that)

but what happens if you forget the one password to rule them all?? and/or someone else figures it out? then they have all your passes right?
pentagon

oh yep, which is why locking the PC when I step away from it... and regularly entering that password (at least a few times a week, coz I'll eventually close firefox) occurs
 
  • Informative
  • Like
Reactions: darksouls and R. A.
R. A.

R. A.

Some day the dream will end
Aug 8, 2022
1,695
gonad

i know it's probably safer overall but for now i think i may keep my passes in my brain...have to read more about this when less 😪
 
  • Hugs
  • Like
Reactions: darksouls and EmptyBottle
EmptyBottle

EmptyBottle

🔑 Can be offline/online semi randomly.
Apr 10, 2025
1,432
gonad

i know it's probably safer overall but for now i think i may keep my passes in my brain...have to read more about this when less 😪
advertisement

okie. I keep some passes in my brain still.
 
  • Love
  • Like
Reactions: darksouls and R. A.
R. A.

R. A.

Some day the dream will end
Aug 8, 2022
1,695
mentality

thank you for explaining!
 
  • Like
Reactions: darksouls and EmptyBottle
kazatte

kazatte

someday, surely, this pain will disappear
Sep 1, 2025
116
yonder
 
  • Like
Reactions: darksouls and EmptyBottle
EmptyBottle

EmptyBottle

🔑 Can be offline/online semi randomly.
Apr 10, 2025
1,432
derpy :3
 
  • Like
Reactions: darksouls
EmptyBottle

EmptyBottle

🔑 Can be offline/online semi randomly.
Apr 10, 2025
1,432
honourable
 
  • Like
Reactions: R. A. and darksouls
EmptyBottle

EmptyBottle

🔑 Can be offline/online semi randomly.
Apr 10, 2025
1,432
erratic (site loading speed earlier)
 
  • Like
Reactions: LighthouseHermit and R. A.
R. A.

R. A.

Some day the dream will end
Aug 8, 2022
1,695
tick
 
  • Like
Reactions: EmptyBottle and LighthouseHermit
EmptyBottle

EmptyBottle

🔑 Can be offline/online semi randomly.
Apr 10, 2025
1,432
killed (the lag was killed, yay)
 
  • Yay!
Reactions: R. A.
EmptyBottle

EmptyBottle

🔑 Can be offline/online semi randomly.
Apr 10, 2025
1,432
cater 🍣
 
  • Yay!
Reactions: R. A.
EmptyBottle

EmptyBottle

🔑 Can be offline/online semi randomly.
Apr 10, 2025
1,432
lesson
 
  • Like
Reactions: R. A.
R. A.

R. A.

Some day the dream will end
Aug 8, 2022
1,695
sonorous
 
  • Like
Reactions: EmptyBottle and LighthouseHermit
R. A.

R. A.

Some day the dream will end
Aug 8, 2022
1,695
sting
 
  • Like
Reactions: EmptyBottle, Cosmophobic and LighthouseHermit

Similar threads

stardewwindceres
Replies
21
Views
602
Offtopic
snow_in_summer
snow_in_summer
Minjas
Replies
1
Views
209
Suicide Discussion
TBONTB
T
Blueberry Panic
Replies
2
Views
187
Suicide Discussion
Nightfoot
N
Pessimist
Replies
18
Views
423
Forum Games
bleedxi
bleedxi