Friday, July 15, 2005

DIRECT HACKING OF THE PASSWORD DATA


Normally it should not be possible to access the password file. But in some cases , like the ones below , access is possible

The password data is in the public _HTML area of the server . i.e. in the folders where HTML documents are accessible via WWW.

Many users have a personal virtual web server on the main web server

The second situation arises when the website provider rents through a larger web space provider , which manages many other smaller web servers on his system
( e.g. www.simplenet.com ect. )
It then becomes possible to access the password data in caes one has an account on the same
computer system and the password data is publicly available. Using FTP or TELNET it is
possible to get into the folder with the password data , and to read these. Using Brute Force
Password crackers like " racrk v5.0" the password can be decoded . This can take a few hours
I have spent days on this a web master should not manage his pay site on a web server
shared by other web sites .

The devil is in the details ...

No comments: