How can i crack this password =D

Hello everyone, Tt may seem a noobs question but i would like to know how to crack this password. Is there a tool ? How can i get the password ?

<?php if ($_POST['post'] == "toto" ) { ?> <h4>Vous êtes entré sur la partie caché du site.</h4> <?php } else { echo $_POST['post']; } ?>

No ! You did not understand, how can i get the password if i don't know the code =D I know it's toto but how can i find it without having the code infront of my eyes.

Kunar wrote: No ! You did not understand, how can i get the password if i don't know the code =D I know it's toto but how can i find it without having the code infront of my eyes. SE, bruteforce, hack the CPanel / FTP / SSH, maybe RFI a shell… It's actually in the code so, without seeing the code, you're just guessing or "educated guessing".

kiyoura wrote: [quote]Zephyr_Pure wrote: [quote]Kunar wrote: No ! You did not understand, how can i get the password if i don't know the code =D I know it's toto but how can i find it without having the code infront of my eyes. SE, bruteforce, hack the CPanel / FTP / SSH…[/quote]

Zephyr_Pure, you just sent him to the dog's house, you know that don't you?

kunar, do you even know PHP?[/quote]

Yes i do. Why ?

I'm just trying to find out how i could crack this password without knowing the code. Because i tried with brutus aet2 but didn't work :s:angry:

Sorry for disturbing.

I know php, but not to much, i started there is 4 months. And i have no clue how to bruteforce this php line. I just wanted to get some clues… Sorry guys.

kiyoura wrote: Finish the PHP tutorial on http://www.w3schools.com before posting again.

closed thread.

moshbat wrote: Thread is not closed, and do not say that unless you have the powers to close the thread.

Very well said. This thread is actually not getting closed right now because, though the OP is a bit… clueless, there's plenty to still discuss here for the benefit of others.

First, the OP did clarify his exact intent; for those suggesting that he learn PHP to understand the code he gave as an example, re-read the thread and catch up to the rest of us. As for exploiting the particular conditions he mentioned, methods have already been mentioned for gaining access to the code through compromising the server itself instead of the web application. If he were to attempt bruteforcing the web application, PHP is an alternative… yet, one of many. Here's the important points:

1. Use whatever language you are most familiar with.
2. Analyze your target's responses to wrong POST values and find the common traits.
3. Have your prog check for the presence of those traits and determine working values by them not being there.
4. Test, fix, test, etc.!

Now, let's see how we can continue from this point on.

http://en.wikipedia.org/wiki/Brute_force_attack

http://eternalrise.com/blog/brute-force-php-script/

Time spent on google: 1 Min 37 Seconds . Time Thread has been open: 1 hour 28 Minutes.

That should give you enough to get started.

OP is a troll, same guy as Houser. Discontinue this thread, please.

spyware wrote: OP is a troll, same guy as Houser. Discontinue this thread, please. That's very kind of you :happy: But apparently, nobody can answer to Kunar with a concrete code to crack his password. I think he isnt interresting in boring link, he just wants to know how you would crack this password.

houser wrote: But apparently, nobody can answer to Kunar with a concrete code to crack his password. I think he isnt interresting in boring link, he just wants to know how you would crack this password.

The "concrete code" would be a bruteforcer. To code one of those, you have to "accept boring link". We're not here to do the coding for people; if you're not willing to get your hands dirty, don't bother hanging around long. That's for the OP and for you, since you both seem not to understand the concept of what "help" really is.