A Flash Developer Resource Site

Page 1 of 2 12 LastLast
Results 1 to 20 of 33

Thread: i need you to try and hack this!!!

  1. #1
    Senior Member
    Join Date
    Oct 2001
    Posts
    1,053

    i need you to try and hack this!!!

    ok, i made a password protected control panel thing for a client, and someone keeps getting in and changing things...
    i have no friggin clue how, short of decompiling the swf, so i thought maybe you would know how...

    if you could go here
    http://www.seeminglyawake.net/profanehumor/main.html

    and click on the client login, and try to hack it so you can update the news/shows area, then tell me how, so i can try to fix it.

    i would owe you my life if you could help out (well maybe not my life, but i'd be very happy)

  2. #2
    Griffhiggins 2.2 clifgriffin's Avatar
    Join Date
    May 2001
    Location
    Your Bathroom! Bwahahaha!
    Posts
    1,383
    Is the password stored in the flash?

    If so...it is simple to extract with a swf decompiler.


    My advise? Let it check a db.

    Clif

  3. #3
    Slackware 9.0 Runes_Tooth's Avatar
    Join Date
    Mar 2002
    Location
    Crono Triggyarr
    Posts
    508
    You can't hide anything in Flash. PM me.

    btw, I've got your password and I know how to use it!

  4. #4
    F# A# oo Ian424's Avatar
    Join Date
    Jun 2001
    Posts
    1,070
    i got it.

    you can open notepad and to a find for "password" and you will find it.

    i suggest doing this sorta thing server side, or giving less obvious variable names.

  5. #5
    Junior Member
    Join Date
    Jun 2002
    Posts
    7
    Same here. Better get that addressed.

  6. #6
    Senior Member
    Join Date
    Oct 2001
    Posts
    1,053
    thanks for the help, i'm working on fixing it now...

  7. #7
    Moderator enpstudios's Avatar
    Join Date
    Jun 2001
    Location
    Tampa, Fl.
    Posts
    11,282
    cherrycoke
    Last edited by enpstudios; 02-18-2003 at 12:42 PM.

  8. #8
    Senior Member
    Join Date
    Oct 2001
    Posts
    1,053
    so, to do it sever side or whatever, what do i have to do?


    i thought i could load the password from a .txt file, but you could figure that out pretty easy too, right?

  9. #9
    Griffhiggins 2.2 clifgriffin's Avatar
    Join Date
    May 2001
    Location
    Your Bathroom! Bwahahaha!
    Posts
    1,383
    Yes...because you could easily just pull up the text file.


    Use ASP/PHP with a db.

    Clif

  10. #10
    ? tonytryout's Avatar
    Join Date
    Oct 2001
    Location
    Somewhere out there
    Posts
    864
    but you can't protect a text file can you? If this guy knows how to use SWF compiler then surely he would find out the address of the text file.
    then all he needs to do is type the URL directly and the password is displayed.

    With a database, you can password-protect it.

    I could be wrong....Correct me if I am wrong.

  11. #11
    Junior Member
    Join Date
    Oct 2000
    Posts
    20
    don't need a db, just put the password in a php file

  12. #12
    FK's Wave Pimp kamyab's Avatar
    Join Date
    Jan 2002
    Location
    Orange County, CA
    Posts
    1,210
    Originally posted by JDO67
    don't need a db, just put the password in a php file
    use md5 too

  13. #13
    Senior Member
    Join Date
    Oct 2001
    Posts
    1,053
    okay... how do i put the password in a php file, and what is md5?

  14. #14
    Phantom Flasher... Markp.com's Avatar
    Join Date
    May 2000
    Posts
    16,034
    You don't need to use md5 but if you want it to be ultra secure, then use it.

    php file should be something like: (I'm writing from memory here)
    Code:
    <?php
     pass="thepassword"
    ?>
    <html>Blah Blah No password for you!</html>
    Have a look on hotscripts.com

  15. #15
    Senior Member
    Join Date
    Oct 2001
    Posts
    1,053
    thanks alot for the help

  16. #16
    Phantom Flasher... Markp.com's Avatar
    Join Date
    May 2000
    Posts
    16,034
    Make sure you test the php by viewing the source, when viewing it through a webbrowser online!

  17. #17
    Slackware 9.0 Runes_Tooth's Avatar
    Join Date
    Mar 2002
    Location
    Crono Triggyarr
    Posts
    508
    I also suggest not posting a thread titled "i need you try and hack this" as some bored hacker might decide to destroy your server and say that you wanted him to.

  18. #18
    Senior Member
    Join Date
    Oct 2001
    Posts
    1,053
    hah, good point, hopefully that doesent happen

  19. #19
    say no more loydall's Avatar
    Join Date
    Feb 2001
    Location
    London
    Posts
    1,261
    Hmmm,

    There may be another way around it just using a text file. I've never tried this but I cant see why it wouldn't work. As long as you have access to folders outside of the root folder of your website, you can put the text file in there and just load any variables using the exact path to the text files. Something like:

    loadVariablesNum("c://data/password.txt", 0);

    or whatever.

    Because it's outside your web root, there's no address that anyone can type to access it. I'm sure that would work provided you have access to a folder outside your web root and you know the exact path to it.

    Someone's about to prove me wrong here - I can feel it.

  20. #20
    Senior Member
    Join Date
    Oct 2001
    Posts
    1,053
    hmm... thats an interesting idea... i'd like to hear wether or not that would be safe.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  




Click Here to Expand Forum to Full Width

HTML5 Development Center