Hack Your Sify Broadband Password!?

[fullyaddicted]

STOP! your imagination. 😛

what is the length of your sifybroadband ? the answer must be between 6-8. that is because sify does not allow you to have a p@$$word greater than 8 char length and no special chars and alpha-numers are now allowed. but "mircrosoft"(i hate microsoft, bill gates, windows) recommends you to have p@$$word atleat 8 char of length with alpha-numers and special chars on it

do you know the lenght my p@$$word? 10 char long. 🙂 .surprising! B) 😛
what did is ,i acutllya hack(change) the page http://202.144.65.70:8090/bbandnew/changep@$$.php3 to fit for my need.

you can also secure your p@$$word. 🙂

here is the code save this as html.open in the browser and chenage the p@$$word.





Change P@$$word

var blockedReferrer = 'blockedReferrer';
NS_ActualWrite=document.write;
// Popup Blocker -->
RanPostamble=0;
NS_ActualOpen=window.open;
function NS_NullWindow(){this.window;}
function nullDoc() {
   this.open = NS_NullWindow;
   this.write = NS_NullWindow;
   this.close = NS_NullWindow;
}
function NS_NewOpen(url,nam,atr){
if((nam!='' && nam==window.name) || nam=='_top'){
    return(NS_ActualOpen(url,nam,atr));}
obj=new NS_NullWindow();
obj.focus = NS_NullWindow;
obj.blur = NS_NullWindow;
obj.opener = this.window;
obj.document = new nullDoc();
return(obj);
}
function NS_NullWindow2(){this.window;}
function NS_NewOpen2(url,nam,atr){
if((nam!='' && nam==window.name) || nam=='_top'){
    return(NS_ActualOpen(url,nam,atr));}
    return(new NS_NullWindow2());
}
function op_stop() { NS_ActualOpen2=window.open; window.open=NS_NewOpen2; }
function op_start() { window.open=NS_ActualOpen2; }
function noopen_load() {
    op_stop(); if(zl_orig_onload) zl_orig_onload(); op_start();
}
function noopen_unload() { op_stop(); if(zl_orig_onunload) zl_orig_onunload(); op_start(); }
function postamble() {

  if(!RanPostamble) {
    RanPostamble=1;
zl_orig_onload = window.onload;
zl_orig_onunload = window.onunload;
window.open=NS_ActualOpen;
  }
}
window.open=NS_NewOpen;
document.ignore = new Object();







  Change P@$$word


This only allows you to change your p@$$word. You will be allowed
to

change the p@$$word if your old p@$$word matches




 
   User ID
  
  
 
 
   Enter Old P@$$word
  
  
 
 
   Enter New P@$$word
  
  
  
 
 
   Confirm New P@$$word
  
  
 
 
  
  
 
 
  

  
  
  
 
 
   [size=\"1\"]Note: P@$$word should be 6-12
   characters, may contain alphabets and numbers, Spaces are not allowed[/size]
 









postamble();

[/b]

 

[cweihrauch]

Besides, be it 8 or 10 chars... anyone on the network can see the p@$$word anyway since it's transmitted in plain text ! So if someone wanted to hack your p@$$word, I don't think they'd use brute-force where a longer p@$$word might be of some use.

 

[Sushubh]

network packet @n@1yzer. that s*cks. 🙁

 

[fullyaddicted]

have you heard of ettercap .tryit

http://ettercap.sourceforge.net/
its a sniffer not like packet @n@1yzer

 

[cweihrauch]

Originally posted by Sushubh@Nov 26 2004, 06:33 AM
network packet @n@1yzer. that s*cks. 🙁
[snapback]2437[/snapback]

[/quote]

Why ?
It's a required tool to designing networking programs and in our case to check security. Sure, crackers can use it to find p@$$words, but one shouldn't blame it on the tool, but the user.
Besides, if they didn't exist, we wouldn't know sify has this terrible lack of security, sending p@$$words in plain-text over semi-public LANs - not that other protocols don't do the same... ftp, pop3 etc...

 

[Sushubh]

the comment was in reference to sify's insecure mode of p@$$ing on the p@$$word... 😕

 

---

[cweihrauch]

Originally posted by Sushubh@Nov 26 2004, 06:52 AM
the comment was in reference to sify's insecure mode of p@$$ing on the p@$$word... 😕
[snapback]2442[/snapback]

[/quote]

sorrry, missunderstood that :huh:

 

[Fred]

I don't think there's any use of a longer p@$$word for sify. It can be hacked anyways.

 

[Fred]

But yeah, thanks for the info!

 

[inetbum]

fullyaddicted, nice hack, very impressive 😉 even though it can't achieve its potential because the communication protocols are inherently insecure. But nice piece of creativity.

 

[anand]

Even though the p@$$words are relayed in plain text I think they cannot be collected by others unless they are broadcasted instead of directed to one IP. Damn it's not enough that we don't get desired speeds now those with shared packs have to deal with unethical hackers using their account and exceeding that limit.

 

[surjeett]

1. Any kind of script editin doesn fall under the categoery of a HACK.2. Ur computer can be happily traced if u r using ne UID (provided that guy complains abt the loss of internet time)

 

[inetbum]

Understanding and modifying programs without does fall under "Hacking"
Stealing p@$$words and causing financial loss to others falls under "Cracking" 😉
http://lrs.ed.uiuc.edu/wp/crime-2002/hacking.htm --Scroll down and read the FAQ

Yes a customer can easily figure out whether he is being hacked if he has a time or data transfer limited connection. But it might take him a while to know the same if he has an unlimited connection like almost all of us here.

 

[inetbum]

Even though the p@$$words are relayed in plain text I think they cannot be collected by others unless they are broadcasted instead of directed to one IP.[/b]
--anand

Actually the very basic design of an ethernet/LAN says that whatever packet one computer sends out is received by all the computers on the same LAN. But if the packet is not meant for them, they don't see what's inside it by default. This behaviour can be easily changed. On the other hand Broadcast packets are not only recieved by all the computers on the LAN but also processed by them and not dropped, according to default settings.

I think the LAN environment is a highly insecure environment when you don't know most of the people who are on it and there's no security policy thrust upon the whole LAN.

 

[ultra vires]

well if ya really want to get the damn p@$$word then use ARP poisoning , use it b\w the CTO server and all other PC's on netrk.but lemme tell ya this shuldnt be done for long as this can easily pull down the netwrk in 7-8 mins and people if they r as smart as surjeet can easily detect that something is goin wromg. but dont wrry he wont be able to trace to ya ,lolThere is only one way to trace it and i dont think most of us know bout it. B)