Java Script Needed ! help please ..

[longtimeago 0]

hi friends , in my application developed i wanna check Brute Force attack testing , so in my application one module is all about asking the user to enter his email address and password .The default password what i have kept for the users are the date of birth of the users , but now i had been warned by my friend that Java Script can hack this , so i really wanna test it. Is there any Skilled Java script writers who can help me with a script which when entered in title bar will iterate the passsword field for passwords from 01011992 till 01011986 (dd-mm-yyyy) and click submit . the password field name is pwd , and button name is submit. I can change these names too if needed, so can some one help me please ?

[truefusion 3]

Actually, you don't need JavaScript to "hack" that. Just merely knowing the person's e-mail address and having been informed of their birth date, the format the date is supposed to be in and any other information required to log in—which doesn't seem like much from what i am reading—is all that would be needed. You wouldn't need JavaScript to get by that. Trying to force your way in with JavaScript, in this case, would take a while, as an automated script that doesn't have any e-mails of the registered users is really pointless. What you need to do is change the default password generation to something that doesn't relate to the person personally. In the end the person will still get the random hash sent to their e-mail anyway, so having a simple, default password is not an approach that should normally be taken. You want the default password to be somewhat complex, not simple.But if you still want to go with this approach, that is, with birth dates, then you should consider implementing a system that keeps track of how many times the user attempted to log in. After a certain time, the user is prevented from logging in for an hour or so, even if they get the password right during the lockdown.

[longtimeago 0]

ya i get u Mr.Moderator , but to test this, can some one help me in getting the script ? All it has to do is that increment the values from 01011992 till 01011986 (dd-mm-yyyy) and keep on submitting, obviously if gets right the script is gonna stop. Can i have one like that ?

[truefusion 3]

The JavaScript code you are requesting for requires you to manipulate the URL in order for this to be done automatically. The reason for this is because JavaScript cannot (at least to my knowledge) pick up POST and GET variables. So you would have to modify the action attribute of the FORM element to include the birth date that was used previously. You would also have to make sure the script allows itself to be stopped through at least a confirmation dialog. I could write this script, but i don't see much of a reason to do so, as there's not many ways to run custom-made JavaScript on a page that the "hacker" doesn't own. Remember, we have to assume this JavaScript attack is not built into this user management system itself. Therefore the only way to actually even be able to get JavaScript to run and affect a remote location is if the browser the "hacker" is using uses an extension that allows them to do so, or if the "hacker" successfully accomplished a XSS attack—but i don't think an XSS attack would work in your case. Just implement a lock down feature for your script, and you should be better off. Perhaps also include a captcha.

[longtimeago 0]

Thank You Mr.True Fusion , Can you please tell me what are all the other attacks which prevail today which can be a source of danger in my case. People say SQL injection is only possible only if there is a big flaw in the coding that is in the devoloping part. Hope othere wise SQL injection and other stuffs will not be possible.

[truefusion 3]

Thank You Mr.True Fusion , Can you please tell me what are all the other attacks which prevail today which can be a source of danger in my case. People say SQL injection is only possible only if there is a big flaw in the coding that is in the devoloping part. Hope othere wise SQL injection and other stuffs will not be possible.

Without looking at the source code, i can only provide general statements: that is, SQL injection and XSS is the only things that generally cause problems for developers in your case. Exposing the source code could also pose as a problem, as it may expose any other flaws. So, keeping your source code hidden and doing research on SQL injection and XSS is the only way to help yourself further.