Pentesting Services Needed

BlackVikingPro
7 years ago | edited 7 years ago

0

Good evening! I have halfway finished a new project I’m working on for my UIL Computer Science group/club, which would be a website section that gives us options to live chat, send pms, and much more. Well, I’ve finally implemented AES 256 bit encryption for security and everything :). Well, I now want to give it a shot at how well my security really is, I myself couldn’t find any loopholes, but you know me well right @dloser :D. Anywho, I’d really like it if people can give it a shot for me, please be responsible! I will give you guys URL’s to signup and signin, please respect that it’s still in development and will have several bugs.

I don’t log IP’s until you create a new account, that’s it though. Other than that, Google’s reCaptcha system might (I would assume they do). This data is secured, and will be deleted on request. Please don’t input any personal data! I am not responsible for data leaks (in case you do put in your real password/email), so just don’t. All information gathered by my services will NOT stick around, as soon as I get back to these forums, I will verify and delete the information!

Thanks, good luck ;)

web addresses:
Login: https://www.blackvikingpro.com/uil/accounts/login.php
Signup: https://www.blackvikingpro.com/uil/accounts/dev_docs/signup/

6replies
5voices
270views
SIGKILL [r4v463]
7 years ago

0

[quote=BlackVikingPro]I’ve finally implemented AES 256 bit encryption for security and everything[/quote]

Just to be sure, you’ve not implemented AES256 by yourself, you’ve used an already existing implementation ?

b1nary
7 years ago | edited 7 years ago

0

and the access code is ??
EDIT: oh unless u expect us to bypass it ? i guess i missunderstood the task then

f0rk [HackingGuy]
7 years ago | edited 7 years ago

0

I don’t know if error handling is the best… It took about 5 whole mins to return this load:
https://www.blackvikingpro.com/uil/accounts/login.php?p=-&escape^;‘;;^’-%00dev_docs/signup?username=test&password=test

I just was messing around. This post has no meaning.

cn9 [1337boy]
7 years ago

-1

last time OP tricked everyone in finding vulnz and then to report everyone to the police for hacking
so fuck off.

f0rk [HackingGuy]
7 years ago

0

What R ur wordz xD
R U Frl?

Reply has been removed
SIGKILL [r4v463]
7 years ago

0

Concerning the brute-force attack, if in “letters” you include both lower and upper case, you have a 62 char alphabet (2 alphabets and the 10 digits) , with a 10 to 12 password length, you have (6210 + 6211 + 62**12) which is +/- 3e21 possibilities.

So even if we consider 1 million IP adresses, each one makes 10 attemps, there is a probability of 1/(3e21/(1e6*10)) ie 1/3e14 that the password is the good one.

Obviously this calculation doesn’t consider the fact that maybe the password is something like “Bl4ckV1k1ng” which will be find easily with a dictionary attack.

Reply has been removed
You must be logged in to reply to this discussion. Login
1 of 7

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss