Home/ Questions/Q 7179881
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T17:13:52+00:00

I have a somewhat hack-ish question and I’m intrigued as to how I would

  • 0

I have a somewhat hack-ish question and I’m intrigued as to how I would do the following (if even possible):

Basically, to give a bit of context, I had an account on a site a few years ago and had a username and password for the portal to log in and see all my information/transcript/etc. I haven’t connected since I stopped using it a couple years ago by I wanted to view the information that I submitted. Problem is, I can no longer remember the password (to a certain degree). And if I go the ‘forgot password’ route, it’s linked to a really old hotmail address which was deactivated a while back.

I’m aware that this will involve some sort of password crack and I don’t want to talk about ways to screw people and gain access to their accounts but it’s mine and I’m curious if this is possible.

Thing is, I have the username and I have the majority of the password, all except the final 2 numbers. I can’t remember them. I know I added 2 digits at the end because I was forced to (between 10 and 99).

So say my username was ‘johnsmith’ and my password was ‘eatdog##’, is there a way to create a form and loop it over and over until the password is guessed correctly? I’m aware they might have some sort of protection against the amount of tries per ‘whatever amount of time’.

Thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Considering you only need to iterate over < 100 different possibilities, this should be crackable.

    View the HTML source of the page that contains the login form and see which page the form submits to. Lets assume it is action.php. You will see something like this in the HTML source:

    <form id="login" action="action.php" method="post">

    Use cURL to make a POST request to action.php with your username and password as POST parameters (including anything else the form is posting). Do this in a loop with the password changing at each iteration.

    Your code should look something like this (in PHP)

    $username = "johnsmith";
$pass_base = "eatdog";
$url = "the url the form submits to";
$failed = ""; //the response returned by the server when login fails

for ($i=10; $i < 100; $i++)
{
    $password = $pass_base . $i;

    $ch = curl_init();
    curl_setopt($ch,CURLOPT_URL,$url);
    curl_setopt($ch,CURLOPT_POST,true);
    curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);

    //set the POST parameters

    $data = curl_exec($ch);
    curl_close($ch);    

    if ($data != $failed)   //analyze the returned data
    {
        echo $password;     //this is your password
        break;
    }   
}

    The above code is a PHP script. It WILL NOT run as is. I’ve only provided the meat of the script. You might have to do some basic initialization – hopefully you’re somewhat familiar with PHP.

    You can run it from your localhost (install WAMP). I’d estimate it shouldn’t take more than 5 min to run through all the passwords.

    This would only work if the login process isn’t specifically designed to stop brute force attacks. If it locks you out for x min after y unsuccessful logins, you’d have to sleep the PHP script after every y-1 attempts for sometime so as not to trigger the lockout.

    If it starts asking for captcha, the above script won’t work.

    • 0