Insecure Login

[NathanLedet]

I have this little script that another web designer set up and I am looking over it on a friend of mine's web site.  From what little I know about hacking (none, to be honest), I am pretty sure this is an insecure way of logging in. What I would like to know is how insecure and easy it is to crack.

 

login.php:

if(isset($_POST['Submit'])){	

$username = "admin"; //Set username here
$password = "admin"; // Set Password here

$username1 = $_POST['username'];
$password1= $_POST['password'];

if($username==$username1 && $password==$password1){

session_start();

session_register('loggedin');

header( "Location: admin.php" );
}else{
echo "<p align='center'><font color='red'>Wrong Username/Password !!</font></p>";
}
}
?>

 

 

 

 

[dezkit]

impossible to crack

 

edit: just use a better password, goddammit!

[NathanLedet]

ha yeah that's just a dummy password, of course... impossible? really? eh well.. it is what it is.  Like i said, i know zilch

[cooldude832]

impossible to crack

 

agreed, but...

 

The ability to break this is the same as if they could read the file's content unreadered by getting into you FTP account for example.

 

the but,

 

If registered globals is enabled on your server I could set

$username to be "" via GET and crack it.  

 

So be observant of that

 

 

What method do u suggest a person could use to hack it?

[Hinty]

brute force, possibly add if 5 incorrect login attempts block IP for 30 mins

 

what if user went straight to admin.php would that ask them to log in?

[NathanLedet]

brute force, possibly add if 5 incorrect login attempts block IP for 30 mins

 

what if user went straight to admin.php would that ask them to log in?

yes it looks for the "loggedin" session.  If it doesn't exist, it redirects you to login.php

[freeloader]

It's impossible to crack since you hard coded the username and pass into the script. On the other hand it's a very impractical script. Very static, you can't add new admins through a sort of admin pannel, no dynamic pass change etc. Security wise it's great though.

[revraz]

Well nothing is impossible.  Given enough time anything can be cracked.

[NathanLedet]

Well alright then. I learned something

 

The script is not complex at all. the only purpose is to have only one admin with the ability to log in.  I agree, yes, it's impractical and I would do it in some other way...

[freeloader]

Granted, nothing is impossible Perhaps with dedicated brute force, hacking the ftp server or complex php code injection it would be possible.

[discomatt]

Brute force can be ruled out for the most part... in the most ideal situations over WAN HTTP you're only gonna get in 25-50 requests a second. Assuming only alphanumeric values are allowed, on an 8 character password you have ( 26 + 26 + 10 ) ^ 8. Over 200 Trillion combinations.

 

I'd say the most likely way this script is going to be compromised is if the PHP rendering engine fails and displays the source - This can be avoided by simply defining $username and $password in a PHP file below your web root and including it. Either that or you have a weak password and someone manages to dictionary attack.

 

In summary, it's a very basic and simple system and because of that it does it very well, with little room for holes. An attacker is more than likely going to find a weakness elsewhere.