Wednesday 8 June 2011
Password Hacking using QTP
Password Hacking Using QTP
I will explain you how to decode an encoded password in QTP.
Using QuickTest Professional and this approach, you can hack email accounts published on Internet. Are you interested? :) So, continue reading this QTP tutorial for details.
I've just recorded a simple script, which signs into Gmail. It:
Using QuickTest Professional and this approach, you can hack email accounts published on Internet. Are you interested? :) So, continue reading this QTP tutorial for details.
I've just recorded a simple script, which signs into Gmail. It:
- Fills 'Username' in
- Fills 'Password' in
- Clicks 'Sign in' button
And the recorded QTP script is:
Browser("Gmail").Page("Gmail").WebEdit("Email").Set "someaccount"
Browser("Gmail").Page("Gmail").WebEdit("Passwd").SetSecure "493844a99bee0e3ab952f2e867fd08e3"
Browser("Gmail").Page("Gmail").WebButton("Sign in").Click
Browser("Gmail").Page("Gmail").WebEdit("Passwd").SetSecure "493844a99bee0e3ab952f2e867fd08e3"
Browser("Gmail").Page("Gmail").WebButton("Sign in").Click
As you can see, QTP script is simple enough.
I've set "someaccount" to 'Username' editbox. But what about 'Password' editbox? What value have I filled in?
QTP encrypted the password using SetSecure method:
QTP Help:
The SetSecure method is recorded when a password or other secure text is entered.
The text is encrypted while recording and decrypted during the test run.
The SetSecure method is recorded when a password or other secure text is entered.
The text is encrypted while recording and decrypted during the test run.
How to know the initial text?
There is one trick. Apply SetSecure method to non-secured edit box!
Instead of this QTP code:
I run this QTP script:
And the result of this QTP script is:
Yes, "mypwd" was encrypted to "493844a99bee0e3ab952f2e867fd08e3". So, "mypwd" is the password I filled!
So, this is an easy way to decrypt an encrypted password in QTP.
By the way, there are two ways how to decrypt a password in QuickTest Professional:
Yes, "mypwd" was encrypted to "493844a99bee0e3ab952f2e867fd08e3". So, "mypwd" is the password I filled!So, this is an easy way to decrypt an encrypted password in QTP.
By the way, there are two ways how to decrypt a password in QuickTest Professional:
- Using Crypt.Encrypt
'encrStr' will contain an encrypted text.
- Using Password Encoder from 'Start/Programs/QuickTest Professional/Tools'
Summary:
- I explained two ways how to crypt a text in QTP
- I shown an approach how to decrypt an encrypted text
Stored Procedures Testing
Stored Procedures Testing
EACH AND EVERY STORED PROCEDURE MUST BE TESTED AT LEAST ONCE!!!”
1.1 Individual procedure tests
Verify the following things and compare them with design specification
* Whether a stored procedure is installed in a database
* Stored procedure name
* Parameter names, parameter types and the number of parameters
Outputs:
* When output is zero (zero row affected)
* When some records are extracted
* Output contains many records
* What a stored procedure is supposed to do
* What a stored procedure is not supposed to do
* Write simple queries to see if a stored procedure populates right data
Parameters:
* Check parameters if they are required.
* Call stored procedures with valid data
* Call procedures with boundary data
* Make each parameter invalid a time and run a procedure
Return values:
* Whether a stored procedure returns values
* When a failure occurs, nonzero must be returned.
Error messages:
* Make stored procedure fail and cause every error message to occur at least once
* Find out any exception that doesn’t have a predefined error message
Others:
* Whether a stored procedure grants correct access privilege to a group/user
* See if a stored procedure hits any trigger error, index error, and rule error
* Look into a procedure code and make sure major branches are test covered.
1.2 Integration tests of procedures
* Group related stored procedures together. Call them in particular order
* If there are many sequences to call a group of procedures, find out equivalent classes and run tests to cover every class.
* Make invalid calling sequence and run a group of stored procedures.
· Design several test sequences in which end users are likely to do business and do stress tests.
1.1 Individual procedure tests
Verify the following things and compare them with design specification
* Whether a stored procedure is installed in a database
* Stored procedure name
* Parameter names, parameter types and the number of parameters
Outputs:
* When output is zero (zero row affected)
* When some records are extracted
* Output contains many records
* What a stored procedure is supposed to do
* What a stored procedure is not supposed to do
* Write simple queries to see if a stored procedure populates right data
Parameters:
* Check parameters if they are required.
* Call stored procedures with valid data
* Call procedures with boundary data
* Make each parameter invalid a time and run a procedure
Return values:
* Whether a stored procedure returns values
* When a failure occurs, nonzero must be returned.
Error messages:
* Make stored procedure fail and cause every error message to occur at least once
* Find out any exception that doesn’t have a predefined error message
Others:
* Whether a stored procedure grants correct access privilege to a group/user
* See if a stored procedure hits any trigger error, index error, and rule error
* Look into a procedure code and make sure major branches are test covered.
1.2 Integration tests of procedures
* Group related stored procedures together. Call them in particular order
* If there are many sequences to call a group of procedures, find out equivalent classes and run tests to cover every class.
* Make invalid calling sequence and run a group of stored procedures.
· Design several test sequences in which end users are likely to do business and do stress tests.
Subscribe to:
Posts (Atom)