Re: How can i enter a page that asks me for a password without subscribing?

Sorry for the long delay in responding, but I was for a while unsure how to answer this question. I finally decided that I would not directly answer the question as posed, but rather, address some issues that were not directly asked.

If you were hoping for a "how do I get in" point-and-click answer, you may as well stop reading now, because I will not tell you how to do it. The only direct clue I will give is to say that in general, if a web server wants a certain level of authentication before it will give you the contents of a page, it won't give it until you give it the password.

You may wish to consider the moral and ethical implications of trying to bypass the password prompt. It's fairly obvious that the prompt is there for a reason. Perhaps it's private material, not intended for general reading. Perhaps it's personal information. Perhaps the people are trying to make a living by selling access to the information. In any case, you should ask yourself if you would want other people doing the same thing to your website, if you were running it instead.

Remember - if it's a for-pay site, the people probably have things they need the money for. Things like paying for their network connection (which can run to tens of thousands of dollars a month for high-bandwidth), the cost of the servers, the cost of renting space in a co-location facility (which can be another thousand dollars a month per server), the cost of systems staff to run the servers, install content, and all the other things to keep a large site running. I've heard of many web sites that were taking in a quarter of a million dollars a month and still losing money.

Needless to say, the owners of such sites consider not paying to be theft, just as it's theft to leave a record store with an album you haven't paid for.

Even if it's not a for-pay site, there are still moral and ethical issues. Even if it's just somebody's online journal - do you have a right to read it if the author has said "This is intensely personal, and I only want these five people reading it"? How would you feel if somebody else was snooping around in your private stuff? Note also that in many parts of the world, it is illegal to steal content like that.

If after all this, you still feel a need to bypass the password prompt, I'll re-iterate that the password prompt itself is fairly secure and not breakable. As a result, any attacks would best be done via other means. Bruce Schneier, in his excellent book "Secrets and Lies", says in Chapter 19:

Threat modeling is a lot like this, and the only way to learn it is to do it. So let's start by stealing some pancakes.

Our goal is to eat, without paying, at the local restraunt. And we've got a lot of options. We can eat and run. We can pay with a fake credit card, a fake check, or counterfiet cash. We can persuade another patron to leave the restraunt without eating and eat his food. We can impersonate (or actually become) a cook, a waiter, a manage, or the restraunt owner (who might actually be someone that few workers have ever met). We could snatch a plate off someone's table before he eats it, or from under the heat lamps before the waiter could get to it. We can wait at the dumpster for the busboy to throw away the leftovers. We can pull the fire alarm and sneak in after everyone evacuates. We can even try to persuade the manager that we're some kind of celebrity who deserves a free breakfast, or maybe we can find a gullible patron and tal her into paying for our food. We could mug someone, nowhere near the restraunt, and buy the pancakes. We could forge a coupon for free pancakes. And there's always the time-honored tradition of pulling a gun and shouting, "Give me all your pancakes".

There are probably even more possibilities, but you get the idea. Looking at this list, most of the attacks have nothing to do with the point where money changes hands. This is interesting, because it means that securing the payment system does not prevent illicit pancake stealing.

I'll leave it to the wannabe-hacker to interpret how this applies to a web server. If you need more hints, you can start at:
The SANS Institute
SecurityFocus.com, in particular their Bugtraq mailing list and its archives.
RootShell

Remember that actually using any information from these or other sites to break into a web site is probably illegal. Think about that before you do anything you may spend the rest of your life regretting....