| Author |
Moodle Hacking |
reg_edit
Member
Posts: 24
Location:
Joined: 27.01.11
Rank: Hacker Level 3 |
|
I have a curiosity, is it possible to hack into Moodle? My school uses that, and my teacher said I would get extra points if I'm able to find an exploit.
reg_edit
/*I have no signature yet, I'll do one soon*/ |
|
| Author |
RE: Moodle Hacking |
ynori7
Future Emperor of Earth
Posts: 1481
Location: #valhalla
Joined: 08.10.07
Rank: Diabolical |
|
Dunno about hacking into it, but there are exploits. I've found CSRF vulns in moodle. They didn't see why it was an issue though when I reported it.
|
 
|
| Author |
RE: Moodle Hacking |
reg_edit
Member
Posts: 24
Location:
Joined: 27.01.11
Rank: Hacker Level 3 |
|
thanks ynori7, I'll get into reading more of it. I've been Googling for a while and I did find some exploits but I didn't understand it much. I'll spend more time reading. Thanks again.
/*I have no signature yet, I'll do one soon*/ |
|
|
| Author |
RE: Moodle Hacking |
ynori7
Future Emperor of Earth
Posts: 1481
Location: #valhalla
Joined: 08.10.07
Rank: Diabolical |
|
You shouldn't looking for exploits that other people found and posted. Look at moodle sites for exploits that nobody has discovered yet.
I dunno if you were given access to one to play around with. I have the advantage of having instructor privileges and a handful of dev sites to test things on, but you may be able to find some stuff as a student. I would start in the discussion forums.
|
|
|
| Author |
RE: Moodle Hacking |
reg_edit
Member
Posts: 24
Location:
Joined: 27.01.11
Rank: Hacker Level 3 |
|
|
yea, that's what I want, find exploits on my own, but like i'm still learning i was googling around to see other exploits people have found to better understand how things work and get an idea of what happens in the back-end of moodle. I only have my student-user-account where i can access our courses' notes and other things, and we are given access to a blog of our own if we choose to use it. |
|
|
| Author |
RE: Moodle Hacking |
j4m32
Member
Posts: 81
Location:
Joined: 01.05.10
Rank: God |
|
Knowledge of PHP is a must for this.
The best way of finding an exploit in this, where you have access to the source anyway, is to set yourself up a test bed. It's pointless trying things at random and wasting time on thing that may not be vulnerable.
What I mean by "test bed" is set up a webserver on your machine. IE: Apache with PHP and MySQL on your local machine, download a copy of Moodle and set it up.
Then it's just a case of looking through the source code to find something that they have either overlooked or not protected sufficiently.
Then mess around with any ideas, only edit the source to give you debug information (if need be).
Jim, |
|
|
| Author |
RE: doubt you are getting extra credit legally |
warrengreen
Member
Posts: 5
Location: highland, mi
Joined: 25.10.07
Rank: Mad User |
|
my school never used https for moodle so it was susceptible to man in the middle attacks. Look into cain and able.
there are two things that are infinite; human stupidity and the universe and im not sure about the second one.
--Einstein |
|
|
| Author |
RE: Moodle Hacking |
Arabian
Member
Posts: 321
Location: inside you.
Joined: 22.09.10
Rank: God |
|
Last I checked, Moodle was bruteforceable - no lockout after too many tries, so you can do this,
I also noticed a checksum validator akin to Javascblockedript16 on some pages to enter in classes, and multiple XSS vulns within class pages.
Do what you want tho 
the real fun is how you can fuck with your teacher legally.
Hare Lambda!
|
|
|
Main:
