Donate to us via Paypal!
Ideas are far more powerful than guns.
Monday, March 01, 2021
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 104
Guests Online: 103
Members Online: 1

Registered Members: 133768
Newest Member: gerald11936
Latest Articles

View Thread

HellBound Hackers | Computer General | Hacking in general

Author

admin login/directory exploit help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-12-07 05:30
ok. so i was messing around with the directories of a site that i frequent and found that they don't block most of them (www.example.com/images, www.example.com/templates, ect...) i was wondering if there were any common exploits that i could use in them to gain admin access:happy:. Also i found that they use admin.php for admin pages but it gives me this "internal server error. check your settings" if i try and access them...i thought off hand that i might need a different PSSESID to give me admin clearance but im still pretty new to the game. I would really like a shove in the right direction or some advice on this one.

And just to be clear i have no intention of causing any harm to the site i will report any and all exploits that i find to the admins. Just getting a rush from applying what ive learned so far. This site and hackthissite.org are great. you all inspire me. Grin


Author

RE: admin login/directory exploit help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-12-07 05:56
well, having directories list their contents is not a vulnerability.

however, things you may find while trolling around directories could get you somewhere.

1) look through ALL the directories and ALL the pages and the source of everything to try and find as much as you can.

now, try to find a copy of the admin.php file, it is probably open source. sry g2g peace




Author

RE: admin login/directory exploit help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-12-07 06:25
lol i know just looking at the directories isn't an exploit its just usually they are blocked. And yeah the admin. files in the template directory aren't blocked but so far i haven't found anything of much use. there are a lot of files tho so ill keep looking. Thanks tho man:happy:

-not to try is to fail


Author

RE: admin login/directory exploit help

Ayr4
Member

Your avatar

Posts: 234
Location: Norway
Joined: 28.09.05
Rank:
Moderate
Posted on 09-12-07 12:36
Lets say i got the source of all pages,,,including sysadmin...what could i do?


anbu.sf@hotmail.com
Author

RE: admin login/directory exploit help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-12-07 14:20
DigitalFire wrote:
well, having directories list their contents is not a vulnerability.


no but it is bad practice and probably means the admin is either sloppy or unintelligent and probably has made more mistakes if you look around

You generally shouldnt let any old person be able to look through your directorys for the reasons mentioned.
Author

RE: admin login/directory exploit help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-12-07 16:23
dude youre not gonna be able to hack hackthissite, even if you're a 1337 h4xx0r simply because...it's down.


Author

RE: admin login/directory exploit help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-12-07 16:31
Folk Theory wrote:
dude youre not gonna be able to hack hackthissite, even if you're a 1337 h4xx0r simply because...it's down.


he wasnt trying to hack that site, he was saying it has helped him Pfft


Author

RE: admin login/directory exploit help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-12-07 17:22
lol oops i totally misread that, my bad. i went back and saw you're right he's not trying to hack hackthissite...


Author

RE: admin login/directory exploit help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-12-07 18:18
Anyways, as someone mentioned above, its pretty sloppy work, but i've seen plenty of sites myself that leave a ton of open directories, but that doesn't always mean your gonna find a bunch of vulnerabilities, an old school of mine had a TON of open directories, and i, and i even had system look around a bit, neither of us could really find anything, once it came to a file that had anything worth looking at /admin/ or /source-db/ etc. THAT they had locked down. Anyways, all im getting too is don't get your hopes up too much, its not always as easy as finding an open dir and being able to find passwords and that. (mostly that thought comes from some of the onsite challs, but truly there just to give you the idea of learning certain things.). I mean i could be wrong, and yeah there more than likely pretty sloppy but for the most part, if u really discover a dir thats important, it'll probably be prote cted. , later (wow, thats like the second longest post i've ever typed, yay.:ninja:




Edited by on 09-12-07 18:21
Author

RE: admin login/directory exploit help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-12-07 18:50
what's the site your talking about.
Author

RE: admin login/directory exploit help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-12-07 19:32
S1L3NTKn1GhT wrote:
its rarely as easy as finding an open dir and being able to find passwords and that. (mostly that thought comes from some of the onsite challs, but truly there just to give you the idea of learning certain things.)


Fix'd.
Author

RE: admin login/directory exploit help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-12-07 20:35
lesserlightsofheaven wrote:
S1L3NTKn1GhT wrote:
its rarely as easy as finding an open dir and being able to find passwords and that. (mostly that thought comes from some of the onsite challs, but truly there just to give you the idea of learning certain things.)


Fix'd.



LOL, thx lesser B)


Author

RE: admin login/directory exploit help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-12-07 00:53
thanks for the feedback guys. I was up all night trying to find something, anything, that could lead to a possible exploit. Ive found a bunch of hidden dir. but none have given up much valuable info. Tho i have found a "mail" dir that needs admin authentication but when you hit cancel it redirects you to the mail page anyway and it gave me a weird cookie that when i decoded it with N-F tools (md5 hash i think) it gave me what looks like a PHPSESSID that maybe i can use to get authentication for other admin pages. but i havent tried it yet.

and yeah lol there is no way i could hack hackthissite.org ...that made me laugh...Grin