Follow us on Twitter!
Few are those who can see with their own eyes and hear with their own hearts. - Albert Einstein
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 24
Guests Online: 20
Members Online: 4

Registered Members: 82885
Newest Member: ConiBE
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

Hacking a Vote Panel.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-07-09 18:26
Oksy so on this private server I play on they have a vote panel, if you vote for them you gain 1 vote point. The thing is, you can only vote once every 12 hours. The page is here:http://208.43.192.210/avsnew1/. What would be some kind of javascript injection to break the timer?


Author

RE: Hacking a Vote Panel.

ranma
Member



Posts: 273
Location: Behind a sphere
Joined: 27.08.05
Rank:
Active User
Posted on 21-07-09 18:37
Most likely not, but if you give us your user/pass we could see what we could do.

PM me if you trust me Wink


Wisdom spared is wisdom squared.

Edited by ranma on 21-07-09 18:40
Author

RE: Hacking a Vote Panel.

ranma
Member



Posts: 273
Location: Behind a sphere
Joined: 27.08.05
Rank:
Active User
Posted on 21-07-09 18:39
After checking it out:
Dude, cheating blizzard=not cool. Also, hacking them probably= very difficult.
I'm sure they use IP to check votes or most likely users with a server-side code to check for hours.


Wisdom spared is wisdom squared.
Author

RE: Hacking a Vote Panel.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-07-09 18:45
Its not through Blizzard, its a private server owned by some 18 year old.


Author

RE: Hacking a Vote Panel.

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 21-07-09 18:52
The counting of variables (such as time) is done server-side, by a server-side language, the data will be stored in a sql server. The only way to hack that voting process is if you compromise the server by editing the data (sql) or the counting process (editing the php/asp/whatever script).

If I were tasked with hacking that system, I'd first search for possible sql injections, and if that fails, try to get to an admin panel.

If all else fails, you'll have to attack the box directly, hack the services that it's running.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce
Author

RE: Hacking a Vote Panel.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-07-09 19:54
What happend to the whole... don't ask for help hacking something/illegal act rule?


Author

RE: Hacking a Vote Panel.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-07-09 20:16
S1L3NTKn1GhT wrote:
What happend to the whole... don't ask for help hacking something/illegal act rule?

Well, in this case the page in question is illegal in itself as it's a private server. You could say that makes it slightly more officially acceptable.


Author

RE: Hacking a Vote Panel.

korg
Admin from hell



Posts: 2798
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank:
God
Posted on 21-07-09 21:15
Code
CREATE TABLE `realms` (                                 
          `id` int(10) unsigned NOT NULL auto_increment,         
          `name` varchar(32) default NULL,                       
          `sqlhost` varchar(32) default NULL,                   
          `sqluser` varchar(32) default NULL,                   
          `sqlpass` varchar(32) default NULL,                   
          `chardb` varchar(32) default NULL,                     
          PRIMARY KEY  (`id`)                                   
        ) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1;
      CREATE TABLE `votemodules` (                             
               `id` int(10) unsigned NOT NULL auto_increment,         
               `name` varchar(32) default NULL,                       
               `image` varchar(128) default NULL,                     
               `url` varchar(128) default NULL,                       
               PRIMARY KEY  (`id`)                                   
             ) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1;
          CREATE TABLE `voterewards` (                             
               `id` int(10) unsigned NOT NULL auto_increment,         
               `realm` tinyint(3) unsigned default NULL,             
               `name` varchar(32) default NULL,                       
               `description` text,                                   
               `itemid` int(10) unsigned default NULL,               
               `points` int(3) unsigned default NULL,             
               PRIMARY KEY  (`id`)                                   
             ) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1;
          CREATE TABLE `votes` (                       
          `ip` varchar(16) default NULL,             
          `account` varchar(16) default NULL,         
          `module` tinyint(3) unsigned default NULL, 
          `time` int(11) default NULL                 
        ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
         





Take it from there.


i57.photobucket.com/albums/g215/korg1269/shodan13.jpg

I deal in pain, All life I drain, I dominate, I seal your fate.
O R
Author

RE: Hacking a Vote Panel.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-07-09 03:55
COM wrote:
S1L3NTKn1GhT wrote:
What happend to the whole... don't ask for help hacking something/illegal act rule?

Well, in this case the page in question is illegal in itself as it's a private server. You could say that makes it slightly more officially acceptable.


LoL, Pfft, its running windows with open rdp, c'mon how hard could it be Wink


Author

RE: Hacking a Vote Panel.

Demons Halo
Member



Posts: 261
Location: Sweden
Joined: 26.03.09
Rank:
Apprentice
Posted on 22-07-09 12:50
everyone in here can tell you that I'm the biggest noob that have ever walked on the face of the earth, yet I managed to get some interesting results using a simple nmap scan -_- so my suggestion is:

- download nmap
- use google


base_dropper@hotmail.com www.demonshalo.com