Follow us on Twitter!
It is the path of least resistance that makes rivers and men crooked. - Bj Palmer
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 33
Guests Online: 32
Members Online: 1

Registered Members: 82831
Newest Member: FL4SHC0D3R
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Author

Moodle Hacking


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-02-11 03:52
I have a curiosity, is it possible to hack into Moodle? My school uses that, and my teacher said I would get extra points if I'm able to find an exploit.

reg_edit

/*I have no signature yet, I'll do one soon*/
Author

RE: Moodle Hacking

ynori7
Member



Posts: 1486
Location: #valhalla
Joined: 08.10.07
Rank:
God
Posted on 03-02-11 04:07
Dunno about hacking into it, but there are exploits. I've found CSRF vulns in moodle. They didn't see why it was an issue though when I reported it.


halls-of-valhalla.org/images/affiliateLogo.png voodoorage.halls-of-valhalla.org/images/smallLogo.png
i537.photobucket.com/albums/ff338/ynori77/archenemysig1.jpg
ynori7 http://halls-of-valhalla.org
Author

RE: Moodle Hacking


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-02-11 04:20
thanks ynori7, I'll get into reading more of it. I've been Googling for a while and I did find some exploits but I didn't understand it much. I'll spend more time reading. Thanks again.

/*I have no signature yet, I'll do one soon*/
Author

RE: Moodle Hacking

ynori7
Member



Posts: 1486
Location: #valhalla
Joined: 08.10.07
Rank:
God
Posted on 03-02-11 05:03
You shouldn't looking for exploits that other people found and posted. Look at moodle sites for exploits that nobody has discovered yet.

I dunno if you were given access to one to play around with. I have the advantage of having instructor privileges and a handful of dev sites to test things on, but you may be able to find some stuff as a student. I would start in the discussion forums.


halls-of-valhalla.org/images/affiliateLogo.png voodoorage.halls-of-valhalla.org/images/smallLogo.png
i537.photobucket.com/albums/ff338/ynori77/archenemysig1.jpg
ynori7 http://halls-of-valhalla.org
Author

RE: Moodle Hacking


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-02-11 06:14
yea, that's what I want, find exploits on my own, but like i'm still learning i was googling around to see other exploits people have found to better understand how things work and get an idea of what happens in the back-end of moodle. I only have my student-user-account where i can access our courses' notes and other things, and we are given access to a blog of our own if we choose to use it.
Author

RE: Moodle Hacking

j4m32
Member

Your avatar

Posts: 81
Location:
Joined: 01.05.10
Rank:
Newbie
Posted on 03-02-11 08:19
Knowledge of PHP is a must for this.

The best way of finding an exploit in this, where you have access to the source anyway, is to set yourself up a test bed. It's pointless trying things at random and wasting time on thing that may not be vulnerable.

What I mean by "test bed" is set up a webserver on your machine. IE: Apache with PHP and MySQL on your local machine, download a copy of Moodle and set it up.

Then it's just a case of looking through the source code to find something that they have either overlooked or not protected sufficiently.
Then mess around with any ideas, only edit the source to give you debug information (if need be).

Jim,
Author

RE: doubt you are getting extra credit legally

warrengreen
Member



Posts: 5
Location: highland, mi
Joined: 25.10.07
Rank:
Guest
Posted on 21-11-11 09:41
my school never used https for moodle so it was susceptible to man in the middle attacks. Look into cain and able.


there are two things that are infinite; human stupidity and the universe and im not sure about the second one.

--Einstein
Author

RE: Moodle Hacking

Arabian
Banned



Posts: 332
Location: inside you.
Joined: 22.09.10
Rank:
Apprentice
Posted on 22-11-11 05:18
Last I checked, Moodle was bruteforceable - no lockout after too many tries, so you can do this,

I also noticed a checksum validator akin to Javascript16 on some pages to enter in classes, and multiple XSS vulns within class pages.

Do what you want tho Pfft
the real fun is how you can fuck with your teacher legally.


G'bye y'all! I was an asshole, So korg banned me.