Donate to us via Paypal!
Ideas are far more powerful than guns.
Thursday, October 29, 2020
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 98
Guests Online: 97
Members Online: 1

Registered Members: 129474
Newest Member: ZoboCop2
Latest Articles

View Thread

HellBound Hackers | Computer General | Web hacking

Author

Page source. MYSQL. ETC. ETC.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-08-07 02:42
I'm trying to figure out how to crack a login that I got online. I would show you the link but its hosted on my home server (no thanks) and don't want to bother to host it on a free host.


Alright so my login has a button that says "Click here to login" if you view the source the source will be
<a href="192.168.1.104/members/">Click here to login</a> when you click to login it doesn't bring you to a new page just a Java script like pop up box comes up with user name and password boxes. I tried some S.Q.L. injections with no luck. If you enter in a password that's not correct it just re brings up the box until you hit cancel then brings you to 192.16.1.104/failed/. I need to figure out a way to view the source of /members/ (or at least thats what I think I have to do) and I can't figure out how. I also tried turning Java script off but the login screen still comes up.

Anyone have any suggestions? or tips/help. That would be GREAT.


Thanks for your time.
Author

RE: Page source. MYSQL. ETC. ETC.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-08-07 02:44
okay so maybe you didnt give us a link... but i really hope thats not your home IP that you posted =\ if it is... i suggest removing it quickly


Author

RE: Page source. MYSQL. ETC. ETC.

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 13-08-07 02:49
johnjuan728 wrote:
okay so maybe you didnt give us a link... but i really hope thats not your home IP that you posted =\ if it is... i suggest removing it quickly


It's a local ip you [email protected]$# Pfft.

At TS: Try viewing the source of the file where information is being posted. Try to figure out how the login works. Does it post to a PHP file? You can't view the source of those except when you have LFI in the site. Poke around and see what you can find.

If a "box" comes up when javascript is disabled it's probably htaccess. Google for htaccess and you'll get the info you want. You can hack it by rooting the server or getting a LFI. Or navigating AROUND the htaccess.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce
Author

RE: Page source. MYSQL. ETC. ETC.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-08-07 02:59
alright john, I think ill let that one slide. That you don't know the difference between an ip and a local ip. lol. and thank you spyware you were very helpful. Grin keep up the good work.
Author

RE: Page source. MYSQL. ETC. ETC.

richohealey
Member



Posts: 1022
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank:
Monster
Posted on 13-08-07 03:00
how on earth do you plan to navigate AROUND htaccessQQ htaccess is recursive!!!


bitchohealey at hotmail dot com skype:richohealey www.psych0tik.net
Author

RE: Page source. MYSQL. ETC. ETC.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-08-07 03:07
trixus wrote:
alright john, I think ill let that one slide. That you don't know the difference between an ip and a local ip. lol. and thank you spyware you were very helpful. Grin keep up the good work.

not gonna lie.. wasnt payin any attention ^_^ but meh i'll take the insult hehe


Author

RE: Page source. MYSQL. ETC. ETC.

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 13-08-07 03:21
richohealey wrote:
how on earth do you plan to navigate AROUND htaccessQQ htaccess is recursive!!!


This is were the hackers part comes in. You can either root the whole box, check out IP-neighbors and root those, SE the sys-op (better known as the asshole who runs the box) or sniff packets. Intercept mail. Whatever. That's navigating too. Navigating means more then browsing in your modded firefox.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce

Edited by spyware on 13-08-07 03:27
Author

RE: Page source. MYSQL. ETC. ETC.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-08-07 05:03
spyware wrote:
richohealey wrote:
how on earth do you plan to navigate AROUND htaccessQQ htaccess is recursive!!!


This is were the hackers part comes in. You can either root the whole box, check out IP-neighbors and root those, SE the sys-op (better known as the asshole who runs the box) or sniff packets. Intercept mail. Whatever. That's navigating too. Navigating means more then browsing in your modded firefox.


Continuing spywar's post, since he beat me to the general, I'll go a bit more specific:

Is the protocol encrypted (https)? If not, I'd suggest figuring out who is going to be logging into the box, and then just do a MiTM attack. Check out ettercap. This is your best bet by far.

Since your on a local network, why not use this as a chance to try out all the physical intrusion stuff you've learned and never used?

Also, you should be able to capture logins to email accounts from clients. The first time I gave a presentation in a tech class, there was a kid who always checked his emails on his PDA in our class. was using wireshark to capture an ARP packet so that I could show a real-world example of one. Well, I used a shell script to start wireshark -- and it started ettercap too. So I switch to another desktop to run vi, and there's ettercap: and in the status box at the bottom is his email address and password (dorkdork).... everyone in the room started cracking up and I got to give a second lecture on the history of encrypted protocols, and how they work. The kid never used his PDA during our class again.


Author

RE: Page source. MYSQL. ETC. ETC.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-08-07 05:23
thanks death, Grin. but yeah It is on a local host but for learning purposes (since, technically I have access to all the files anyways) I want to "pretend" its not, or at least not use any exploits that can only be done to local hosts.