Follow us on Twitter!
Imagination is more valuable than knowledge - Albert Einstein
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 33
Guests Online: 26
Members Online: 7

Registered Members: 82903
Newest Member: Piriformis
Latest Articles
View Thread

HellBound Hackers | Computer General | Programming

Author

PHP fread path

ranma
Member



Posts: 273
Location: Behind a sphere
Joined: 27.08.05
Rank:
Active User
Posted on 12-10-06 12:48
I am trying to fopen a file and read it, but it is on another server. For example, I try opening "http://www.google.com", and it says it cannot find the specified file in the current directory.
I need to open a dir on another server and get a list of the items. I just want to know how to fix the "file not found in current directory" problem. Thank you
Author

RE: PHP fread path


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-10-06 20:42
Code
$code = file_get_contents("http://www.example.com");







Edited by on 12-10-06 20:43
Author

RE: PHP fread path

ranma
Member



Posts: 273
Location: Behind a sphere
Joined: 27.08.05
Rank:
Active User
Posted on 13-10-06 00:30
That doesn't work because when you open the directory anyway it shows a file. For example in HBH, when you open HBH.com/challenges, it shows a web page, not the directory listing. I want to see the files in the directory i'm trying to view. Thank you
Author

RE: PHP fread path


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-10-06 00:46
Oh. That can't be done, PHP doesn't have any more access to a remote server than your browser has. Have a read of this for info on what goes on when you request just a folder:
http://www.criticalsecurity.net/index.php?showtopic=17091


Author

RE: PHP fread path

ranma
Member



Posts: 273
Location: Behind a sphere
Joined: 27.08.05
Rank:
Active User
Posted on 13-10-06 12:54
Here's the whole thing:
I am trying to get files in which are stored passwords and grades. I have a script that will decrypt the file names to get the password, if I can get the file name.
Here's to sum it up:
In a folder, are all the 7th grade grades in my school. For a newspaper article I have to write about the insecurity of the school grade system. It is not aacessible online, they just update the info manually I think or import it from easy grade pro. I want to see what's in the folder. If you wanted to know what was in the folder, what would you do?
Author

RE: PHP fread path

AldarHawk
Member



Posts: 1690
Location: Canada
Joined: 26.01.06
Rank:
Hacker Level 1
Posted on 13-10-06 13:25
is this on a web server or a school network server?

If it is the latter I would write up a Visual Basic program(or any other language) that is in general a file browser and find the server. That is how I found flaws in my highschools system and became an admin :evil:


Just ask Yahoo!Taboo! http://www.erikwestlake.com
Author

RE: PHP fread path

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 13-10-06 21:35
Just make sure your teachers don't read the forums on HBH lol


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: PHP fread path

ranma
Member



Posts: 273
Location: Behind a sphere
Joined: 27.08.05
Rank:
Active User
Posted on 13-10-06 21:51
I is a web server.
Pretend this is a realistic challenge and all the answers are in one folder, but you don't know the file names. They don't use any server side language, so it is kind of hard to find the file names. The passwords are on the internet but you can't get the file names. That's it? It is basically impossible?

P.S. How do you log in as anonymous on a server if using the cmd ftp?
Author

RE: PHP fread path

ranma
Member



Posts: 273
Location: Behind a sphere
Joined: 27.08.05
Rank:
Active User
Posted on 13-10-06 22:25
Sorry. Double accidental post

Edited by ranma on 13-10-06 22:29
Author

RE: PHP fread path


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-10-06 07:52
http://www.w3.org/Protocols/rfc959/8_PortNumber.html (Search for "7. TYPICAL FTP SCENARIO", pertaining your question to logging into FTP via prompt)

Anyway, if you were trying to find the name of a file, and had no exploits you could use to get a directory listing, then you could use a word list of possible files, but they're probably CHMOD'd so you can not access them. Chances are even if you knew the name of hte files, you could not access them. (Well, hopefully not, for security's sake.)
Author

RE: PHP fread path

ranma
Member



Posts: 273
Location: Behind a sphere
Joined: 27.08.05
Rank:
Active User
Posted on 14-10-06 16:23
Zekasu, thanks for the article list.
They would not have a CHMOD not allowing me to view the files. For the login system they use JAVASCRIPT! You think they could use CHMOD if they can't use a server side language?
Anyway, a word list would not have the name of the files, because the names are an encrypted version of our last names and our passwords. Just for the heck of it, here are the links:
Here are my grades:
http://ingenuityproject.org/ingenuity_schools/rolandpark/bacon/Term1735SCI/rbij56KY5.html
Here is the source of the encryption method:
view-source:http://ingenuityproject.org/ingenuity_schools/rolandpark/bacon/frame1.html
Here is the general sign in page:
http://ingenuityproject.org/ingenuity_schools/rolandpark/bacon/

See the link of the grades? it is an encrypted name, so it would probably not appear in the jtr or cain list of words.
There is one hope though: Soial engineering. I could email the maker of the sign in system with a fake email and ask for a database backup, because it crashed, or something like that. Of course that would lean a little more towards tricking than to hacking, but it would still prove the insecureness of their system.