Donate to us via Paypal!
Things are more like they are now than they have ever been before. - Dwight D. Eisenhower
Sunday, October 25, 2020
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 102
Guests Online: 100
Members Online: 2

Registered Members: 129356
Newest Member: zannes90
Latest Articles

View Thread

HellBound Hackers | Computer General | Web hacking

Author

possible places to insert user/pass


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-02-07 15:43
hello guys,
im testing a website's security ,and i managed to find an SQL hack where i get the admin's username and password .
that alone is what was needed for this job, but i want to complete it by modifying the source code of the home page where i write them a notice where the problem is.
the only problem is that i cant find the login page or eny other login method, i tried enything from telnet, SSH, ftp, hidden pages, enything i could of thought about..and note that there is no webpage for the domain, nothing.
ineed youre help to suggest possible places to input the admin's username and password i managed to pull, so i can gain admin rights on the site and notify them about it and get this project done allready XD !!

thanx tons 4 ur time Smile



Author

RE: possible places to insert user/pass


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-02-07 16:31
send them an email with their user and pass in and say "i found a hack but decided to report it cos im nice"


Author

RE: possible places to insert user/pass


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-02-07 16:32
Check cookies, robots.txt (Might have a login page dir), why not just email them? Usually people don't like it when their page has been defaced saying "Z0mg j00 h4v3 4 53cur|7y 3xpl0i7!". Stick with the email.

EDIT--
Mr noob beat me to the post, damn my broken arm and crappy one-hand typing skills




Edited by on 07-02-07 16:37
Author

RE: possible places to insert user/pass


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 08-02-07 11:17
thanx ill try out the stuff u suggested and if it won't work i'll just email them "u got pwn'd " or somsin lolGrin


Author

RE: possible places to insert user/pass


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 08-02-07 13:33
DioXin wrote:
thanx ill try out the stuff u suggested and if it won't work i'll just email them "u got pwn'd " or somsin lolGrin


... No. Don't do that.

Just email them using well structured language.


Author

RE: possible places to insert user/pass


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 08-02-07 14:02
Indeed.


Author

RE: possible places to insert user/pass


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 08-02-07 14:21
there has to be somewhere to enter the details.... have you tried nmap and finding the server theyre hosted on...?

also, you dont need to post anything on thier website to notify them, like others have said, e-mail them.


Author

RE: possible places to insert user/pass

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 08-02-07 15:29
So you managed to get the admin username and pass but not to find the login page? Quite funny situation, although it's happened to me once as well :happy:


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: possible places to insert user/pass

bl4ckc4t
Member

Your avatar

Posts: 591
Location: /etc/
Joined: 07.03.06
Rank:
Wiseman
Posted on 08-02-07 16:14
Uber0n wrote:
So you managed to get the admin username and pass but not to find the login page? Quite funny situation, although it's happened to me once as well :happy:


I hate when that happens. Thats what you call... smart web design? lol
-Bl4ckC4t


Author

RE: possible places to insert user/pass


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 08-02-07 18:06
have you tried nmap and finding the server theyre hosted on...?


why does he need to know what server they're on? ... specially since he already has the login info etc. I mean, that'd be working backwards now, wouldn't it?

He could PING them instead of scanning them to find what server they're on, mate. It faster, and more logical.


Author

RE: possible places to insert user/pass


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 08-02-07 18:07
well if he finds what server theyre on then he can login on that server that theyre hosting it on, i dont see how thats going backwards?


Author

RE: possible places to insert user/pass

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 08-02-07 18:53
He's probably found the login info through a known exploit, but the login page doesn't have the standard name. A dictionary URL attack could be suitable Wink


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/