Follow us on Twitter!
Things are more like they are now than they have ever been before. - Dwight D. Eisenhower
Tuesday, September 26, 2017
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 54
Guests Online: 53
Members Online: 1

Registered Members: 102051
Newest Member: nsakib
Latest Articles
View Thread

HellBound Hackers | Computer General | Web Server

Author

Test my Web Server

Scar0ptics
Member



Posts: 223
Location: ∆ P®0X¥ W0R|D ∆
Joined: 19.11.13
Rank:
Mad User
Posted on 28-03-17 23:13
I have another web server hosted, so check it out: securitysession.d. . .

You can test the session at SSl Labs.


Let me know if you find anything.

Edited by Scar0ptics on 05-04-17 13:20
Author

RE: Test my Web Server

Scar0ptics
Member



Posts: 223
Location: ∆ P®0X¥ W0R|D ∆
Joined: 19.11.13
Rank:
Mad User
Posted on 31-03-17 23:26
There's a basic forum board now. Apparently no one can find anything? Try taking it down or fuck it up; I don't care.
Author

RE: Test my Web Server

Huitzilopochtli
Member



Posts: 1531
Location:
Joined: 19.02.13
Rank:
God
Posted on 01-04-17 00:18
I'll have a look at it on Sunday man, I've been busy with other things, but they're all finished now.
Author

RE: Test my Web Server

Scar0ptics
Member



Posts: 223
Location: ∆ P®0X¥ W0R|D ∆
Joined: 19.11.13
Rank:
Mad User
Posted on 01-04-17 01:37
Do you need help with the new website?
Author

RE: Test my Web Server

Huitzilopochtli
Member



Posts: 1531
Location:
Joined: 19.02.13
Rank:
God
Posted on 01-04-17 02:34
Sent you a PM.
Author

RE: Test my Web Server

Mordak
Evil Sorcerer



Posts: 667
Location: lodon
Joined: 01.01.70
Rank:
God
Posted on 01-04-17 17:42
There's a basic forum board now. Apparently no one can find anything? Try taking it down or fuck it up; I don't care.


DDoS attack for all the n00bs out there Pfft
lfi.io
Author

RE: Test my Web Server

Huitzilopochtli
Member



Posts: 1531
Location:
Joined: 19.02.13
Rank:
God
Posted on 02-04-17 01:24
I raise you one SQL Injection.

Edited by Huitzilopochtli on 02-04-17 01:25
Author

RE: Test my Web Server

Scar0ptics
Member



Posts: 223
Location: ∆ P®0X¥ W0R|D ∆
Joined: 19.11.13
Rank:
Mad User
Posted on 02-04-17 03:35
Ok, I sent you a PM regarding it.
Author

RE: Test my Web Server

gobzi
Member



Posts: 78
Location: Hobbiton
Joined: 26.05.16
Rank:
HBH Guru
Posted on 02-04-17 20:02
XSS, check what you reflect Pfft

I messaged you


<pre> <?=`$_GET[1]`?>

Ima_noob# cat * | egrep "Subject|Date|filename=" > agrrr


gobzi.bounceme.net

Edited by gobzi on 02-04-17 20:04
gobzi.ddns.net
Author

RE: Test my Web Server

Scar0ptics
Member



Posts: 223
Location: ∆ P®0X¥ W0R|D ∆
Joined: 19.11.13
Rank:
Mad User
Posted on 02-04-17 20:29
Alright I sent you a PM regarding it; however I am still waiting on some info from Huitzilopochtli regarding the SQL injection.
Author

RE: Test my Web Server

Huitzilopochtli
Member



Posts: 1531
Location:
Joined: 19.02.13
Rank:
God
Posted on 03-04-17 01:48
High Risk Vulnerability :
There is a critical vulnerability in Drupal 7 core versions earlier than 7.32.
Found in: META Generator Tag

Banner says you're vulnerable, but running that code from my android isn't giving me any response at all, I'll see what's wrong with it when I get up.

Edited by Huitzilopochtli on 06-04-17 00:59
Author

RE: Test my Web Server

Scar0ptics
Member



Posts: 223
Location: ∆ P®0X¥ W0R|D ∆
Joined: 19.11.13
Rank:
Mad User
Posted on 03-04-17 03:19
No, I am not even running that version. I think the scanner is wrong, but double-check when you get up. I was running that version prior to creating this site, so is it possible your scanner has cached info from previous scans?
Author

RE: Test my Web Server

gobzi
Member



Posts: 78
Location: Hobbiton
Joined: 26.05.16
Rank:
HBH Guru
Posted on 04-04-17 09:49
Maybe you have a legacy file left somewhere and the scanner picked up a banner/version


<pre> <?=`$_GET[1]`?>

Ima_noob# cat * | egrep "Subject|Date|filename=" > agrrr


gobzi.bounceme.net
gobzi.ddns.net
Author

RE: Test my Web Server

Scar0ptics
Member



Posts: 223
Location: ∆ P®0X¥ W0R|D ∆
Joined: 19.11.13
Rank:
Mad User
Posted on 04-04-17 13:53
Everything has been 'wiped' clean prior to deploying this current site.
Author

RE: Test my Web Server

Benway101
Member



Posts: 2
Location:
Joined: 10.02.17
Rank:
Mad User
Posted on 05-04-17 01:59
May I congratulate you on your new website, I don't think many people are going to find a hole in that, your site is basically immune to all my biggest tricks. Can't use SQL injections, Can't even break in with POODLE. Congratulations, you have succeeded in building a very good website and I have scanned it to show you that it is secure for proof.

Site: https://www.ssllabs.com/ssltest/analyze.html?d=securitysession.ddns.net
Author

RE: Test my Web Server

Huitzilopochtli
Member



Posts: 1531
Location:
Joined: 19.02.13
Rank:
God
Posted on 05-04-17 05:30
That scanner isn't checking his website for exploits or vulnerabilities, it's only checking if the servers SSL set up is secure.
Author

RE: Test my Web Server

Scar0ptics
Member



Posts: 223
Location: ∆ P®0X¥ W0R|D ∆
Joined: 19.11.13
Rank:
Mad User
Posted on 05-04-17 19:46
Those vulnerability scanners can only scan for what they know. They are a handy tool though.
Author

RE: Test my Web Server

Huitzilopochtli
Member



Posts: 1531
Location:
Joined: 19.02.13
Rank:
God
Posted on 05-04-17 20:54
All you really need is a good spider, that can map out the directory structure, grab the file names and software banners, and maybe a fuzzer for the those harder to find directories.

You can check for sqli with a single quote, and blind exploits with a time delay, you don't need a scanner to try a 1000 variations on every single page, most are way to 'noisy' and will probably result in an IP ban on a half decent server.

Edited by Huitzilopochtli on 06-04-17 00:56
Author

RE: Test my Web Server

Scar0ptics
Member



Posts: 223
Location: ∆ P®0X¥ W0R|D ∆
Joined: 19.11.13
Rank:
Mad User
Posted on 06-04-17 03:42
That's what I am going to to do on mine. Send me a PM about it.