Just out of curiosity what forum software & what version of that forum software is being used?
:D
Printable View
Just out of curiosity what forum software & what version of that forum software is being used?
:D
Interesting question there HYBR¦D, :D
Hmmmmm "learn how to kill for interest's sake, and in case you want to murder somebody".......................:confused:Quote:
I don't intend on attacking someone's forum or anything. I just wanted to know for personal gain, and if I ever want to attack someone's forum.
OK let's look at the basics shall we? A successful attack is dependent on two major factors:
1. A vulnerability.
2. A matching exploit.
If you look at the bottom of a forum page you will see "powered by" eg:
Just Google for vulnerabilities and take it from there. Remember that you are dealing with a moving target here, so the answer will change on a very regular basis.Quote:
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2011, Jelsoft Enterprises Ltd.
To demonstrate this, just download and run:
http://secunia.com/vulnerability_scanning/personal/
This will show you how many security vulnerabilities there are on your PC system at the application level......run it again in a week or two and you will find some more ;)
Some more generalisations:
Security is also dependent on other factors, including:
1. The application (forum, social networking, e-mail, website etc.) What it is, what it does, how it works, & how it interacts etc.......
2. Its hosting......if the host is vulnerable it is pretty much game over.
3. Its management.......compromise the management client and you pwn the host/server.
4. User accounts. These are frequently graded and have different authority levels. For example, an administrator account on a forum can pretty much do anything.......either compromise the account or go for privilege elevation.
5. Security application at the host and client levels. For example, if I set up a forum and force an 8 character minimum password and give you 3 chances at the correct login details before locking you out for 30 minutes;a brute force crack is out of the question. On the other hand, if the client sets a weak, easily guessed password, or I keylog him, or sniff his wireless.............it is a waste of time.
6. The human factor.............social engineering still works!
And that's just the tip of the iceberg!
DISCLAIMER:
If you are going to experiment with any of these suggestions, make sure that it is on equipment and applications that you own, or have permission to do so.
For the most part you'll run into a script that has nothing to do with the forum itself but you'll retieve everything the domain has stored. Looking for a specific script is a waste of time.
That's like trying to find water in the ocean. Google for things? Why? I found vulnerable sites purely by accident then did them in without even trying. Even the more high profile stuff was through pure luck. I could fart on a ouija board and find login details for crying out loud!Quote:
Just Google for vulnerabilities and take it from there.
Never been charged. Not because im careful about what I've done... but because the activities in question where litterally that petty and stupid. Nobody cares. There is no thrill or danger in it at all.Quote:
If you are going to experiment with any of these suggestions, make sure that it is on equipment and applications that you own, or have permission to do so.
Man its been years since I've been back to AO and we STILL get these types of requests!
Hi Simo,
I understand your amazement, but I guess this is the first one I have seen in the past 2~3 years or so.Quote:
Man its been years since I've been back to AO and we STILL get these types of requests!
We still get the occasional weird one, but the "how do I hack the Gibson" variety have pretty much died out. ;):D
@ The-Spec:
Given that this thread is in Newbie Security Questions, and the content of the OP's first post, that might not be a bad place to start?Quote:
That's like trying to find water in the ocean. Google for things? Why? I found vulnerable sites purely by accident then did them in without even trying.
Anyways, the thread as started by the OP to ask a question............not for you to preen your ego?
:)
Internet based businesses go through a series of bubbles and bursts. For every website that shuts down a better one will crop up. But the problem is the Web 2.0 bubble went through such a long, successful haul that the likes of google, ebay, and amazon have a hold over things.
Things will go the way of the radio and television... thousands of channels all owned by three or four broadcasters with a complete lack of content. Social networks are the internet's version of game shows and reality tv.
Now we could easly "change the content" but the problem is that even web defacers have nothing to say. I myself have pretty much lost hope in some of the things I set to change on the internet. I've fallen into the "quantity over quality" style of web based intrusion... typical of kids like the OP and muslimFAGs on Zone-H.
like nihil said, there are many ways you can go about it depending on your goal and medium of choice.
If you want to go to the path of Social Engineering, there are countless methods of achieving that... like spear phising or doing standard recon.
same goes if you want your attack at the application level or on the actual host.
If your question is how I would go about doing it? I would start by getting to know my target very well, as much as I possibly could.