-
January 27th, 2002, 01:17 PM
#11
Well.. I did a scan and found 12 ports open... 2 with no deamons runnig and 1 that is questionable...
64.132.148.100 www.breakfree.com
21 File Transfer Protocol [Control]
|___ 220 ftp.breakfree.com NcFTPd Server (free educational license) ready...
22 SSH Remote Login Protocol
|___ SSH-1.99-OpenSSH_3.0.2p1.
25 Simple Mail Transfer
|___ 220 blackie.breakfree.com ESMTP..
53 Domain Name Server
80 World Wide Web HTTP
|___ HTTP/1.1 200 OK..Date: Sun, 27 Jan 2002 11:18:38 GMT..Server: Apache/1.3.22 (Unix) mod_perl/1.26 PHP/4.1.1 mod_ssl/2.8.5 OpenSS
110 Post Office Protocol - Version 3
|___ +OK <11049.1012130325@blackie.breakfree.com>..
143 Internet Message Access Protocol
|___ * OK Courier-IMAP ready. Copyright 1998-2001 Double Precision, Inc. See COPYING for distribution information...
389 Lightweight Directory Access Protocol
443 https MCom
993 NO DEAMON
1002 NO DEAMON
1720 h323hostcall
You should also get a full version FTP deamon... Not an educational licence :p
-
January 27th, 2002, 02:15 PM
#12
Senior Member
FreeAgent: How much time do we have to play with ur server???
I have no time at the moment but would love to make a serious breakin attempt later. (In a couple of days or so)
It would be nice to know, so nothing gets messed up while u have live customers online..
zion1459
Visit: http://www.cpc-net.org
\"Software is like sex: it\'s better when it\'s free.\" -Linus Torvalds
-
January 28th, 2002, 08:06 PM
#13
I will give you all 4 more weeks to play around... And it does not really matter if you punt one of the sites off line... All we have is two paying customers and both of those customers did not pay there bill for this month so ****em have fun......
Keepen it real
FreeAgent
-
January 28th, 2002, 08:13 PM
#14
I'll give it a go for you. It might be a day or so.
I love invitations.
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
-
January 28th, 2002, 08:22 PM
#15
KorpDeath - you will pay for stealing my avatar. FJEAR!
-
January 28th, 2002, 08:23 PM
#16
LOL
If I got the time.....
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio the best station for C64 Remixes !
-
January 28th, 2002, 09:00 PM
#17
Ok check this out.. Pat and I just had a good idea.... If you get into the system here is what we want you to do... Make an intro page or a splash page for breakfree.com on it just sign your name.. just make sure that you put a link back to breakfree.com or just make the intro page a preload page..... Have fun..... Oh and if someone beats you on making the intro page just sign your name I guess make a list or something.... And im going to talk to pat to see if we can do something for the people that complete this mission... Maybe some thing like free hosting or some free software.... I dont know just an idea I will see what Pat thinks he is the rich kid not me lol.....
Keepen it real
FreeAgent
-
January 28th, 2002, 09:22 PM
#18
And here is a word from Pat about the findings so far....
Im impressed with [WebCarnage] perfectionist-ism... ppl like that find good
loop
holes... Too bad he doesn't know where to look just yet.
Although, he did make an excellent observation about the account login.
This
will be taken care of shortly. Likelihood of him getting in is slim,
but
never the less a possible threat.
As for VictorKaum , thanks... it is a fast line... I will have to look into the
status of the proxy and see if it is truly operational.
Hope you all enjoy, and I look forward to your further findings.
Pat
And in a phone chat with me he had this to say also..
In response to the floders that [WebCarnage] found he sayed... This is a website that helps promote the business, sales.... Why would I protect a directory to something I want people to see?
Why would I put a blanket over an bill board on US 19? (us 19 os a major road by us)
Again in response to [webCarnage] about not finding a Bin or CGI-Bin folder pat sayed this... This is not odd... We don't run cgi's in those dirs... so why would we need them?
But yet again in response to [WebCarnage] about the lack of security and using a bruteforcer to crack into any account Pat sayed this... Very good point. This will be taken care of...
And the last response to [WebCarnage] about Try seeing if you can alter the HTML in there so after 3 or 5 unsuccessful attempts a cookie will be installed so no furthermore trying can and will be allowed for the next 24 hours, or next reboot. Just an idea. at sayed, A cookie should not be used for that type of function. Something server side, such as a session login count, or IP abuse log should audit that.
And thats about all i can rember about the phone call lol sorry about that...
Keepen it real
FreeAgent
-
January 28th, 2002, 10:34 PM
#19
Re: freeagent
As for VictorKaum , thanks... it is a fast line... I will have to look into the
status of the proxy and see if it is truly operational.
Your proxy is still available on the net... I enjoy surfing through it.
Yippieee
You have a lot of open ports as stated before...
-
February 1st, 2002, 04:36 PM
#20
Hey FreeAgent is this truely your server?
I tried to contact breakfree but they do not respond...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|