Page 1 of 4 123 ... LastLast
Results 1 to 10 of 40

Thread: Hacking Challenge

  1. #1
    FreeAgent
    Guest

    Exclamation Hacking Challenge

    Me and my buddie have our own little web site breakfree.com. What we do is build and host web sites for people in our local area. What we need you to do is test our system for holes. If you do get into our system tell us how you got in and where the hole is, and if you want tell us how you would fix the problem... Im putting my trust in all of you not to **** up our system. If you feel the need to deface our web site all the power to yeah. We dont care about ittle stuff like that... defaceing take nothing but a minute to fix. So with that say and done have fun..


    HAPPY HACKING



    Keepen it real
    FreeAgent

  2. #2
    Senior since the 3 dot era
    Join Date
    Nov 2001
    Posts
    1,542
    You host several other sites?

    At you customers page http://www.breakfree.com/customers/ following links are down (could not locate remote server):

    www.deejaycorner.com
    www.gleamchemicals.com.au

  3. #3
    FreeAgent
    Guest
    They did not pay there bill this month... When they pay it will be back up....

  4. #4
    Senior since the 3 dot era
    Join Date
    Nov 2001
    Posts
    1,542
    I would remove these links then. Now it looks like your service is bad.
    It's not good PR to have broken links.
    Or you should rerout those links to a page that says unavailable or something similar

    btw: if you see many attempts on your FTP server or firewall logs that could be me probing your ports...

  5. #5
    Senior since the 3 dot era
    Join Date
    Nov 2001
    Posts
    1,542

    Proxy open

    Hey FreeAgent,

    I'am currently surfing through your proxy... did you know you are running a public proxy?
    Thx for doing this, it's a very fast proxy... if you did not knew this send me a PM about the prob.

  6. #6
    Senior Member
    Join Date
    Jan 2002
    Posts
    108

    Cool

    wow.. a wargame.. hehe

  7. #7
    Senior Member
    Join Date
    Oct 2001
    Posts
    872

    Question Hmmm...

    Hey FreeAgent. This may sound a bit odd. But if it's untrue just act like i've never posted...

    It's a hosting site, and nowhere in the site does it have your handle their. But then again I don't know your real name - so I'm not bugging. Another thing, is that it seems to me as if your trying to make a lame attempt at hacking into one of their *many selections* of websites And were supposed to tell you exact detials on how we got in eh? ...hmmm,...sounds a bit off if you ask me.

    But if not...I'll see what I can do mate. It's a host, so it should be secure...
    ...This Space For Rent.

    -[WebCarnage]

  8. #8
    Senior Member
    Join Date
    Sep 2001
    Posts
    800
    Just looknig at it I found this info so far

    HTTP/1.1 200 OK
    Date: Sun, 27 Jan 2002 03:36:28 GMT
    Server: Apache/1.3.22 (Unix) mod_perl/1.26 PHP/4.1.1 mod_ssl/2.8.5 OpenSSL/0.9.6a
    X-Powered-By: PHP/4.1.1
    Connection: close
    Transfer-Encoding: chunked
    Content-Type: text/html

    Like [WebCarnage] said how can you prove that this is your site?
    [gloworange]\"A hacker is someone who has a passion for technology, someone who is possessed by a desire to figure out how things work.\" [/gloworange]

  9. #9
    Senior Member
    Join Date
    Oct 2001
    Posts
    872

    Post Hmmm...

    Hmmm...I did a scan aswell on http://www.breakfree.com

    And I found NONE of the folders contained in that site protected in any way...care to check up on that. And I find a 'lack-of-folders' for this particular site. I mean,...here's a list:
    [list=1]
    aboutus
    contactus
    customers
    design
    hosting
    icons* -> Small
    images* -> Images
    onlineacct
    servers[/list=1]
    * Has subfolder(s)

    And none of these require passwords to enter. I also found that there was no "Bin" or "CGI-Bin" folder...odd. And because of the lack of security. One could easily program a bruteforcer and crack any account. For there seems to be no limit for how many times you can input an invalid account name and password. And yes,...I did test this*. But I have no reason to muck up any sites. Just thought I'd let you, the seemingly impossible, webmaster. Furthermore, one could easily URL-Surf to just about any folder he or she wanted. And thats not good. Try to fix that up a bit.

    * when you enter an invalid usrname and pwrd. This URL will keep on continuing itself:
    http://www.breakfree.com/onlineacct/login.php?error=1
    Try seeing if you can alter the HTML in there so after 3 or 5 unsuccessful attempts a cookie will be installed so no furthermore trying can and will be allowed for the next 24 hours, or next reboot. Just an idea.
    ...This Space For Rent.

    -[WebCarnage]

  10. #10
    FreeAgent
    Guest
    Sorry about the late post.... Well let me start off by telling you how and where we run breakfree.com. Breakfree is ran out of my friends house for two good reasons. 1 my friend is rich and his dad springs the bill for the T1 modem he is running. 2 He has a whole wing of his dads house to him self. So we made one of his rooms into an office so to speak. Pat (thats my friend) is a linux and Unix wiz so he wanted to make a linux server. I know little to nothing about linux and unix so I left that all to him. Ok now here is what i do with breakfree.com. I do all the html,java,and php so i guess you can say im the interface man. I make all the stuff you can see and he does the guts the stuff you dont see.

    Why did we start breakfree.com?
    We just started it for a little extra money to help us with school. Right now we only host our friends sites. I told you guys to try and crack into the site b/c I want to start hosting more people so we can get more money... But before I can do that i need to know that I have a hack free system. Now I know we dont lol so before I start opening to the common public we need to fix all the problems you just listed... You all made some really good points. My buddie Pat is shocked that we have this ment problems lol he was under the impression that his firewall was up and running I guess not hehehe. You guys had no problem getting in.... So thanks for your help and keep checking in from time to time to see if we are getting better...

    Oh before I go if you know of any good fire walls or any programs to help us with our security let us know about it.....
    Thanks again for all your help.......

    Keepen it real
    FreeAgent

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •