Need help cracking a forum - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: Need help cracking a forum

  1. #11
    HYBR|D
    Guest
    Just out of curiosity what forum software & what version of that forum software is being used?


  2. #12
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Interesting question there HYBR¦D,

    I don't intend on attacking someone's forum or anything. I just wanted to know for personal gain, and if I ever want to attack someone's forum.
    Hmmmmm "learn how to kill for interest's sake, and in case you want to murder somebody".......................

    OK let's look at the basics shall we? A successful attack is dependent on two major factors:

    1. A vulnerability.
    2. A matching exploit.

    If you look at the bottom of a forum page you will see "powered by" eg:

    Powered by vBulletin® Version 3.8.4
    Copyright ©2000 - 2011, Jelsoft Enterprises Ltd.
    Just Google for vulnerabilities and take it from there. Remember that you are dealing with a moving target here, so the answer will change on a very regular basis.

    To demonstrate this, just download and run:

    http://secunia.com/vulnerability_scanning/personal/

    This will show you how many security vulnerabilities there are on your PC system at the application level......run it again in a week or two and you will find some more

    Some more generalisations:

    Security is also dependent on other factors, including:

    1. The application (forum, social networking, e-mail, website etc.) What it is, what it does, how it works, & how it interacts etc.......
    2. Its hosting......if the host is vulnerable it is pretty much game over.
    3. Its management.......compromise the management client and you pwn the host/server.
    4. User accounts. These are frequently graded and have different authority levels. For example, an administrator account on a forum can pretty much do anything.......either compromise the account or go for privilege elevation.
    5. Security application at the host and client levels. For example, if I set up a forum and force an 8 character minimum password and give you 3 chances at the correct login details before locking you out for 30 minutes;a brute force crack is out of the question. On the other hand, if the client sets a weak, easily guessed password, or I keylog him, or sniff his wireless.............it is a waste of time.
    6. The human factor.............social engineering still works!

    And that's just the tip of the iceberg!

    DISCLAIMER:

    If you are going to experiment with any of these suggestions, make sure that it is on equipment and applications that you own, or have permission to do so.
    Last edited by nihil; March 27th, 2011 at 05:36 AM.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #13
    Banned
    Join Date
    Jan 2008
    Posts
    605
    Quote Originally Posted by nihil View Post
    If you look at the bottom of a forum page you will see "powered by" eg:
    For the most part you'll run into a script that has nothing to do with the forum itself but you'll retieve everything the domain has stored. Looking for a specific script is a waste of time.

    Just Google for vulnerabilities and take it from there.
    That's like trying to find water in the ocean. Google for things? Why? I found vulnerable sites purely by accident then did them in without even trying. Even the more high profile stuff was through pure luck. I could fart on a ouija board and find login details for crying out loud!

    If you are going to experiment with any of these suggestions, make sure that it is on equipment and applications that you own, or have permission to do so.
    Never been charged. Not because im careful about what I've done... but because the activities in question where litterally that petty and stupid. Nobody cares. There is no thrill or danger in it at all.

  4. #14
    Senior Member
    Join Date
    May 2003
    Location
    Rochester, New York
    Posts
    128
    Man its been years since I've been back to AO and we STILL get these types of requests!
    -Simo

  5. #15
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi Simo,

    Man its been years since I've been back to AO and we STILL get these types of requests!
    I understand your amazement, but I guess this is the first one I have seen in the past 2~3 years or so.

    We still get the occasional weird one, but the "how do I hack the Gibson" variety have pretty much died out.

    @ The-Spec:

    That's like trying to find water in the ocean. Google for things? Why? I found vulnerable sites purely by accident then did them in without even trying.
    Given that this thread is in Newbie Security Questions, and the content of the OP's first post, that might not be a bad place to start?

    Anyways, the thread as started by the OP to ask a question............not for you to preen your ego?

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  6. #16
    HYBR|D
    Guest
    Quote Originally Posted by The-Spec View Post
    I found vulnerable sites purely by accident then did them in without even trying. Even the more high profile stuff was through pure luck. I could fart on a ouija board and find login details for crying out loud!
    Just out of pure curiosity, do you have any amusing story's to share? without giving exact names of site's. What would have been the most amusing "Pwn" you've stumbled onto?

    Any high profile site's that you've accidently "Hello Kitty" all over?

  7. #17
    Banned
    Join Date
    Jan 2008
    Posts
    605
    Internet based businesses go through a series of bubbles and bursts. For every website that shuts down a better one will crop up. But the problem is the Web 2.0 bubble went through such a long, successful haul that the likes of google, ebay, and amazon have a hold over things.

    Things will go the way of the radio and television... thousands of channels all owned by three or four broadcasters with a complete lack of content. Social networks are the internet's version of game shows and reality tv.

    Now we could easly "change the content" but the problem is that even web defacers have nothing to say. I myself have pretty much lost hope in some of the things I set to change on the internet. I've fallen into the "quantity over quality" style of web based intrusion... typical of kids like the OP and muslimFAGs on Zone-H.

  8. #18
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    like nihil said, there are many ways you can go about it depending on your goal and medium of choice.

    If you want to go to the path of Social Engineering, there are countless methods of achieving that... like spear phising or doing standard recon.
    same goes if you want your attack at the application level or on the actual host.

    If your question is how I would go about doing it? I would start by getting to know my target very well, as much as I possibly could.

Similar Threads

  1. Password Cracking with Rainbow Tables
    By 3rr0r in forum The Security Tutorials Forum
    Replies: 22
    Last Post: May 28th, 2004, 03:19 AM
  2. How To: Crack a File
    By SpydaByte in forum AntiOnline's General Chit Chat
    Replies: 1
    Last Post: January 20th, 2003, 10:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •