Results 1 to 10 of 18

Thread: Need help cracking a forum

Threaded View

  1. March 27th, 2011, 03:42 AM #12
    nihil
    nihil is offline
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Interesting question there HYBR¦D,

    I don't intend on attacking someone's forum or anything. I just wanted to know for personal gain, and if I ever want to attack someone's forum.
    Hmmmmm "learn how to kill for interest's sake, and in case you want to murder somebody".......................

    OK let's look at the basics shall we? A successful attack is dependent on two major factors:

    1. A vulnerability.
    2. A matching exploit.

    If you look at the bottom of a forum page you will see "powered by" eg:

    Powered by vBulletin® Version 3.8.4
    Copyright ©2000 - 2011, Jelsoft Enterprises Ltd.
    Just Google for vulnerabilities and take it from there. Remember that you are dealing with a moving target here, so the answer will change on a very regular basis.

    To demonstrate this, just download and run:

    http://secunia.com/vulnerability_scanning/personal/

    This will show you how many security vulnerabilities there are on your PC system at the application level......run it again in a week or two and you will find some more

    Some more generalisations:

    Security is also dependent on other factors, including:

    1. The application (forum, social networking, e-mail, website etc.) What it is, what it does, how it works, & how it interacts etc.......
    2. Its hosting......if the host is vulnerable it is pretty much game over.
    3. Its management.......compromise the management client and you pwn the host/server.
    4. User accounts. These are frequently graded and have different authority levels. For example, an administrator account on a forum can pretty much do anything.......either compromise the account or go for privilege elevation.
    5. Security application at the host and client levels. For example, if I set up a forum and force an 8 character minimum password and give you 3 chances at the correct login details before locking you out for 30 minutes;a brute force crack is out of the question. On the other hand, if the client sets a weak, easily guessed password, or I keylog him, or sniff his wireless.............it is a waste of time.
    6. The human factor.............social engineering still works!

    And that's just the tip of the iceberg!

    DISCLAIMER:

    If you are going to experiment with any of these suggestions, make sure that it is on equipment and applications that you own, or have permission to do so.
    Last edited by nihil; March 27th, 2011 at 04:36 AM.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. How To: Crack a File
    By SpydaByte in forum AntiOnline's General Chit Chat
    Replies: 1
    Last Post: January 20th, 2003, 10:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules