Hey, I'm trying to crack a forum. I was wondering how you would go about doing that?
Thanks for any replies :)
Printable View
Hey, I'm trying to crack a forum. I was wondering how you would go about doing that?
Thanks for any replies :)
Clean up Isle 2. :urinate:
We should probably let gore handle this one. Speaking of which, is gore still around? I haven't seen anything from him lately...
Who cares. Everyone including your grandmother hits up websites these days.
If you look at zone-h and compair it to where we were ten years ago... it's a god damned embarrassment.
Even when you've defaced something semi-important the excitement wears off in five seconds. And you'll never gain any sort of public attention or notoriety for it. There really isn't even any danger in it either... people just put the site back up and forget it happend.
Quote:
Originally Posted by HYBR|D
Hahahahah that made me actually laugh out loud.
Thanks
:)
MLF
1. Get a functional brain.
2. Take English comprehension lessons so you can understand forums' acceptable use policies.
3. Learn how to use a computer, and the internet.
4. Don't broadcast your illegal intentions over an open forum.
I wish they were all like you........................:D
- That was the best way to put it. I mean come on, how unintelligent is it to tell everyone you are planning to do something like that.Quote:
1. Get a functional brain.
2. Take English comprehension lessons so you can understand forums' acceptable use policies.
3. Learn how to use a computer, and the internet.
4. Don't broadcast your illegal intentions over an open forum.
Thanks, but please don't get me wrong.............I have nothing against full disclosure, or discussing security issues; it's just that the very question would take about 300 pages to start to answer? and there was no justification or reason provided.
I suppose the real answer is "sign on as forum administrator" which does give a few clues if you think about it? ;):D
@The-Spec:
Sounds like you are starting to get old mate! and ur spel chek iz of?:p:D:lildevil:Quote:
Even when you've defaced something semi-important the excitement wears off in five seconds. And you'll never gain any sort of public attention or notoriety for it. There really isn't even any danger in it either... people just put the site back up and forget it happend.
I'm still here. I was gone for a little over a week though because of the following:
We got a phone call a few weeks ago that my Father in Law was not doing very well, and we needed to take care of things here and drive back to Quebec. About a week later, after we'd started stuff up and gotten everything ready to leave on the Thursday the next week, and the phone rings telling us we have to go sooner.
Basically, we were told "Get here NOW or there may not be a chance"...
So, we ended up having to leave the next day. Around 3:30 AM, I finally laid down to get a little sleep because we had to leave at 5:30 AM, so I sleep less than two hours, get up, we get ready, and head for the Border.
My Aunt had given us a Cell Phone to use on the road because driving from Michigan to Quebec by itself is like 7 hours (Assuming you drive like me and ignore most speed limit signs... I've made it from Montreal to Michigan in 6 and a half hours once but I was going around 170 most of the way that time) and anyway, the ****ing phone didn't work... At all....
Well, when we left, I kind of noticed that the tires seemed "off" on the car. It seemed like on the freeway and on other roads before hitting Canada that the car was moving weird.
We get over the border, and after maybe one or two cities from the border, I pull off because I can tell something is wrong. I don't know enough about tires to say what, but I know something is off....
So, we pull off to put air in the tires, and my Wife calls Her Mom from a Payphone since the ****ing Cell isn't working at all, and as I'm putting something in the car, I see She's talking and bursts into tears.
I run over there, and She says that "We're too late, my Mom said She had been trying to call us, and so has a bunch of my family members on that phone, and that She has bad news...." My Wife's Dad had died about 30 minutes earlier.
So the trip went from trying to get there to see him and not knowing how long it was going to be, or how long we'd be gone (Could have been 2 weeks, could have been 2 months) to driving there to start getting everything ready for the Funeral.
We got to basically Whitby, which is in Ontario, right outside of Toronto, if you're curious. We get a Motel 6 Room, because I'm exhausted and can't drive much more, and have no Caffeine, and on top of that, of course, we're not in a hurry anymore, since he died, so the Funeral isn't for a few days, so we have no reason to rush.
So, the night in the Motel Room was shitty, because there was a huge ****ing party on the entire floor. We're trying to lay down but there are people screaming, throwing people into door's, and our door has someone tossed into it, and then the room next to our room, the ****ers keep hitting the wall and saying they punched holes in it. I look out there through the little hole, and see like 10 dudes around my size partying.
I can hold my own, but in Canada, I'm a tourist. I have no citizenship there, or residency, and if I get in trouble, I have to worry about being deported to the states, and with everything going on, I'm not about to start **** with 10 guys. 3 or so, fine, **** 'em, I'll probably do fine in telling them to shut up, but 10? no.
So I have to sit there like a pussy and just TAKE it.... Again, if I get in trouble for hurting someone, I might get sent back, so, I can't do ****.
These ****ers finally calm down around 5:30 AM, and we fall asleep watching how Japan is screwed on the news. The alarm goes off at 8 AM, and so does the phone with calls to make sure we're awake.
My Wife says to hold on, and goes down stairs to talk to someone about the night we had. She tells the girl She wants to speak to a Manager, and tells the girl everything. Then, the girl says "Well we can give You the room for another night for free"....
So, we stay in Ontario for another night much to my delight because I ****ing hate Quebec. I can't stand the French Language, I don't like it, and it's needlessly complex. Do you French ****ers REALLY need THREE letters for an "O" ??? (I'm talking about Eau / Water, I know a little to get by but I'm not Fluent) anyway, we spend the day relaxing as best we can, and find a Comic Book Shop that sells Magic: The Gathering cards.
We play a few games back in the room, go out for dinner, and relax and have a decent night. The next day, we have to leave by 12 PM, and we do, and head for Quebec.
We get to Quebec, and I'm annoyed because it blows other than Montreal, and we're going to Trois Rivieres, which is where our Hotel Room is going to be. We left Saturday Morning, and we didn't leave to go home until late Sunday afternoon around 5 PM.
The trip was bad, and I hadn't ever been to a Catholic Funeral before because no one in my Family is really Catholic. I was raised Lutheran where a Funeral is more laid back and you can wear Jeans and a nice shirt and call it a day.
A Traditional Catholic Funeral in Quebec is ****ing... Wow... I was told I needed to dress up a lot, and after 2 thousand dollars worth of clothes, I apparently finally looked OK....
We're not in Montreal for this, so no one really speaks English, and the day of the first Showing, is Friday, a week after we got to Canada. Seeing my Father in Law in a Coffin is weird, and my Wife is a WRECK. I was there for Her, and tried to keep Her calm, but at the same time, She was also meeting a Half Sister for the first time.
We got to the Funeral Home at 1 PM, and they wanted us to stay there until 10 PM. My Father in Law hated Stuffy ****, and this thing was like the richest people in Quebec coming in to say hi and that they're sorry, and the ****ed up thing is that the immediate family is on one side of the room, and the "Non Blood" people are on the OTHER ****ing side. His Brother's Wife's were left on the other side the entire time. I haven't ever seen **** like this.
We end up leaving early and going to the Air Port where my Father in Law's Plane and Helicopter used to be, to say goodbye, and then go back to the room.
The next day is the Funeral, Sunday, and it starts early, and since my Father in Law was a Pilot, when we get to the Cemetery, the Coffin is laid down on the green astro turf stuff, and a Helicopter ends up flying over the Cemetery, and hovers low above his Coffin for like 5 minutes, then leaves. The Pastor starts to talk again, and then he says "WOW!" and three Planes in formation fly really low over the Cemetery, and then do a return fly over, twice. IT was quite amazing really.
Anyway, after all this stuff, there is a dinner in his Garage where his Helicopter was. We're there like maybe a half hour or so, and leave. We leave and get in the car, and I Zero out the Speedometer's trip thing to see how far it is from the parking spot in the Garage, to Michigan. This is by the way in Shawinigan, which is a little over 2 hours away from Montreal. We leave, make one stop in Quebec to change our clothes, and grab a little food, and then head out after filling up the gas tank.
Here in the States, filling up the tank from EMPTY costs around 35 dollars at the most. In Quebec, from HALF a tank, it was ****ing 65 dollars.
So we leave, and start the drive home, and by like 8:00 PM, we are at the border for Ontario. It's amazing sometimes how the DMV will tell you speeding doesn't really make a trip faster, and only shaves off a few seconds, but that's bullshit, because I was doing almost TWICE the speed limit, and at 200 KMh, the border to Ontario isn't just a few seconds sooner lol.
Anyway, we finally got to Michigan around 3:45 AM.... We'd left at 5 PM, and we did stop a few times for Gas and Monster Energy Drinks, and to stretch our legs and ****, but other than that we stayed pretty much on the road. It was a little over 10 hours. Not bad considering a year ago I had to go there, and it was over 12 hours. We shaved off two hours.
I'd like to point out that I LOVE Toronto. I LOVE TORONTO!!! The speed limit says 100 KMh, but since Cops can't sit there safely, they just simply don't go there, so basically, even though there is a posted speed limit of 100 KMh (61 MPH) NO ONE really does it. I got to about 100 MPH (175 KMH or so) and it rocked.
Anyway, that's why I wasn't on for a while.
Well sorry for wasting you guys' time. I just thought you might be able to help me.
I don't intend on attacking someone's forum or anything. I just wanted to know for personal gain, and if I ever want to attack someone's forum.
Believe me or not.
Wow, Gore, that's terrible. . .
Just out of curiosity what forum software & what version of that forum software is being used?
:D
Interesting question there HYBR¦D, :D
Hmmmmm "learn how to kill for interest's sake, and in case you want to murder somebody".......................:confused:Quote:
I don't intend on attacking someone's forum or anything. I just wanted to know for personal gain, and if I ever want to attack someone's forum.
OK let's look at the basics shall we? A successful attack is dependent on two major factors:
1. A vulnerability.
2. A matching exploit.
If you look at the bottom of a forum page you will see "powered by" eg:
Just Google for vulnerabilities and take it from there. Remember that you are dealing with a moving target here, so the answer will change on a very regular basis.Quote:
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2011, Jelsoft Enterprises Ltd.
To demonstrate this, just download and run:
http://secunia.com/vulnerability_scanning/personal/
This will show you how many security vulnerabilities there are on your PC system at the application level......run it again in a week or two and you will find some more ;)
Some more generalisations:
Security is also dependent on other factors, including:
1. The application (forum, social networking, e-mail, website etc.) What it is, what it does, how it works, & how it interacts etc.......
2. Its hosting......if the host is vulnerable it is pretty much game over.
3. Its management.......compromise the management client and you pwn the host/server.
4. User accounts. These are frequently graded and have different authority levels. For example, an administrator account on a forum can pretty much do anything.......either compromise the account or go for privilege elevation.
5. Security application at the host and client levels. For example, if I set up a forum and force an 8 character minimum password and give you 3 chances at the correct login details before locking you out for 30 minutes;a brute force crack is out of the question. On the other hand, if the client sets a weak, easily guessed password, or I keylog him, or sniff his wireless.............it is a waste of time.
6. The human factor.............social engineering still works!
And that's just the tip of the iceberg!
DISCLAIMER:
If you are going to experiment with any of these suggestions, make sure that it is on equipment and applications that you own, or have permission to do so.
For the most part you'll run into a script that has nothing to do with the forum itself but you'll retieve everything the domain has stored. Looking for a specific script is a waste of time.Quote:
Originally Posted by nihil
That's like trying to find water in the ocean. Google for things? Why? I found vulnerable sites purely by accident then did them in without even trying. Even the more high profile stuff was through pure luck. I could fart on a ouija board and find login details for crying out loud!Quote:
Just Google for vulnerabilities and take it from there.
Never been charged. Not because im careful about what I've done... but because the activities in question where litterally that petty and stupid. Nobody cares. There is no thrill or danger in it at all.Quote:
If you are going to experiment with any of these suggestions, make sure that it is on equipment and applications that you own, or have permission to do so.
Man its been years since I've been back to AO and we STILL get these types of requests!
Hi Simo,
I understand your amazement, but I guess this is the first one I have seen in the past 2~3 years or so.Quote:
Man its been years since I've been back to AO and we STILL get these types of requests!
We still get the occasional weird one, but the "how do I hack the Gibson" variety have pretty much died out. ;):D
@ The-Spec:
Given that this thread is in Newbie Security Questions, and the content of the OP's first post, that might not be a bad place to start?Quote:
That's like trying to find water in the ocean. Google for things? Why? I found vulnerable sites purely by accident then did them in without even trying.
Anyways, the thread as started by the OP to ask a question............not for you to preen your ego?
:)
Just out of pure curiosity, do you have any amusing story's to share? without giving exact names of site's. What would have been the most amusing "Pwn" you've stumbled onto?Quote:
Originally Posted by The-Spec
Any high profile site's that you've accidently "Hello Kitty" all over?
Internet based businesses go through a series of bubbles and bursts. For every website that shuts down a better one will crop up. But the problem is the Web 2.0 bubble went through such a long, successful haul that the likes of google, ebay, and amazon have a hold over things.
Things will go the way of the radio and television... thousands of channels all owned by three or four broadcasters with a complete lack of content. Social networks are the internet's version of game shows and reality tv.
Now we could easly "change the content" but the problem is that even web defacers have nothing to say. I myself have pretty much lost hope in some of the things I set to change on the internet. I've fallen into the "quantity over quality" style of web based intrusion... typical of kids like the OP and muslimFAGs on Zone-H.
like nihil said, there are many ways you can go about it depending on your goal and medium of choice.
If you want to go to the path of Social Engineering, there are countless methods of achieving that... like spear phising or doing standard recon.
same goes if you want your attack at the application level or on the actual host.
If your question is how I would go about doing it? I would start by getting to know my target very well, as much as I possibly could.