The Haxing Adventures of CrypticGhost

[skiddieleet]

The Haxing Adventures of CrypticGhost: Episode 1



..........Twas the night before Christmas and all through the house, not a creature was stirring
except me and my mouse. Although tonight is Christmas eve, it is no different than any other
night for me, which is a night of coding or hacking. On this particular night, I am writing a
script to help with the tomorrow nights hack. You see, I was looking at a cgi script for a cgi
bulletin board, and I just happened to notice a hole that may allow for remote command execution
on the host machine. The script I am writing will attempt to rename a sites index page to index.
bak and replace it with a page that I provide. I think I have just about finished, we'll see when
I test it in the morning.
..........Yippie, it's Christmas! Or not. I live in apartment by myself. I don't keep in touch
with any family, and basically sit at my computers all day, so Christmas isn't exactly a big
deal for me. Time to test my script. Just before bed last night I installed the bulletin board
with the hopefully vulnerable CGI. I figured it was best to test on my own box just in case
anything goes wrong.

[CrypticGhost@GhostMachine scripts]$ ./sploit.pl 127.0.0.1 /home/CrypticGhost/index.html
bash: ./sploit.pl: Permission denied

Sh*t! Oh wait, forgot to change the permissions.

[CrypticGhost@GhostMachine scripts]$ chmod 755 sploit.pl
[CrypticGhost@GhostMachine scripts]$ ./sploit.pl proxy.server.com 127.0.0.1 /home/CrypticGhost/index.html
Connecting to proxy...
Connecting to host...
Renaming index...
Replacing index...
Closing connection...
[CrypticGhost@GhostMachine scripts]$

http://127.0.0.1/
w000000000t! It worked. Wait, I'm an uber leet haxer, it's supposed to work.
I can't wait till tonight...
..........It's 12 am now. I'm not your typical hacker. I don't have a bunch of empty Jolt Cola
cans laying around my desk, I drink ice water. Keeps me sane. Time to try my hack on a real
site. I open up my browser to www.google.com and type into the search field:
inurl:vulnerable.cgi
A fair amount of results. Now to pick the victim. Hmm, who doesn't have a domain but still
registers their site with a search engine? We'll teach them.

[CrypticGhost@GhostMachine scripts]$ ./sploit.pl proxy.server.com 67.11.206.247 /home/CrypticGhost/index.html
Connecting to proxy...
Connecting to host...
Renaming index...
Error: index.html not found.
[CrypticGhost@GhostMachine scripts]$

*****!
http://67.11.206.247/index.html

Not Found

The requested URL /index.html was not found on this server.

/me slaps himself.
http://67.11.206.247/index.php
That works. I'm such an idiot. I guess I have to modify my script to check what extension the
index page is and use the corresponding replacement. Ok, all done with that. I hope this works.

[CrypticGhost@GhostMachine scripts]$ ./sploit.pl proxy.server.com 67.11.206.247 /home/CrypticGhost/index.php
Connecting to proxy...
Connecting to host...
Renaming index...
Replacing index...
Closing connection...
[CrypticGhost@GhostMachine scripts]$

Ok, now let's go and check to make sure everything worked.
http://67.11.206.247/index.bak
The renamed index is there. Now let's check to see if it was replaced with my page.
http://67.11.206.247/index.php
w00000000t! It worked. Well, it's late now. I better get some sleep to prepare for my next hack
tomorrow night.


Stay tuned for the next episode of "The Haxing Adventures of CrypticGhost".

[MemorY]

LOL when i saw the AO logo i laughed my ass off. dont u need permission to use their logo though, we dont wanna get into legal trouble here.....