-
April 30th, 2004, 03:22 AM
#1
The Haxing Adventures of CrypticGhost
The Haxing Adventures of CrypticGhost: Episode 1
..........Twas the night before Christmas and all through the house, not a creature was stirring
except me and my mouse. Although tonight is Christmas eve, it is no different than any other
night for me, which is a night of coding or hacking. On this particular night, I am writing a
script to help with the tomorrow nights hack. You see, I was looking at a cgi script for a cgi
bulletin board, and I just happened to notice a hole that may allow for remote command execution
on the host machine. The script I am writing will attempt to rename a sites index page to index.
bak and replace it with a page that I provide. I think I have just about finished, we'll see when
I test it in the morning.
..........Yippie, it's Christmas! Or not. I live in apartment by myself. I don't keep in touch
with any family, and basically sit at my computers all day, so Christmas isn't exactly a big
deal for me. Time to test my script. Just before bed last night I installed the bulletin board
with the hopefully vulnerable CGI. I figured it was best to test on my own box just in case
anything goes wrong.
[CrypticGhost@GhostMachine scripts]$ ./sploit.pl 127.0.0.1 /home/CrypticGhost/index.html
bash: ./sploit.pl: Permission denied
Sh*t! Oh wait, forgot to change the permissions.
[CrypticGhost@GhostMachine scripts]$ chmod 755 sploit.pl
[CrypticGhost@GhostMachine scripts]$ ./sploit.pl proxy.server.com 127.0.0.1 /home/CrypticGhost/index.html
Connecting to proxy...
Connecting to host...
Renaming index...
Replacing index...
Closing connection...
[CrypticGhost@GhostMachine scripts]$
http://127.0.0.1/
w000000000t! It worked. Wait, I'm an uber leet haxer, it's supposed to work. 
I can't wait till tonight...
..........It's 12 am now. I'm not your typical hacker. I don't have a bunch of empty Jolt Cola
cans laying around my desk, I drink ice water. Keeps me sane. Time to try my hack on a real
site. I open up my browser to www.google.com and type into the search field:
inurl:vulnerable.cgi
A fair amount of results. Now to pick the victim. Hmm, who doesn't have a domain but still
registers their site with a search engine? We'll teach them.
[CrypticGhost@GhostMachine scripts]$ ./sploit.pl proxy.server.com 67.11.206.247 /home/CrypticGhost/index.html
Connecting to proxy...
Connecting to host...
Renaming index...
Error: index.html not found.
[CrypticGhost@GhostMachine scripts]$
*****!
http://67.11.206.247/index.html
Not Found
The requested URL /index.html was not found on this server.
/me slaps himself.
http://67.11.206.247/index.php
That works. I'm such an idiot. I guess I have to modify my script to check what extension the
index page is and use the corresponding replacement. Ok, all done with that. I hope this works.
[CrypticGhost@GhostMachine scripts]$ ./sploit.pl proxy.server.com 67.11.206.247 /home/CrypticGhost/index.php
Connecting to proxy...
Connecting to host...
Renaming index...
Replacing index...
Closing connection...
[CrypticGhost@GhostMachine scripts]$
Ok, now let's go and check to make sure everything worked.
http://67.11.206.247/index.bak
The renamed index is there. Now let's check to see if it was replaced with my page.
http://67.11.206.247/index.php
w00000000t! It worked. Well, it's late now. I better get some sleep to prepare for my next hack
tomorrow night.
Stay tuned for the next episode of "The Haxing Adventures of CrypticGhost".
-
April 30th, 2004, 03:55 AM
#2
LOL when i saw the AO logo i laughed my ass off. dont u need permission to use their logo though, we dont wanna get into legal trouble here.....
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|