Results 1 to 2 of 2

Thread: The Haxing Adventures of CrypticGhost

  1. #1
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407

    The Haxing Adventures of CrypticGhost

    The Haxing Adventures of CrypticGhost: Episode 1



    ..........Twas the night before Christmas and all through the house, not a creature was stirring
    except me and my mouse. Although tonight is Christmas eve, it is no different than any other
    night for me, which is a night of coding or hacking. On this particular night, I am writing a
    script to help with the tomorrow nights hack. You see, I was looking at a cgi script for a cgi
    bulletin board, and I just happened to notice a hole that may allow for remote command execution
    on the host machine. The script I am writing will attempt to rename a sites index page to index.
    bak and replace it with a page that I provide. I think I have just about finished, we'll see when
    I test it in the morning.
    ..........Yippie, it's Christmas! Or not. I live in apartment by myself. I don't keep in touch
    with any family, and basically sit at my computers all day, so Christmas isn't exactly a big
    deal for me. Time to test my script. Just before bed last night I installed the bulletin board
    with the hopefully vulnerable CGI. I figured it was best to test on my own box just in case
    anything goes wrong.
    [CrypticGhost@GhostMachine scripts]$ ./sploit.pl 127.0.0.1 /home/CrypticGhost/index.html
    bash: ./sploit.pl: Permission denied
    Sh*t! Oh wait, forgot to change the permissions.
    [CrypticGhost@GhostMachine scripts]$ chmod 755 sploit.pl
    [CrypticGhost@GhostMachine scripts]$ ./sploit.pl proxy.server.com 127.0.0.1 /home/CrypticGhost/index.html
    Connecting to proxy...
    Connecting to host...
    Renaming index...
    Replacing index...
    Closing connection...
    [CrypticGhost@GhostMachine scripts]$
    http://127.0.0.1/
    w000000000t! It worked. Wait, I'm an uber leet haxer, it's supposed to work.
    I can't wait till tonight...
    ..........It's 12 am now. I'm not your typical hacker. I don't have a bunch of empty Jolt Cola
    cans laying around my desk, I drink ice water. Keeps me sane. Time to try my hack on a real
    site. I open up my browser to www.google.com and type into the search field:
    inurl:vulnerable.cgi
    A fair amount of results. Now to pick the victim. Hmm, who doesn't have a domain but still
    registers their site with a search engine? We'll teach them.
    [CrypticGhost@GhostMachine scripts]$ ./sploit.pl proxy.server.com 67.11.206.247 /home/CrypticGhost/index.html
    Connecting to proxy...
    Connecting to host...
    Renaming index...
    Error: index.html not found.
    [CrypticGhost@GhostMachine scripts]$
    *****!
    http://67.11.206.247/index.html
    Not Found

    The requested URL /index.html was not found on this server.
    /me slaps himself.
    http://67.11.206.247/index.php
    That works. I'm such an idiot. I guess I have to modify my script to check what extension the
    index page is and use the corresponding replacement. Ok, all done with that. I hope this works.
    [CrypticGhost@GhostMachine scripts]$ ./sploit.pl proxy.server.com 67.11.206.247 /home/CrypticGhost/index.php
    Connecting to proxy...
    Connecting to host...
    Renaming index...
    Replacing index...
    Closing connection...
    [CrypticGhost@GhostMachine scripts]$
    Ok, now let's go and check to make sure everything worked.
    http://67.11.206.247/index.bak
    The renamed index is there. Now let's check to see if it was replaced with my page.
    http://67.11.206.247/index.php
    w00000000t! It worked. Well, it's late now. I better get some sleep to prepare for my next hack
    tomorrow night.


    Stay tuned for the next episode of "The Haxing Adventures of CrypticGhost".

  2. #2
    Banned
    Join Date
    Apr 2003
    Posts
    3,839
    LOL when i saw the AO logo i laughed my ass off. dont u need permission to use their logo though, we dont wanna get into legal trouble here.....

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •