Go Back   Xisp.org Forums > Porn Password Cracking > Cracking Tutorials

just a tutorial for newbies...

Reply
Views: 1795 - Replies: 4  
Thread Tools Display Modes

just a tutorial for newbies...
Old 01-14-2007, 08:12 PM   #1
Tam3r
Guest
 
Posts: n/a
Threads: 5107
Default just a tutorial for newbies...

Hello guys.
I am writing this for newbies at all.
Sorry for my English, i am originally from Turkey.
I'll try to show you some basic stuff. (just surface not with details)
Using applications or trying these methods at your risk.
I hope this will be helpful, if you have any question you can post a reply here.

As you know, very methods are around for the exploiting servers...
For example:
1- Directory Traversal (known paths and file names)
2- Web Application Bugs
3- Remote Exploiting (ftp daemons, database daemons, pop3/smtp daemons)

I'll try to detail about these methods.

1- Directory Traversal
Applications you can use:
Triton: http://www.project2025.com/triton.php

It's a popular method i think, scanning known paths or files. For the starting, it's a good way.
Most adult sites are using popular web applications, like CCbill, phpMyAdmin...
So we know how CCbill works and where CCbill store files, we can scan victim server with the Triton with known paths.
/CCbill/ccbill.log
/CCbill/secure/ccbill.log
/CCbill/logs/ccbill.log
... it depends

Like i told you, "it depends".
You can scan /admin/ path or /upload/ maybe /SQLadmin/
It's just about luck, also about stupid admins.
Maybe you can find admin panel and you can exploit it or you can use without access.
It's a not expert method i think, so no details about it.
Just use your mind to create your path list.

2- Web Application Bugs
Yes! This is the best way for exploiting server.
Use public exploits or create yours :)
Well ladies, this is the most detailed way to exploit a server.
You should really OPEN your eyes, for analyze, for trying your best.
Try visiting the adult site manually.
Open all links, view page sources, look for the dynamic pages.
Well, i'll try to explain what i mean... Listen up.

This is the most exciting part, i dunno where to start...
I am gonna talk some about RFI (remote file inclusion) bug...
I'll try to tell with examples, in that tutorial we have a victim site named "tam3r.com" ...

imagine, tam3r.com using a custom website (coded by tam3r.com staff, not a public script) and tam3r.com staff is a human group, they can make mistakes. so we can leech these mistakes :P
tam3r.com has a website with these links:
"Home | About | Member Area | Sign Up | Ticket"

Home goes to > /?page=home
About goes to > /?page=about
Member Area goes to > /members/
Sign Up goes to > /signup/
Ticket goes to > /ticket/

So check the first link, home link.
It goes to /?page=home (this means, it's going to index.php?page=home, it's not saying index.php because it's start with ? character (contains GET variable))
Technically, it's loading the page which user requested from server.
In PHP, take a look at to index.php (this the script which loading pages)
Code:
<?
$load = $_GET['page']; // assing page variable to $load variable.
include($load); // include the page
?>
dun forget, it's just an example.
If you know PHP alittle, take a look to "include($load);"
Is it filter anything? No? Right. it's just including the page, which comes from variable.
So we can try exploit here.
It's named RFI (remote file inclusion) method.
Well, take a try on that link:
tam3r.com/?page=pagenotexist

So you will take an error, which contains site path :)
We know now, tam3r.com is on /home/tam3r/www/
This is great :)

Well, take a try on that link:
tam3r.com/?page=/etc/passwd
yep! it's loading the page (file) we want.

Now another trick, take a look to "/members/" link.
Is it asking your username password with the popup login? (basic authentication)
If tam3r.com uses Apache, we can try to read .htaccess file for the details...
HTACCESS is a file standart for Apache, for creating rules, auth or another things....

So, we know the path of tam3r.com on the system.
Take a look to this link:

tam3r.com/?page=/home/tam3r.com/www/members/.htaccess

It will probably give a result
... link return a result like that:
Code:
AuthType Basic
AuthName "tam3r.com member area"
AuthUserFile /home/tam3r.com/www/passwordfile/.members
require valid-user
You see AuthUserFile, this is the where username/password stored.
Take a try on this link:
tam3r.com/?page=/home/tam3r.com/www/passwordfile/.members

Wooa... You get a good result.
Probably, crypted username and passwords.
Try to decrypt them with JohnTheRipper...

Another example now...
Take a look to /ticket/ link.
Maybe it looks very familiar to you?..
Look at the footers, maybe you can get an idea... No?
Try to look page source.
Maybe you can find something...
Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> 
..............
<meta name="generator" content="UberTicket v1.0" />
<!-- generetad by ticket system do not remove -->
Oh you see, it's a product named UberTicket...
Search exploits for UberTicket or create your exploit with downloading UberTicket to your box.
If you know PHP, take a look to scripts. maybe you can find some bugs for the leech...

Well, i am sorry. Maybe i am writing so complicated but its totally easy for the newbies.
I'll update this thread, i am going to sleep folks :D
Saying again... don't use SCANNERS at all, use your mind. with scanning probably you can SKIP good details.
Just visit your victim site manually, take a look to links, try to understand and try to get an idea.

This is just a start, believe me just a start.
I'll show very good ways...
Sorry, i couldn't get details on most of methods.
But i'll explain all later.
  Reply With Quote

Old 01-16-2007, 07:42 PM   #2
beerandpr0n
Banned
 
beerandpr0n is offline Offline
Join Date: Dec 2006
Posts: 118
Threads: 4
beerandpr0n is on a distinguished road
Default

Great coverage of RFI... can't wait to hear your other suggestions :)

Seriously though, thanks a lot. I've decided to devote myself to cracking now, and this is the first tut ive read. Well, second.
  Reply With Quote

Old 01-17-2007, 12:18 AM   #3
slysnake
Cheshire Cat
 
slysnake's Avatar
 
slysnake is offline Offline
Join Date: Jan 2005
Posts: 5,507
Threads: 315
slysnake is on a distinguished road
Default

This tutorial is probably generic enough to be left here in the open. Maybe will inspire someone to do some research. Thank you
__________________
"How do you know I'm mad?" said Alice.
"You must be," said the Cat, "or you wouldn't have come here."
  Reply With Quote

Old 01-17-2007, 05:07 AM   #4
Tam3r
Guest
 
Posts: n/a
Threads: 5107
Default

Thanks for the comments.
Tutorial looks like a n00b-minded thing but it's not.
I don't understand, n00bs are trying to use scanners, same ways of others.
I dont think it's useful, pplz should make their own way, new methods.
Specially they should use their brains.

Thanks again.
I'll keep update.
  Reply With Quote

Old 01-18-2007, 08:16 AM   #5
Permutant
Banned
 
Permutant is offline Offline
Join Date: Jan 2006
Posts: 178
Threads: 23
Permutant is on a distinguished road
Default

Nice tutorial, thanks for writing this! I'm looking forward to the next ones ;)
  Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump



All times are GMT -4. The time now is 06:12 AM.


vBulletin skin developed by: Xisp.org Crew
Powered by vBulletin®
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
2005 Copyright Xisp.org