Go Back   Xisp.org Forums > Porn Password Cracking > Porn Password Cracking Help Section

ccbill .log file

Reply
Views: 2526 - Replies: 18  
Thread Tools Display Modes

Old 09-15-2005, 08:07 PM   #11
solidsnakeusa
Banned
 
solidsnakeusa is offline Offline
Join Date: Aug 2005
Location: USA
Posts: 176
Threads: 5
solidsnakeusa is on a distinguished road
Default

do sites generally split the usernames and passwords into 2 seprate parts? or is everything in one folder? and what kind of scripts are we talking bout here? i'm confused !!!
  Reply With Quote

Old 09-15-2005, 08:58 PM   #12
slysnake
Cheshire Cat
 
slysnake's Avatar
 
slysnake is offline Offline
Join Date: Jan 2005
Posts: 5,507
Threads: 315
slysnake is on a distinguished road
Default

No, not split. But the password part will be encrypted. So once you have it there is still more work to do to decrypt the passes.


Quote:
and what kind of scripts are we talking bout here?
again that is very difficult to say because could be many kinds of vulnerablities. a common one is cgi and php vulnerabilities.
__________________
"How do you know I'm mad?" said Alice.
"You must be," said the Cat, "or you wouldn't have come here."
  Reply With Quote

Old 09-18-2005, 05:24 PM   #13
solidsnakeusa
Banned
 
solidsnakeusa is offline Offline
Join Date: Aug 2005
Location: USA
Posts: 176
Threads: 5
solidsnakeusa is on a distinguished road
Default

hmm i think i might've located some important files but can you tell me if any of these are important

/cgi-bin/ibill/.htpasswd
/ccbill/
/cgi-bin/mastergate/whereami.cgi
/cgi-bin/sentry/admin/admin.cgi
/cgi-bin/sentry/sentry.cgi
/members/htpasswd

i found these using AD with a exploit list (with some like 300 things to scan for) are any of these actually important?
  Reply With Quote

Old 09-18-2005, 10:12 PM   #14
slysnake
Cheshire Cat
 
slysnake's Avatar
 
slysnake is offline Offline
Join Date: Jan 2005
Posts: 5,507
Threads: 315
slysnake is on a distinguished road
Default

Yes, those are all important. But useless if you don't know how they work. That is the problem with ready made path lists. They are basicly worthless if you don't know how yhey work. The only thing a scanner will do is tell you if they are there. Then you have to have the knowlege to expliot it. See these are just paths to a place on the server, not actual exploits.
__________________
"How do you know I'm mad?" said Alice.
"You must be," said the Cat, "or you wouldn't have come here."
  Reply With Quote

Old 09-18-2005, 10:14 PM   #15
slysnake
Cheshire Cat
 
slysnake's Avatar
 
slysnake is offline Offline
Join Date: Jan 2005
Posts: 5,507
Threads: 315
slysnake is on a distinguished road
Default

btw, at least one of those is rather dangerous fo logging your activity. So I hope you are taking safe surf precations.
__________________
"How do you know I'm mad?" said Alice.
"You must be," said the Cat, "or you wouldn't have come here."
  Reply With Quote

Old 09-19-2005, 01:35 AM   #16
daemon.azazel
Platinum Exploiter
 
daemon.azazel's Avatar
 
daemon.azazel is offline Offline
Join Date: Aug 2005
Location: Eastern Europe
Posts: 1,324
Threads: 104
daemon.azazel is on a distinguished road
Default

Quote:
/cgi-bin/ibill/.htpasswd
if you get 200 on this and the file really exists and it's
readable then you won - it's the passfile... but i doubt
it's open to read, probably you got 200 because of some
re-direction.

Quote:
/ccbill/
this is usually ccbill join page

Quote:
/cgi-bin/mastergate/whereami.cgi
old mastergate's were easy to exploit, but we are talking
about add.cgi and search.cgi not whereami.cgi ...

Quote:
/cgi-bin/sentry/admin/admin.cgi
my beloved - hovever you need server access for this one
in order to determine what is the admin password. i achieved
several times admin's combo but didn't be able to decrypt it...

Quote:
/cgi-bin/sentry/sentry.cgi
this will not help you. it's the login management engine itself.

Quote:
//members/htpasswd
doubt this is usable, probably some fake hit.
  Reply With Quote

Old 09-21-2005, 08:24 PM   #17
solidsnakeusa
Banned
 
solidsnakeusa is offline Offline
Join Date: Aug 2005
Location: USA
Posts: 176
Threads: 5
solidsnakeusa is on a distinguished road
Default

hmm thanks guys imma haveta look deeper into this
  Reply With Quote

Old 09-22-2005, 06:41 AM   #18
joechang
Guest
 
Posts: n/a
Threads: 5107
Default

Quote:
Originally Posted by Final Sephiroth
forget about those ccbill logs, those are history. even if they excist and are viewable from outside you youŽll probably just find some logins from 2001...

btw. intellitamper will never find stuff like this i you wonŽt use custom made scanlist.
intellitamper just follows the links found on a webpage

yes,man you are right
i think all ccbill.log you can find is the oldest one
which is two years ago
  Reply With Quote

Old 10-25-2005, 04:15 AM   #19
wscom
Guest
 
Posts: n/a
Threads: 5107
Default

after finished read all of your guys conversations,i have bits of knowledge regarding exploiting...its good start for newbie like me,pretty useful.
  Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump



All times are GMT -4. The time now is 11:28 AM.


vBulletin skin developed by: Xisp.org Crew
Powered by vBulletin®
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
2005 © Copyright Xisp.org