Go Back   Xisp.org Forums > Porn Password Cracking > Other Site Problems

how do you hack Strongbox secured sites?

Reply
Views: 5585 - Replies: 19  
Thread Tools Display Modes

how do you hack Strongbox secured sites?
Old 01-08-2006, 03:08 PM   #1
NiceGuy
Guest
 
Posts: n/a
Threads: 5107
Default how do you hack Strongbox secured sites?

how do you hack Strongbox secured sites (OCR)?

seen many sites with strongbox which have been hacked and passes shared in password section

how do they do it...?

thanks in advance
  Reply With Quote

Old 01-08-2006, 03:21 PM   #2
sPlico
The sPlicster
 
sPlico's Avatar
 
sPlico is offline Offline
Join Date: Jan 2005
Location: Croatia
Posts: 9,487
Threads: 408
sPlico is on a distinguished road
Default

Answered at least 100 times. Some sites have the "bluff" mode on, which makes them normal forms. Other are exploited.
  Reply With Quote

Old 01-08-2006, 04:05 PM   #3
NiceGuy
Guest
 
Posts: n/a
Threads: 5107
Default

thanks for fast answer (sorry if its been up that many...)

I'm only experienced in bruteforcing... so by exploiting, what do you mean exactly? something like searching for .cgi files (what are those?)? with which software (accessdiver?)?

thank you for your help
  Reply With Quote

Old 01-08-2006, 07:28 PM   #4
slysnake
Cheshire Cat
 
slysnake's Avatar
 
slysnake is offline Offline
Join Date: Jan 2005
Posts: 5,507
Threads: 315
slysnake is on a distinguished road
Default

Quote:
I'm only experienced in bruteforcing... so by exploiting, what do you mean exactly
It seems you know more than you are letting on. ;)
__________________
"How do you know I'm mad?" said Alice.
"You must be," said the Cat, "or you wouldn't have come here."
  Reply With Quote

Old 01-09-2006, 04:39 AM   #5
daemon.azazel
Platinum Exploiter
 
daemon.azazel's Avatar
 
daemon.azazel is offline Offline
Join Date: Aug 2005
Location: Eastern Europe
Posts: 1,324
Threads: 104
daemon.azazel is on a distinguished road
Default

yes many sites equipped by strongbox was exploited
because of their relationship to AWW cms, both products
are supplied in one pack.

strongbox + AWW is very same as sparta + NATS
  Reply With Quote

Old 01-09-2006, 06:23 AM   #6
NiceGuy
Guest
 
Posts: n/a
Threads: 5107
Default

well hit 'karisweets.com' with +-5000 combos, not gonna waste any more proxies on trying bruteforce, probably isnt fake OCR but the real deal (I thought C-force can hack Strongbox, see's a difference in reply, thought someone in pass section said he does it with C-force, but never worked for me)

any clarification on AWW cms, sparta + NATS, cause that doesn't ring a bell for me...

thanks for your excellent expertise ;)
  Reply With Quote

Old 01-09-2006, 09:59 AM   #7
sPlico
The sPlicster
 
sPlico's Avatar
 
sPlico is offline Offline
Join Date: Jan 2005
Location: Croatia
Posts: 9,487
Threads: 408
sPlico is on a distinguished road
Default

Quote:
Originally Posted by daemon.azazel
yes many sites equipped by strongbox was exploited
because of their relationship to AWW cms, both products
are supplied in one pack.

strongbox + AWW is very same as sparta + NATS
Well, even more of them got exploited because of the certain "combos" :P
  Reply With Quote

Old 01-09-2006, 06:33 PM   #8
FlowerHorn
Exploiter
 
FlowerHorn's Avatar
 
FlowerHorn is offline Offline
Join Date: Nov 2005
Location: Vietnam
Posts: 760
Threads: 353
FlowerHorn is on a distinguished road
Default

Like sPlico mention before, some strongbox ocr sites are "bluff", which isn't fake because it does require the post data <code> reading along with the user/pass. For example, karisweets and ravenriley are non-bluff, therefore, you trying to bf it won't work. Some ocr sites work with c-force if you use cookie manipulation, but that's another story :)

lol @ sPlico, "certain combos" I know what you u are saying there bro :)
  Reply With Quote

Old 01-10-2006, 10:49 AM   #9
grzesiek
Site Cracker
 
grzesiek's Avatar
 
grzesiek is offline Offline
Join Date: Jan 2005
Location: Poland
Posts: 489
Threads: 60
grzesiek is on a distinguished road
Default

karisweets.com has generated passes, only few are user chosen
and yes, it has ocr on. the good thing is you don't need any "certain combos"
(me sure daemon knows what i mean)
  Reply With Quote

Old 01-10-2006, 03:16 PM   #10
NiceGuy
Guest
 
Posts: n/a
Threads: 5107
Default

so something like exploiting: find the .cgi file, which contains passes, decrypt it and so on...?

(been reading on the forum, but not yet found how and with what best..., but will search some more later...)
  Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump



All times are GMT -4. The time now is 12:31 AM.


vBulletin skin developed by: Xisp.org Crew
Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
2005 © Copyright Xisp.org