Go Back   Xisp.org Forums > Porn Password Cracking > Cracking Tutorials

Here's Your First Exploit

Reply
Views: 7197 - Replies: 37  
Thread Tools Display Modes

Here's Your First Exploit
Old 01-12-2005, 08:02 PM   #1
slysnake
Cheshire Cat
 
slysnake's Avatar
 
slysnake is offline Offline
Join Date: Jan 2005
Posts: 5,507
Threads: 315
slysnake is on a distinguished road
Default Here's Your First Exploit

This is harmless so I think maybe admin will let me get by with it. If not feel free to delete it.

Also, this is for absolute beginners so if your not, then don't bother reading any further.

K, Here we go.

Perhaps the first type of exploit you could try is a kind called weak directories. One type of weak directory is log files. First you will need to find some. To do that you will need a list of paths. Here is your first path list that you can take and build upon:

Log paths

/ccbill/secure/ccbill.log
/logs/access.log
/logs/access.logs/
/logs/error.log


Now when you get a hit on one of these paths you can just open it and it will download. But first you need to find a site with one of these paths available. To do that I prefer a program called Triton. (AccessDiver can do this too as well as other programs). You should download Triton from http://rhino.deny.de/triton/index.php

You will also need a list of base urls to run in Triton. Base urls are just the site address. Like http://somepornsite.com I was sure there was at least one posted here on the board but now I cant find it. Later I will try to place a couple here perhaps.

Load your url list into Triton. Have your path list saved as a txt file and load that into Triton as well. Now just start it and let it go. (This is not a Triton tutorial so you have to figure that out yourself. That program has a lot more power than we are even going to touch here.)

Ha!! a hit! OK right click on it and chose "open in browser". The file should download. So you've exploited your first site. a weak directory. But you are not yet done. Now you will need to rip the log. So get a program called Log Rip at http://rhino.deny.de/logrip.php Run your log through it and you can collect some goodies.

Don't expect to get any working passes with this. But there are other valuables you might collect.

Now if you get a hit on the ccbill log you might have a bit of different luck. For that you could get ccbill ripper at http://membres.lycos.fr/ccbill/
Here is a simple explination of it from WkdAzOne.

QUOTE
download ccbill usi it will Parse Extract and Provide Detailed information on the log file..

find Valid username(s)

for example it Filters the log line for line...
ADD Blowfish
EXPIRE Blowfish
ADD Blowfish RECURRING

extract to JTR

>john -i pw.txt

*Wait*

Press [ctrl]+[Break]

>john -show pw.txt>VALID.txt

Try Passwords against Site...

GOOD LUCK

Time for new Exploits I think

Wkd...


Ah! You notice the mention of JTR or John the Ripper. An important tool for the exploiter. Get it here http://www.openwall.com/john/


That's all for now. If this caused you to have more questions than answers then it has served it's purpose. Continue questioning and you will grow. Don't wait for someone to give you the answers. It rarely happens.
__________________
"How do you know I'm mad?" said Alice.
"You must be," said the Cat, "or you wouldn't have come here."
  Reply With Quote

Old 01-14-2005, 11:34 AM   #2
buddblack
Guest
 
Posts: n/a
Threads: 5107
Default

thanks for the tips Sly!
  Reply With Quote

Old 01-20-2005, 07:51 AM   #3
Snowdog
Guest
 
Posts: n/a
Threads: 5107
Default

I think I may need to give Triton a try I have never used it before. I think I may have tried that same function in AD at one time. I have only found a few sites that are somewhat ok. But usually it is and old dump of months or ever years ago.

SNOWDOG
  Reply With Quote

Old 01-25-2005, 06:27 AM   #4
inc71
Guest
 
Posts: n/a
Threads: 5107
Default

THX seems very useful to me :)
  Reply With Quote

Old 01-26-2005, 04:22 AM   #5
lazo
Guest
 
Posts: n/a
Threads: 5107
Default

thank you m8 for the information
  Reply With Quote

Old 01-29-2005, 02:17 AM   #6
lonelysoul
Guest
 
Posts: n/a
Threads: 5107
Default

Thanks for a great lesson.
  Reply With Quote

Old 02-08-2005, 08:52 PM   #7
d1player
Regular Member
 
d1player's Avatar
 
d1player is offline Offline
Join Date: Jan 2005
Posts: 819
Threads: 72
d1player is on a distinguished road
Default

slysnake = the best

Thanks a lot for post that super useful tutorial here...The world needs you!
Before that I dunno how JTR works!!!

OBS.: You can use X-Factor for parse your ccbill.log too!!

Thanks!!!
  Reply With Quote

Old 02-10-2005, 12:05 PM   #8
chrisn
Guest
 
Posts: n/a
Threads: 5107
Default

Finally we have slysnake writing something on the important topic. I am sure it will benefits alot of newbies. Great works and I am looking forward to more.
  Reply With Quote

Old 02-10-2005, 07:28 PM   #9
toniii
Guest
 
Posts: n/a
Threads: 5107
Smile

Thanks for the xploit tutorial!!
  Reply With Quote

Old 02-20-2005, 05:45 PM   #10
Testosteron
Guest
 
Posts: n/a
Threads: 5107
Default

very useful keep goin with tutorials :)
  Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump



All times are GMT -4. The time now is 09:12 AM.


vBulletin skin developed by: Xisp.org Crew
Powered by vBulletin®
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
2005 Copyright Xisp.org