I hacked and did something cool or foolish?!!?!

General technological topics without their own forum go here

I hacked and did something cool or foolish?!!?!

Post by Ice_giant on Tue Apr 16, 2013 2:14 am
([msg=75146]see I hacked and did something cool or foolish?!!?![/msg])

Hey reader,
This is my first forum post. I just wanted to share my experience of hacking a website and what I did. First of all It's not a very great website, just some collegers, I think, created it. When I registered in the website, I used Firebug and converted the password and confirm password fields into a radio button 8-) . So, each time I login, I have to again convert the password field on the homepage into a radio button. So, is this cool or foolish or damn foolish? just asking.

P.S: If you can help me, can you please say how does a radio button store data (when it is disabled or enabled). Thank you. :D
Ice_giant
New User
New User
 
Posts: 4
Joined: Wed Feb 20, 2013 8:44 am
Blog: View Blog (0)


Re: I hacked and did something cool or foolish?!!?!

Post by hellow533 on Tue Apr 16, 2013 2:19 am
([msg=75148]see Re: I hacked and did something cool or foolish?!!?![/msg])

You're not really inputting any information towards the site, you're just making a radio button. That means you aren't making any difference in the data transferred, you're just making a radio button. This radio button does not store data, nor does it stay since all you are doing it editing HTML. Even if you made something that could tamper the data, you would still need the authority to do something with it, and probably as well as a proper refer.

For example, I could turn my user page into a page that submits what I type into the field into the forums. However, I still need to be logged into the forums for it to work, since I cannot post data from outside the forums. If I need a refer (I don't think I do) I could always use tamper data to change that refer to what I need. If anything, I'm just submitting a thread, and can only go as far as my user permissions allow.
“Teach me how to hack!”
"What, like, with an axe?"
User avatar
hellow533
Contributor
Contributor
 
Posts: 507
Joined: Thu Jan 29, 2009 3:27 pm
Blog: View Blog (0)


Re: I hacked and did something cool or foolish?!!?!

Post by Ice_giant on Tue Apr 16, 2013 2:29 am
([msg=75149]see Re: I hacked and did something cool or foolish?!!?![/msg])

hellow533 wrote:You're not really inputting any information towards the site, you're just making a radio button. That means you aren't making any difference in the data transferred, you're just making a radio button. This radio button does not store data, nor does it stay since all you are doing it editing HTML. Even if you made something that could tamper the data, you would still need the authority to do something with it, and probably as well as a proper refer.

For example, I could turn my user page in to a page that submits what I type into the field submit into the forums. However, I still need to be logged in to the forums for it to work, since I cannot post data from outside the forums. If I need a refer (I don't think I do) I could always use tamper data to change that refer to what I need. If anything, I'm just submitting a thread, and can only go as far as my user permissions allow.


Yeah,
I know Firebug doesn't change data but what i came to say is that i converted the <form type="password"> into <form type="radio> and enabled the radio button. actually the password field had an id and the submit button used the id but it did not define the id as any type. So, basically the radio button now has the id instead of the password field and thanks for helping ;)
Ice_giant
New User
New User
 
Posts: 4
Joined: Wed Feb 20, 2013 8:44 am
Blog: View Blog (0)


Re: I hacked and did something cool or foolish?!!?!

Post by sordidarchetype on Tue Apr 16, 2013 9:03 am
([msg=75154]see Re: I hacked and did something cool or foolish?!!?![/msg])

What did you do after the password field was turned into a radio button? (i.e., did you submit the form and get a different result than normal?)
From your description, it doesn't really look like you hacked much of anything so far.
User avatar
sordidarchetype
New User
New User
 
Posts: 47
Joined: Wed Dec 22, 2010 12:46 pm
Blog: View Blog (0)


Re: I hacked and did something cool or foolish?!!?!

Post by limdis on Tue Apr 16, 2013 2:28 pm
([msg=75161]see Re: I hacked and did something cool or foolish?!!?![/msg])

You didn't hack anything. All you did with firebug was change the input field type for your current screen, basically giving the field and on/off switch. The information in the field would be submitted just the same, as long as the radio button was activited. There are sites that are vulnerable to javascript injections (firebug attacks), but validation measures are usually put into place that prevents those changes from actually occuring. We have a challenge here for example that you have to change the email address to have a password reminder sent out to you instead of the administrator. Check it out.
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1382
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: I hacked and did something cool or foolish?!!?!

Post by Ice_giant on Wed Apr 17, 2013 4:25 am
([msg=75175]see Re: I hacked and did something cool or foolish?!!?![/msg])

sordidarchetype wrote:What did you do after the password field was turned into a radio button? (i.e., did you submit the form and get a different result than normal?)
From your description, it doesn't really look like you hacked much of anything so far.


Actually it showed "registration successful", And then I was like :o . Because I myself was surprised to see that message and BTW yes I was successfull in logging in too using firebug and radio button ;)

-- Wed Apr 17, 2013 2:59 pm --

limdis wrote:You didn't hack anything. All you did with firebug was change the input field type for your current screen, basically giving the field and on/off switch. The information in the field would be submitted just the same, as long as the radio button was activited. There are sites that are vulnerable to javascript injections (firebug attacks), but validation measures are usually put into place that prevents those changes from actually occuring. We have a challenge here for example that you have to change the email address to have a password reminder sent out to you instead of the administrator. Check it out.


Yes bro, that's what I exactly came to say. The radio button was activated. And about that validation measures, all I got was an email :|
Ice_giant
New User
New User
 
Posts: 4
Joined: Wed Feb 20, 2013 8:44 am
Blog: View Blog (0)


Re: I hacked and did something cool or foolish?!!?!

Post by hellow533 on Wed Apr 17, 2013 5:22 am
([msg=75178]see Re: I hacked and did something cool or foolish?!!?![/msg])

Alright bud listen, what I want you to do is spend the next three or so months looking in to HTML, PHP, and SQL. Just start of with those three, and come back once you have an idea of how each of them operates, the functions, etc.

Might not be a bad idea to look in to javascript a little bit as well.

Actually looking at your profile it is a bit obvious you had a bit of help. Throw everything you know out the window. The reason I say this is because you're looking at every website like it's realistic one. Not only that but it seems you don't yet understand how realistic one works..
“Teach me how to hack!”
"What, like, with an axe?"
User avatar
hellow533
Contributor
Contributor
 
Posts: 507
Joined: Thu Jan 29, 2009 3:27 pm
Blog: View Blog (0)


Re: I hacked and did something cool or foolish?!!?!

Post by sordidarchetype on Wed Apr 24, 2013 9:26 am
([msg=75309]see Re: I hacked and did something cool or foolish?!!?![/msg])

Ice_giant wrote:Actually it showed "registration successful", And then I was like :o . Because I myself was surprised to see that message and BTW yes I was successfull in logging in too using firebug and radio button ;)


I feel that there are some key pieces of information missing here, but I don't think it is ultimately doing what you think it is doing. hellow533 has some sound advice: Take a bit more time to actually review the technologies you are working with and come to a better understanding of them. You may also want to consider a formalized documentation process. The description of your activities seems like it could use some additional detail. (documenting what you do is sometimes one of the most difficult things to turn into habit, but once you do it can help tremendously in analysis).

Also, "successful" has one "l".
User avatar
sordidarchetype
New User
New User
 
Posts: 47
Joined: Wed Dec 22, 2010 12:46 pm
Blog: View Blog (0)



Return to General

Who is online

Users browsing this forum: No registered users and 0 guests