Ok, now what...

Yes, literally! Explore the security of this website and see if you can find any security holes, and you will be awarded with big points (as well as an addition to the hack this site hall of fame)! More details.

Ok, now what...

Post by Crystal_Bearer on Thu May 29, 2008 5:18 am
([msg=3485]see Ok, now what...[/msg])

Firstoff, I'd like to lay some ground rules for posting in this thread. I mean, I'm making it, so I think I'm entitled. Spoilers should be enforced FAR more strictly here. That means NO listing files or directories. If you need to/want to know something, ask general topic questions; you can even make up an example if you want. Just remember... leave the site up and clean. It's a good thing to let everyone learn a thing or two.


I've found the login page, but I'm not sure how to use it. I'm not going to post where anything is (mainly for site security... although it really wasn't very hard to find...), but I personally am unfamiliar with this method of login (php with js referencing). I'm assuming the use of js injection but the login references the code from a child dir. I hate to say that I'm over my head here, but I wonder if anyone has any advise. You can either leave it here, or in a pm depending on the nature of the advise. Thank you.
Crystal_Bearer
Experienced User
Experienced User
 
Posts: 51
Joined: Tue Apr 15, 2008 1:48 am
Blog: View Blog (0)


Re: Ok, now what...

Post by jetbackwards on Fri Jun 06, 2008 12:43 pm
([msg=4133]see Re: Ok, now what...[/msg])

Something to definitely consider is the fact that the site developed by coders who know rather a lot about web security - if they know how to exploit something, they know how to prevent it being exploited...

A year or two back an ex-developer uploaded the site source code to the internet so people could get at it and i know of no big hacks since then. Just look at the (frankly tiny) size of the hall of fame! Stuff is pretty secure.

I would be especially surprised if the login was insecure... though i suppose the only way to ensure security is to test it!
jetbackwards
New User
New User
 
Posts: 36
Joined: Mon May 26, 2008 5:16 am
Blog: View Blog (0)


Re: Ok, now what...

Post by Nines on Fri Jun 06, 2008 1:29 pm
([msg=4137]see Re: Ok, now what...[/msg])

You'd be surprised.. The login is secure though.

I've found a hole that could potentially get admin access to the site.. I wasn't able to exploit it though, even though I know it's vulnerable so I've submitted it anyway and I'll give some more details when it's patched. :)
User avatar
Nines
Poster
Poster
 
Posts: 191
Joined: Sun Apr 13, 2008 5:57 pm
Blog: View Blog (0)


Re: Ok, now what...

Post by djpitagora on Sat Jun 07, 2008 10:55 am
([msg=4187]see Re: Ok, now what...[/msg])

jetbackwards wrote:Something to definitely consider is the fact that the site developed by coders who know rather a lot about web security - if they know how to exploit something, they know how to prevent it being exploited...

A year or two back an ex-developer uploaded the site source code to the internet so people could get at it and i know of no big hacks since then. Just look at the (frankly tiny) size of the hall of fame! Stuff is pretty secure.

I would be especially surprised if the login was insecure... though i suppose the only way to ensure security is to test it!

exactly! look at the hof? Does that look secure to you? Imagine if it was an online banking site...hacked several times...not good :) Even the best make mistakes. In such a big project it's inevitable! Keep looking.
djpitagora
New User
New User
 
Posts: 24
Joined: Sun May 25, 2008 5:49 am
Blog: View Blog (0)


Re: Ok, now what...

Post by Nines on Sun Jun 08, 2008 2:27 am
([msg=4243]see Re: Ok, now what...[/msg])

Haha, last night Stenoplasma and I managed to use CSRF on the forums to get Administrator access to the site :)

HoF #3 :)
User avatar
Nines
Poster
Poster
 
Posts: 191
Joined: Sun Apr 13, 2008 5:57 pm
Blog: View Blog (0)


Re: Ok, now what...

Post by StenoPlasma on Tue Jun 10, 2008 6:45 pm
([msg=4486]see Re: Ok, now what...[/msg])

:D
User avatar
StenoPlasma
New User
New User
 
Posts: 4
Joined: Mon Apr 14, 2008 12:04 am
Blog: View Blog (0)


Re: Ok, now what...

Post by crazycoolzac1 on Wed Jun 18, 2008 10:32 pm
([msg=5226]see Re: Ok, now what...[/msg])

I found www.a***.h**********.*** which (i think) contains a security hole. I'm trying to figure out how to use firebug or another one of my programs can help me. If anyone knows what I'm talking about PM me and we'll talk.
Rank: Script Kiddie (904 Points)
Basic: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10)
Realistic: (1) (2) (3) (4) (7) (12)
Application: (1)
Javascript: (1) (2) (3) (5) (6)
Extbasic: (1)
crazycoolzac1
New User
New User
 
Posts: 12
Joined: Fri Jun 13, 2008 5:15 pm
Blog: View Blog (0)


Re: Ok, now what...

Post by pitagora on Thu Jun 19, 2008 2:43 am
([msg=5247]see Re: Ok, now what...[/msg])

crazycoolzac1 wrote:I found http://www.a***.h**********.*** which (i think) contains a security hole. I'm trying to figure out how to use firebug or another one of my programs can help me. If anyone knows what I'm talking about PM me and we'll talk.

if you are referring to the ad portal (admin.hackthissite) go get the source code (it's an open source application) and see if there is something you can exploit.
pitagora
New User
New User
 
Posts: 8
Joined: Tue Jun 17, 2008 10:41 am
Blog: View Blog (0)


Re: Ok, now what...

Post by evin674 on Sun Jul 19, 2009 2:19 am
([msg=26969]see Re: Ok, now what...[/msg])

Hint, if you know how to, set up a gateway and send a connection through, start IP Flooding the site, if closes the Proxy security and then your in the file directory. Although i wont go from there, as it is illegal XD
evin674
New User
New User
 
Posts: 1
Joined: Sun Jul 19, 2009 2:16 am
Blog: View Blog (0)



Return to Hack This Site

Who is online

Users browsing this forum: No registered users and 0 guests