How can i exploit this?

Bad threads go here

How can i exploit this?

Post by Cokecan on Thu Jun 09, 2011 11:40 am
([msg=58297]see How can i exploit this?[/msg])

<div class="subcontent forgotsub">
<div class="desc">
<!--Forgotten your username or password?-->
</div>
<!--<form action="forgot_password.php" method="post" id="changepassword">
<div class="forgotform">
<input type="hidden" name="sesskey" value="7aJt0lskvG" />
<input type="submit" value="Yes, help me log in" />
</div>
</form>-->
</div>
</div>
</div>

I am a noob, what should i look into? My friend set this up on his site and said if i could hack it he will give me some money so im just wondering what i need to know!

-- Thu Jun 09, 2011 11:45 am --

There is another bit that says
" <div class="loginform">
<div class="form-label"><label for="username">Username</label></div>
<div class="form-input">
<input type="text" name="username" id="username" size="15" value="'x'=x'" />
</div>
<div class="clearer"><!-- --></div>
<div class="form-label"><label for="password">Password</label></div>
<div class="form-input">
<input type="password" name="password" id="password" size="15" value="" />
<input type="submit" value="Login" />
<input type="hidden" name="testcookies" value="1" />
</div>
<div class="clearer"><!-- --></div>
</div>
</form>
</div>

<div class="subcontent guestsub">
<div class="desc">
Some courses may allow guest access </div>
<form action="index.php" method="post" id="guestlogin">
<div class="guestform">
<input type="hidden" name="username" value="guest" />
<input type="hidden" name="password" value="guest" />
<input type="hidden" name="testcookies" value="1" />
<input type="submit" value="Login as a guest" />
</div>
</form>
</div>
SQL injection wont work for some reason,
Cokecan
New User
New User
 
Posts: 3
Joined: Thu Jun 09, 2011 11:37 am
Blog: View Blog (0)


Re: How can i exploit this?

Post by centip3de on Thu Jun 09, 2011 12:54 pm
([msg=58299]see Re: How can i exploit this?[/msg])

Cokecan wrote:I am a noob, what should i look into? My friend set this up on his site and said if i could hack it he will give me some money so im just wondering what i need to know!


Well, 4ft3r r3vi3wing that L33T HTML of ur friend, I can tell you that he is a b055. I didnt know if I culd cr4ck that encrypt0n br00!!111 But, i'm s00000 l33t, that I did cr4ck it!!!:DDDD G0 h3r3 f0r my insructi0ns!!!11 link
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1419
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Re: How can i exploit this?

Post by Cokecan on Thu Jun 09, 2011 1:10 pm
([msg=58301]see Re: How can i exploit this?[/msg])

centip3de wrote:
Cokecan wrote:I am a noob, what should i look into? My friend set this up on his site and said if i could hack it he will give me some money so im just wondering what i need to know!


Well, 4ft3r r3vi3wing that L33T HTML of ur friend, I can tell you that he is a b055. I didnt know if I culd cr4ck that encrypt0n br00!!111 But, i'm s00000 l33t, that I did cr4ck it!!!:DDDD G0 h3r3 f0r my insructi0ns!!!11 link


Gee, Thas for not telling me what to actualy google. What weekness does it have?
Cokecan
New User
New User
 
Posts: 3
Joined: Thu Jun 09, 2011 11:37 am
Blog: View Blog (0)


Re: How can i exploit this?

Post by Goatboy on Thu Jun 09, 2011 5:19 pm
([msg=58313]see Re: How can i exploit this?[/msg])

Posting the HTML will not help in 99% of the cases. We can't try attacks against a site we can't interact with.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2807
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: How can i exploit this?

Post by acevic on Fri Jun 10, 2011 6:05 am
([msg=58332]see Re: How can i exploit this?[/msg])

<div class="subcontent forgotsub">
<div class="desc">
<!--Forgotten your username or password?-->
</div>
<!--<form action="forgot_password.php" method="post" id="changepassword">
<div class="forgotform">
<input type="hidden" name="sesskey" value="7aJt0lskvG" />
<input type="submit" value="Yes, help me log in" />
</div>
</form>-->
</div>
</div>
</div>

I am a noob, what should i look into? My friend set this up on his site and said if i could hack it he will give me some money so im just wondering what i need to know!

-- Thu Jun 09, 2011 11:45 am --

There is another bit that says
" <div class="loginform">
<div class="form-label"><label for="username">Username</label></div>
<div class="form-input">
<input type="text" name="username" id="username" size="15" value="'x'=x'" />
</div>
<div class="clearer"><!-- --></div>
<div class="form-label"><label for="password">Password</label></div>
<div class="form-input">
<input type="password" name="password" id="password" size="15" value="" />
<input type="submit" value="Login" />
<input type="hidden" name="testcookies" value="1" />
</div>
<div class="clearer"><!-- --></div>
</div>
</form>
</div>

<div class="subcontent guestsub">
<div class="desc">
Some courses may allow guest access </div>
<form action="index.php" method="post" id="guestlogin">
<div class="guestform">
<input type="hidden" name="username" value="guest" />
<input type="hidden" name="password" value="guest" />
<input type="hidden" name="testcookies" value="1" />
<input type="submit" value="Login as a guest" />
</div>
</form>
</div>
SQL injection wont work for some reason,




Of course SQL injection wont work. The code you posted is an advanced form of quantum code that cannot be exploited by human beings. It's called HTML *awe*. It stands for "Her Tits May Lie". It was based on the fact that the rate of women getting breast implants have increased to the point of making it something normal and k3w1. It has been discovered that these silicon implants contain secret transmitters that transmit signals across the cosmos in the form of HTML. These signals tell the aliens what we are doing and how much mankind is progressing. This is a code that only special browsers such as Internet Explorer can parse. The aliens and the Russians use Internet Explorer. If you are not using Internet Explorer, you should use it now. Use version 6. It's the latest version for 133t h4x0r5 like yourself. If you want to be able to exploit the code, I suggest you find an alien and ask him how it's done. I was raped by an alien once. Now I know HTML! You should try it!

Good Luck!

P.S. I want to be your friend. Can I worship you? I'll call you B0b the god of hacking. Will you be my friend? Please? Pretty Please?
My crime is that of outsmarting you, something that you will never forgive me
for.
User avatar
acevic
Poster
Poster
 
Posts: 328
Joined: Mon May 16, 2011 10:12 pm
Location: Siberia
Blog: View Blog (0)


Re: How can i exploit this?

Post by Shaldivar on Fri Jun 10, 2011 7:25 am
([msg=58335]see Re: How can i exploit this?[/msg])

What we're trying to say is, it's hard to crack a login without seeing and interacting with it and the rest of the site looking for vulnerabilities.

Look for input areas throughout the site where there might be something you can use, XSS or sql or javascript injections will be the most likely way through, but if it's not obvious and you're only new to this sort of thing then it's unlikely you'll get it.

Try learning something like javascript first, look for exploits and start simple instead of going straight for a site you know nothing about, and know nothing of how to find stuff out about.

glhf.
Shaldivar
New User
New User
 
Posts: 10
Joined: Wed May 04, 2011 2:23 am
Blog: View Blog (0)


Re: How can i exploit this?

Post by goluhaque on Fri Jun 10, 2011 11:46 am
([msg=58341]see Re: How can i exploit this?[/msg])

acevic wrote:Of course SQL injection wont work. The code you posted is an advanced form of quantum code that cannot be exploited by human beings. It's called HTML *awe*. It stands for "Her Tits May Lie". It was based on the fact that the rate of women getting breast implants have increased to the point of making it something normal and k3w1. It has been discovered that these silicon implants contain secret transmitters that transmit signals across the cosmos in the form of HTML. These signals tell the aliens what we are doing and how much mankind is progressing. This is a code that only special browsers such as Internet Explorer can parse. The aliens and the Russians use Internet Explorer. If you are not using Internet Explorer, you should use it now. Use version 6. It's the latest version for 133t h4x0r5 like yourself. If you want to be able to exploit the code, I suggest you find an alien and ask him how it's done. I was raped by an alien once. Now I know HTML! You should try it!

Good Luck!

P.S. I want to be your friend. Can I worship you? I'll call you B0b the god of hacking. Will you be my friend? Please? Pretty Please?

LOL :D
(23:45:03) hauk: I guess you are over the best part of your life when 4-year-olds say "Are you an evil man?"
(23:46:19) hauk: and "Ima punch you in the pecker"
User avatar
goluhaque
Poster
Poster
 
Posts: 153
Joined: Mon Apr 13, 2009 12:08 am
Location: India
Blog: View Blog (0)


Re: How can i exploit this?

Post by Cokecan on Fri Jun 10, 2011 1:15 pm
([msg=58343]see Re: How can i exploit this?[/msg])

I didnt know guy's, I thought you could see something i may be able to exploit. Never mind.
Cokecan
New User
New User
 
Posts: 3
Joined: Thu Jun 09, 2011 11:37 am
Blog: View Blog (0)


Re: How can i exploit this?

Post by VPR3 on Fri Jun 10, 2011 4:13 pm
([msg=58345]see Re: How can i exploit this?[/msg])

acevic wrote:Of course SQL injection wont work. The code you posted is an advanced form of quantum code that cannot be exploited by human beings. It's called HTML *awe*. It stands for "Her Tits May Lie". It was based on the fact that the rate of women getting breast implants have increased to the point of making it something normal and k3w1. It has been discovered that these silicon implants contain secret transmitters that transmit signals across the cosmos in the form of HTML. These signals tell the aliens what we are doing and how much mankind is progressing. This is a code that only special browsers such as Internet Explorer can parse. The aliens and the Russians use Internet Explorer. If you are not using Internet Explorer, you should use it now. Use version 6. It's the latest version for 133t h4x0r5 like yourself. If you want to be able to exploit the code, I suggest you find an alien and ask him how it's done. I was raped by an alien once. Now I know HTML! You should try it!

Good Luck!

P.S. I want to be your friend. Can I worship you? I'll call you B0b the god of hacking. Will you be my friend? Please? Pretty Please?



So if I could gain port access to a woman who has breast implants, do you think there is a way the signal can be hacked to tell the aliens where I am. I want to learn html too.
VPR3
Poster
Poster
 
Posts: 161
Joined: Fri Apr 22, 2011 11:35 am
Blog: View Blog (0)



Return to Graveyard

Who is online

Users browsing this forum: No registered users and 0 guests