I'm so frustrated I could scream. Some help please?

Discuss the many weaknesses of browser security and ways to mitigate the threat

I'm so frustrated I could scream. Some help please?

Post by ChewyJiggles on Fri Jan 18, 2013 10:12 pm
([msg=72362]see I'm so frustrated I could scream. Some help please?[/msg])

Okay, so I'm trying to win a bet with my Business Applications teacher. She manages the county wide network, and bet me that it was too secure for me to access with the stakes being a 100% A until the "end of time" as long as I didn't do anything disturbing or harmful. I just need to be able to access the home page (which is in one of the folders I'm about to mention) and edit one or two lines of HTML, just so I can put something like 'Hi, Mrs.Teacherlady!'. I managed to get into the root directory ftp://myschol.mycounty.mystate.mycountry/ and I can view the individual files. When I try to open a folder, however, I get an error that says access denied. I've had a lot of trouble with Hydra, so I gave up that route. I also tried using FTP software to log on as an anonymous user, only to meet the same result. :cry:

I'd really appreciate some help. I'm new to "hacking" and eager to learn all I can. :D
ChewyJiggles
New User
New User
 
Posts: 2
Joined: Fri Jan 18, 2013 10:02 pm
Blog: View Blog (0)


Re: I'm so frustrated I could scream. Some help please?

Post by -Ninjex- on Fri Jan 18, 2013 10:51 pm
([msg=72363]see Re: I'm so frustrated I could scream. Some help please?[/msg])

ChewyJiggles wrote:Okay, so I'm trying to win a bet with my Business Applications teacher. She manages the county wide network, and bet me that it was too secure for me to access with the stakes being a 100% A until the "end of time" as long as I didn't do anything disturbing or harmful. I just need to be able to access the home page (which is in one of the folders I'm about to mention) and edit one or two lines of HTML, just so I can put something like 'Hi, Mrs.Teacherlady!'. I managed to get into the root directory ftp://myschol.mycounty.mystate.mycountry/ and I can view the individual files. When I try to open a folder, however, I get an error that says access denied. I've had a lot of trouble with Hydra, so I gave up that route. I also tried using FTP software to log on as an anonymous user, only to meet the same result. :cry:

I'd really appreciate some help. I'm new to "hacking" and eager to learn all I can. :D


As honest as you may be right now, it is illegal to help you here, as the terms of service section 13.a describes. We can not help until we recieve some type of proof from your Application teacher that it is legal to do so. Until then, it is against the terms of service here at HTS, and is illegal.
Also, I am not sure that ftp://myschool.mycounty.mystate.mycountry/ is the root directory.
[Edit] A root directory would be the first directory, with that being said, the link above seems to be a sub directory
i.e. - If you are on a site http://www.ninjex.com/help/support/support.html, the root directory would be considered ninjex. Root directory corrosponds to a simply forward slash "/" meaning all folders (directories) after it are subdirectories of the root (/) directory. Take for instance that you are viewing this in nautilus or a terminal, it could look something similar to this:
(Assuming the "/" direcotry is set up as a server)
you@terminal:~/home/you/Desktop$ cd /
you@terminal:~/$ ls
ninjex/ ninjex-blog/ ninjex-news/
you@terminal:~/$ cd ninjex/
you@terminal:~/ninjex$/ ls
home/ members/ articles/ help/
you@terminal:~/ninjex$ cd help/
you@terminal:~/ninjex/help/ninjex$ ls
support/ bugs/
you@terminal:~/ninjex/help$ cd support/
you@terminal:~/ninjex/help/support$ ls
support.html


If you know the terminal, and can understand the output above, you can see that traveling backwards in the directories would lead you to "/" as the root directory in which 3 sites reside (ninjex, ninjex-blog, ninjex-news); the directory from which everything follows. Same applies to a website, you are viewing the support.html page, and the root of the site would still be considered /

I hope this helps to break down my logic of thinking.
Last edited by -Ninjex- on Fri Jan 18, 2013 11:25 pm, edited 2 times in total.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
^(-.^)>
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1466
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: I'm so frustrated I could scream. Some help please?

Post by ChewyJiggles on Fri Jan 18, 2013 11:12 pm
([msg=72364]see Re: I'm so frustrated I could scream. Some help please?[/msg])

As honest as you may be right now, it is illegal to help you here, as the terms of service section 13.a describes. We can not help until we recieve some type of proof from your Application teacher that it is legal to do so. Until then, it is against the terms of service here at HTS, and is illegal.
Also, I am not sure that ftp://myschool.mycounty.mystate.mycountry/ is the root directory.
[Edit] A root directory would be the first directory, with that being said, the link above seems to be a sub directory
i.e. - If you are on a site http://www.ninjex.com/help/support/, the root directory would be considered ninjex. Root directory corrosponds to a simply forward slash "/" meaning all folders (directories) after it are subdirectories of the root (/) directory. In the case above, there would be no directories behind ninjex, making it the root directory.



First, thanks for the heads up. I'll just have to keep at it until something happens or I run out of Red Bull.
Second, If I take off anything from the URL, for example "ftp://myschool.mycounty.mystate.com", I'm faced with a 404. I CAN take out my schools name and I'm redirected to the counties website on which the school is hosted. Maybe I wasn't clear enough, my apologies. There's a multitude or random files and folders, and each school in my county has a folder of it's own where the files are hosted. My problem was not being able to get into the folder that my school's website is hosted on. I'll keep at it, see if I can get a black hat to help. Cheers!
ChewyJiggles
New User
New User
 
Posts: 2
Joined: Fri Jan 18, 2013 10:02 pm
Blog: View Blog (0)


Re: I'm so frustrated I could scream. Some help please?

Post by -Ninjex- on Fri Jan 18, 2013 11:30 pm
([msg=72365]see Re: I'm so frustrated I could scream. Some help please?[/msg])

ChewyJiggles wrote:
As honest as you may be right now, it is illegal to help you here, as the terms of service section 13.a describes. We can not help until we recieve some type of proof from your Application teacher that it is legal to do so. Until then, it is against the terms of service here at HTS, and is illegal.
Also, I am not sure that ftp://myschool.mycounty.mystate.mycountry/ is the root directory.
[Edit] A root directory would be the first directory, with that being said, the link above seems to be a sub directory
i.e. - If you are on a site http://www.ninjex.com/help/support/, the root directory would be considered ninjex. Root directory corrosponds to a simply forward slash "/" meaning all folders (directories) after it are subdirectories of the root (/) directory. In the case above, there would be no directories behind ninjex, making it the root directory.



First, thanks for the heads up. I'll just have to keep at it until something happens or I run out of Red Bull.
Second, If I take off anything from the URL, for example "ftp://myschool.mycounty.mystate.com", I'm faced with a 404. I CAN take out my schools name and I'm redirected to the counties website on which the school is hosted. Maybe I wasn't clear enough, my apologies. There's a multitude or random files and folders, and each school in my county has a folder of it's own where the files are hosted. My problem was not being able to get into the folder that my school's website is hosted on. I'll keep at it, see if I can get a black hat to help. Cheers!


Sorry about that I was taking a while to re-tweak my post. If you take a look above, it corresponds to this. I could bet they are using a public hosting that would more than likely be pretty secure. Tweaking with the URL would probably end up having you look at all schools in your state, county, etc. For instance if myschool.mycounty.mystate.com was turned into mycounty.mystate.com it is probably a given that the mycounty/ directory has multiple sub directories with a list of all schools in your county. If you tweak it to mystate.com it would probably be followed with a list of sub directories of every county in the state. I hope that helps. So in conclusion we could say that mystate.com is the root directory for the site.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
^(-.^)>
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1466
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests