EvilZone

Hacking and Security => Hacking and Security => : PilouZ2 January 28, 2015, 07:15:15 PM

: How to exploit that!
: PilouZ2 January 28, 2015, 07:15:15 PM

Hello! I just found some vulnerabilities after scanning a web using w3af, but there's a problem! Mayday!  ;)
I don't know how to exploit these vulnerabilities, wich are:

• Shared hosting.
• CSRF vulnerability
• Path disclosure vulnerability
• Cookie without HttpOnly
• SVN user disclosure vulnerability
• XSS (In a image, WTF)
• US Social Security Number Disclosure

I need to know which of these vulnerabilities are the easiest to exploit because I'm training, and somehow I want to vulnerate this target, whatever it cost.
(I don't want to deface the site, only need to know how I can vulnerate some vulnerabilities of them)
Thanks people, I'm waiting for your response, it would be helpful for me. (please D:)
Bye

♪

: Re: How to exploit that!
: madf0x January 28, 2015, 07:25:14 PM

lol "vulnerate" Thats awesome.

Dude you should just quit while youre ahead before you fuck up(you probably already fucked up), and put yourself in a nasty legal situation. No one likes jail time, and some places have worse jails than others.

Instead you should be using any of the MANY practice VM and practice web apps to study attack vectors and how to "vulnerate" them. Safe, and no consequences if you fuck up. Also do your own homework man.  Don't rely on some scanner, learn the attacks themselves and how to find them manually first. All those scanners make several assumptions, they are for saving time assuming you know what you are doing and don't care about being noisy.

: Re: How to exploit that!
: Kulverstukas January 28, 2015, 07:42:13 PM

"Vulnerate" Topkek! +1 to you sir.

And I also second madf0x, you SHOULD not do it, because it's obvious you have no clue where to go and congratulations on leaving massive logs on the server by scanning it with a scanner.

: Re: How to exploit that!
: d4rkcat January 28, 2015, 07:58:45 PM

This was great.
Really, trust what these two just told you.
You WILL be going to prison if you try to hack anything that isn't on your computer.
It is painfully clear from your question your level of noobosity.

Sign up at SO and do the hacking challenges or download a VM:
http://securityoverride.org/challenges/index.php
https://www.vulnhub.com/
https://information.rapid7.com/metasploitable-download.html

: Re: How to exploit that!
: madf0x January 28, 2015, 09:03:49 PM

: d4rkcat  January 28, 2015, 07:58:45 PM

This was great.
Really, trust what these two just told you.
You WILL be going to prison if you try to hack anything that isn't on your computer.
It is painfully clear from your question your level of noobosity.

Sign up at SO and do the hacking challenges or download a VM:
http://securityoverride.org/challenges/index.php (http://securityoverride.org/challenges/index.php)
https://www.vulnhub.com/ (https://www.vulnhub.com/)
https://information.rapid7.com/metasploitable-download.html (https://information.rapid7.com/metasploitable-download.html)

Mm just might want to doubly make sure you use a unique password if you register on SO....