What to do now?

ParadiseHack · Post by **ParadiseHack** » Sun Jun 15, 2008 11:46 am

hey, guys i today i was playing with google and suddenly i found a website which contains allot of security holes, i have got into the /cgi/etc directory , there is a list of files like, passwd,.htpasswd,aliases,pwd.db etc.etc and now i want to know that can i hack into site or not? if so then how???

jack krauser · Post by **jack krauser** » Sun Jun 15, 2008 1:00 pm

ParadiseHack wrote:hey, guys i today i was playing with google and suddenly i found a website which contains allot of security holes, i have got into the /cgi/etc directory , there is a list of files like, passwd,.htpasswd,aliases,pwd.db etc.etc and now i want to know that can i hack into site or not? if so then how???

that wouldn't be a smart move!!!

inform the admin for the security holes.

but if you really want to hack it first find where the logs are located and find a way to clear them all cause it will be very easy for the admin to find you if you don't.

ParadiseHack · Post by **ParadiseHack** » Sun Jun 15, 2008 1:52 pm

Muwahahaha, u think i'm a kid

, i used JoHNthe Ripper and JAack to crack passwd, pwd,and Shadowed password files, but wait... I m not that much bad... i informed the administrator but he says that they were configuring the database ... anywayz, i have a file if anybody can decrypt it so decrypt it if you can

root:*:0:0:Super User:/root:/bin/csh daemon:*:1:1:Daemon:/nonexistent:/sbin/nologin operator:*:2:5:Operator:/nonexistent:/sbin/nologin bin:*:3:7:Binaries:/nonexistent:/sbin/nologin tty:*:4:65533:tty Sandbox:/nonexistent:/sbin/nologin kmem:*:5:65533:kmem Sandbox:/nonexistent:/sbin/nologin games:*:7:13:Games:/nonexistent:/sbin/nologin news:*:8:8:News Subsystem:/nonexistent:/sbin/nologin man:*:9:9:Man Pages:/nonexistent:/sbin/nologin ftp:*:14:5:Anonymous FTP Admin:/usr/ftp:/nonexistent bind:*:53:53:BIND

i cant decode it!! can any body please?

Allosentient · Post by **Allosentient** » Sun Jun 15, 2008 8:21 pm

Where do you get your proxies?

The_Dark_Avenger · Post by **The_Dark_Avenger** » Mon Jun 16, 2008 11:22 am

ParadiseHack wrote:Muwahahaha, u think i'm a kid , i used JoHNthe Ripper and JAack to crack passwd, pwd,and Shadowed password files, but wait... I m not that much bad... i informed the administrator but he says that they were configuring the database ... anywayz, i have a file if anybody can decrypt it so decrypt it if you can

root:*:0:0:Super User:/root:/bin/csh daemon:*:1:1:Daemon:/nonexistent:/sbin/nologin operator:*:2:5:Operator:/nonexistent:/sbin/nologin bin:*:3:7:Binaries:/nonexistent:/sbin/nologin tty:*:4:65533:tty Sandbox:/nonexistent:/sbin/nologin kmem:*:5:65533:kmem Sandbox:/nonexistent:/sbin/nologin games:*:7:13:Games:/nonexistent:/sbin/nologin news:*:8:8:News Subsystem:/nonexistent:/sbin/nologin man:*:9:9:Man Pages:/nonexistent:/sbin/nologin ftp:*:14:5:Anonymous FTP Admin:/usr/ftp:/nonexistent bind:*:53:53:BIND

i cant decode it!! can any body please?

There's nothing to decode. It's a basic /etc/passwd file. In old days there were encrypted passwords, but now they are stored in another file (which * means). this file is /etc/shadow, for every active user there's a hash, by default it's MD5, sometimes stronger "blowfish" is used (algorithm is defined by module pam_unix.so). Only root can access this file.

hacker.org

What to do now?

What to do now?

Re: What to do now?