Secuity Holes...

tesr · Post by **tesr** » Fri Nov 07, 2008 10:21 am

Hi all,

I am currently in the process of trying to get into a game that is been neglected by its owners, they have not logged into the site for over 60 days and are not bothered about the site.

I have made countless attempts to contact them about the game, to ask if there is an opportunity to get the script and database from them.

I have tried scanning the website for security issues where i could have someone get in for me but so far have failed to turn anything up for it.

The well know saying is 'Nothing is hacker proof' but this is one that i am going to need help with

The site is wftcity.com and is been neglected so any help in finding ways into the server to obtain a copy of the db and files so that i can develop the script would be greatly appricated.

I know that asking for someone to do this for me outright is something that would anger people, so here i am asking for assistance for finding security breaches for the site.

I hope someone out there can help me with this as many are saying that 'The site is untouchable', seems i don't know the right people

________
Honda ST series specifications

canine · Post by **canine** » Fri Nov 07, 2008 1:02 pm

tesr wrote: The well know saying is 'Nothing is hacker proof' but this is one that i am going to need help with

I have never heard this `saying'.

Anyhow, if they don't want give out their script that their goddamn choice and who are you to say otherwise?

From a technical standpoint, what you are asking is exceedingly difficult. They're running Apache with CentOS. Your plot is subverted.

tesr · Post by **tesr** » Fri Nov 07, 2008 1:36 pm

I see that you have had a look for me. Thanks for your efforts.

As for the saying, you have to look to the fact that recently NASA was hacked by someone and they specialise in technology.

There are games about that have man power, constantly checking logs for access into these kind of things, costing them $$$$$'s a month.

This game on the other hand seems that the admins have decided not to progress with it and so have just forgotten about it.

Its not that the owners have said that they won't sell/give me the coding for it, its that the emails that have been sent have sat unread for over a month and so seems that they no longer view these emails.
________
digital vaporizer

The_Dark_Avenger · Post by **The_Dark_Avenger** » Sat Nov 08, 2008 3:01 pm

Perhaps you haven't been trying hard enough to find vulnerabilities...
Just for example:
there's SQL injection vulnerability in the registration form...

The_Dark_Avenger · Post by **The_Dark_Avenger** » Sat Nov 08, 2008 3:29 pm

Also... they've got pretty updated software... Here's the list of servicees they're using...
Search for exploits of these services (miw0rm.com and others...)

vsftpd (port 21) version 2.0.1
openssh (port 22) version 3.9p1
mysql (port 3306) version: 4.1.20
apache (port 80) version 2.0.52

all this soft is pretty outdated, and i guess each of these services will be vulnerable...

Allosentient · Post by **Allosentient** » Sun Nov 09, 2008 3:30 am

If all else fails you can do something called black-box reverse engineering, just make a copy of their software on your own. If they indeed are not around anymore there won't be anyone around to sue you

tesr · Post by **tesr** » Sun Nov 09, 2008 12:52 pm

Hi all,

Thanks for the comments that you have given me back on this, as i say i am very inexperienced in this sort of thing and the scanning etc has been done by people who claim they have done it.

It seems that there are only ethical hackers available to speak to me as i have managed to find 5/6 hackers but they are all in the ethical market.

I know that two wrongs don't make a right on this, but the codings that i am trying to get from their site were originally stolen from someone else. Proof of that is in the asking of the original developer of the script.

So if anyone here can offer me some assistance in this (or even walk me through it) i would greatly accept the help. If not, at least i have now been informed that there is a way in on the register page.

Now to try figure out the SQL injection i can use on it to get me in....

Any ideas?

Thanks for the help so far

________
jailbroken

tesr · Post by **tesr** » Sun Nov 09, 2008 1:23 pm

Are we allowed to post competitions on the site?

See i was thinking of offering this one out to the community to see who can do it for me... with reward obv.

But wanted to check this isn't breaching rules or insulting you fine people

________
discuss vaporizers

S3th · Post by **S3th** » Mon Nov 10, 2008 6:37 am

hacker.org doesn't have rules really. As the moderators/administrators are not here anymore..
I dunno how people would react to a competition.

Allosentient · Post by **Allosentient** » Mon Nov 10, 2008 4:58 pm

There have been worse things posted here before. The admins are here but don't really care about anything on this section of the site. This site isn't even about cracking, it is about solving mathematical and computer challenges.

I can imagine something eventually happening where the feds find out something is going on so I wouldn't recommend posting anything illegal.

TAOHOOF · Post by **TAOHOOF** » Mon Nov 10, 2008 9:48 pm

Please can anybody teach me how to hack or crack website bcos i don't know how to hack.i really want to be hacker.thanxs for ur time

PaRaDoX · Post by **PaRaDoX** » Tue Nov 11, 2008 1:49 am

TAOHOOF wrote:Please can anybody teach me how to hack or crack website bcos i don't know how to hack.i really want to be hacker.thanxs for ur time

www.google.ca
www.hackthissite.org

enjoy. (of course its just the basics)

TAOHOOF · Post by **TAOHOOF** » Tue Nov 11, 2008 10:29 am

THANX

PaRaDoX · Post by **PaRaDoX** » Wed Nov 12, 2008 2:59 am

you're welcome. DON'T BECOME A FUCKING CRACKER.

S3th · Post by **S3th** » Wed Nov 12, 2008 6:43 am

PaRaDoX wrote:you're welcome. DON'T BECOME A FUCKING CRACKER.

Second.

hacker.org

Secuity Holes...

Secuity Holes...

Re: Secuity Holes...

I need help

Re: I need help

RE