Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Real 16 Noob 2 Noob


Real 16 Noob 2 Noob

By ghostghost | 7355 Reads |
0     0

Spam Company

Mozzer is a freelance website developer. One of his projects from 6 months ago turned out to be for a corportate spamming company. When he went back to check on it he was horrified and set about trying to hack his own code. Unfortunately he couldn't find anything but noticed that there have been some slight alterations to his code. He mentioned something about "common directories", "session management" and ".inc files". Once you get access you will need to use the post system to edit the email database to say "admin@spamco.com". Hopefully a dose of their own medicine will sort this company out!!

Difficulty: Very Hard

Tools of the trade:-

  1. Tamperdata/Live HTTp Header (cookie reading)
  2. User agent switcher
  3. Should have read http://www.cgisecurity.com/lib/SessionIDs.pdf or should posses’ knowledge about session management.
  4. Should posses’ knowledge about "common directories" and ".inc files".

Mission: Get in as admin, and to use post system to edit the email database.

Now to get in as admin, we could try different things Look for admin directory, edit cookie, robots.txt etc.

But Notice what Mozzer mentioned in his message, something about session management Well… so for attacking the Session ID,

  1. Either we should know the admin’s Session ID or
  2. We would use our Session ID to inject in his cookie

The first one seems pretty tough, but the second one is possible.. How???? If we some how get the admin to click on a link with our Session ID.

To find your Session ID use Tamper data or Live HTTP Header, though you may use JavaScript… but why write when you can just copy-paste.

Make use of the directory that is used to include files and remember we have to login as the admin, so use the login.php url.

Now where to put the URL.. As stated before, we have to make the admin click on our url So where could we possibly use it, right the “Error Reporting” link.

Enter the url and submit it.

When you click on post message link, Enter address as admin@spamco.com [without the quotes]… Click to post.

Either the page would change due to META Tags or your post would not be submitted, check the source of the page "post message link" to know why.

Use the “logs” to answer your question. Still stumped!!! Well we didn’t use the 2nd tool of trade.

PS : Comments required especially from -The_Flash- & Killstream

Comments
ghost's avatar
ghost 17 years ago

good job it wouldve been nice if you showed us the "second tool of trade":happy::D

jaggedlancer's avatar
jaggedlancer 17 years ago

That really explained alto to me, Thanks :D but as above adding the useragent bit would be good but spose you cant spoon feed us :happy:

ghost's avatar
ghost 17 years ago

The link was a good read

ghost's avatar
ghost 17 years ago

@turbocharged_06,jaggedlancer & Priya_Samuel Thanx For The Appreciation…..

ghost's avatar
ghost 17 years ago

@SsAgEnT Thanx For The Appreciation…..

ghost's avatar
ghost 17 years ago

very nice job beating the challenge and writing up the article. had me stumped for a while .. should have thought of this sooner. ill be doing it later on i guess. 5 out of 5

ghost's avatar
ghost 17 years ago

Very nice man, i think youre not a noob

ghost's avatar
ghost 17 years ago

@Larika I Am A N00B Trust Me,If I Would Have Been An Elite I Would Have Used Firefox Instead Of IE For Real15…(I Think I Told You That)

Thanx For The Appreciation…..

ghost's avatar
ghost 17 years ago

This article is AWESOME. Again, your articles helped me. Thanks a lot. Now I know that exploit and it will sure help me. Thanks

ghost's avatar
ghost 17 years ago

@kaksii Thanx For The Appreciation…..

mikispag's avatar
mikispag 17 years ago

Awesome! Thank you for the article!

ghost's avatar
ghost 17 years ago

@mikispag Thanx For The Appreciation…..

ghost's avatar
ghost 17 years ago

Nice article - helped me out completing this one. Nice work.