modifying a webpage
yours31f wrote: From what i understand, he thinks if you dl a page you can edit it and send it back, and that is web hacking. I dont think he understands how servers work.
I know. However, I think you ALSO don't know how servers work. HTML has, actually, very little to nothing to do with editing files on another server.
Enjoy your standard "HTML-first" procedure while you can, asshat.
yours31f wrote: From what i understand, he thinks if you dl a page you can edit it and send it back, and that is web hacking. I dont think he understands how servers work.
So, what does html have to do with web hacking?
@harry_potter28: Find a vulnerability, exploit it, upload the page.
Common vulnerabilities:
XSS (Cross-Site Scripting) - In my experience, the most common vulnerability. Also, the most underestimated. Using this you can do whatever the client can. You can steal sessions, send requests to pages that the user was on and possibly have admin on (using ajax), etc. To exploit it you would most likely code a script, put it on a server, and use the vulnerability to make the client execute that script.
SQL Injection - Not as common, but it's powerful if you find one. It allows you access to the sql server. Using this you can get user-names/passwords and potentially alter information, execute shell commands (MS SQL only), and add shells. All of that depends on the server and the query.
CSRF (cross-site request forgery) - Basically a form of XSS, but instead of using javascript, it uses html. You can exploit this by setting up an iframe, image, etc. that does a get request to the server and hopefully you alter information.
LFI/RFI (Local/Remote file inclusion) - This is where you exploit the administrators code to include files. If it's remote, you can make it request a php/asp/etc. script that you wrote which will allow you to edit files. Local isn't very much of a threat unless they are blocking access through the use of .htpasswd/.htaccess files. If they are, just request the .htpasswd file and you'll get the username/password. It's one of my favorite vulnerabilities.
Misnamed Files - This isn't an official type of vulnerability. It just stems from the administrators lack of thought. You can potentially find usernames and password for sql, etc. from configuration files.
That's a lot of web based vulnerabilities, there are many more, but those are the more common ones. I'm not a rooter, though, so I can't really give you any information to help you on that part.
hacker2k wrote: Common vulnerabilities:
XSS (Cross-Site Scripting) - In my experience, the most common vulnerability. Also, the most underestimated. Using this you can do whatever the client can. You can steal sessions, send requests to pages that the user was on and possibly have admin on (using ajax), etc. To exploit it you would most likely code a script, put it on a server, and use the vulnerability to make the client execute that script.
SQL Injection - Not as common, but it's powerful if you find one. It allows you access to the sql server. Using this you can get user-names/passwords and potentially alter information, execute shell commands (MS SQL only), and add shells. All of that depends on the server and the query.
CSRF (cross-site request forgery) - Basically a form of XSS, but instead of using javascript, it uses html. You can exploit this by setting up an iframe, image, etc. that does a get request to the server and hopefully you alter information.
LFI/RFI (Local/Remote file inclusion) - This is where you exploit the administrators code to include files. If it's remote, you can make it request a php/asp/etc. script that you wrote which will allow you to edit files. Local isn't very much of a threat unless they are blocking access through the use of .htpasswd/.htaccess files. If they are, just request the .htpasswd file and you'll get the username/password. It's one of my favorite vulnerabilities.
Misnamed Files - This isn't an official type of vulnerability. It just stems from the administrators lack of thought. You can potentially find usernames and password for sql, etc. from configuration files.
That's a lot of web based vulnerabilities, there are many more, but those are the more common ones. I'm not a rooter, though, so I can't really give you any information to help you on that part.
Ok this desription was vague, confusing stupid and wrong. Please don't do this again and research these vulnerabilities in more depth. For instance cross-site scripting–>attacker injects code/script, which is then processed and executed by the server. Cross-site request forgery–>attacker embeds malicious request in a link/img etc. which is then executed by other user that visits the link/views the image, without even noticing it. SQL injection doesn't give you acces to the sql server, but allows you to inject and execute your own sql queries. LFI allows you to view files on the server you found the exploit in. It could be used to get the passwd file from the server or view source of some pages ( this varies and depends on the extent of the exploit itself ), whereas RFI allows you to include and execute content ( most likely php ) on the remote server. Then you can get a shell on the server and upload files/backdoor. However this vulnerability is slowly dying off, since now-a-days by the default installation of apache, remote file inclusion is restricted.
clone4 wrote: [quote]hacker2k wrote: Common vulnerabilities:
XSS (Cross-Site Scripting) - In my experience, the most common vulnerability. Also, the most underestimated. Using this you can do whatever the client can. You can steal sessions, send requests to pages that the user was on and possibly have admin on (using ajax), etc. To exploit it you would most likely code a script, put it on a server, and use the vulnerability to make the client execute that script.
SQL Injection - Not as common, but it's powerful if you find one. It allows you access to the sql server. Using this you can get user-names/passwords and potentially alter information, execute shell commands (MS SQL only), and add shells. All of that depends on the server and the query.
CSRF (cross-site request forgery) - Basically a form of XSS, but instead of using javascript, it uses html. You can exploit this by setting up an iframe, image, etc. that does a get request to the server and hopefully you alter information.
LFI/RFI (Local/Remote file inclusion) - This is where you exploit the administrators code to include files. If it's remote, you can make it request a php/asp/etc. script that you wrote which will allow you to edit files. Local isn't very much of a threat unless they are blocking access through the use of .htpasswd/.htaccess files. If they are, just request the .htpasswd file and you'll get the username/password. It's one of my favorite vulnerabilities.
Misnamed Files - This isn't an official type of vulnerability. It just stems from the administrators lack of thought. You can potentially find usernames and password for sql, etc. from configuration files.
That's a lot of web based vulnerabilities, there are many more, but those are the more common ones. I'm not a rooter, though, so I can't really give you any information to help you on that part.
Ok this desription was vague, confusing stupid and wrong. Please don't do this again and research these vulnerabilities in more depth. For instance cross-site scripting–>attacker injects code/script, which is then processed and executed by the server. Cross-site request forgery–>attacker embeds malicious request in a link/img etc. which is then executed by other user that visits the link/views the image, without even noticing it. SQL injection doesn't give you acces to the sql server, but allows you to inject and execute your own sql queries. LFI allows you to view files on the server you found the exploit in. It could be used to get the passwd file from the server or view source of some pages ( this varies and depends on the extent of the exploit itself ), whereas RFI allows you to include and execute content ( most likely php ) on the remote server. Then you can get a shell on the server and upload files/backdoor. However this vulnerability is slowly dying off, since now-a-days by the default installation of apache, remote file inclusion is restricted.[/quote]
Your description of SQL, LFI, RFI, CSRF, are the same as mine. XSS is wrong though. The code that you inject is not executed by the server. It is executed by the browser that the client is using. LFI I had stated that it allowed you to read files on the server, however it isn't really of much use unless they are protecting a directory by .htpasswd. /etc/passwd shows you nothing since the password hashes are stored in /etc/shadow. RFI, I said you can get a shell, etc. It is most likely php, but it can also be in asp, etc. It depends on what language the page is in. As for CSRF, it depends on the privileges of the user. If the user is an administrator, you can edit information. SQL injection, yeah, you have access to the mysql server. Depending on where you found the vulnerability and what the script does gives you what you can do. I believe I said that in my description. If the server is MS SQL you can do shell commands with xp_cmshell (not sure if that's the command, have to look it up). You can use INTO OUTFILE which someone said in another post to create files and upload a shell through it (thanks again whoever posted that).
So, now, will you please tell me how my descriptions are stupid and wrong?
You're both stupid. Why are you trying to define terms that have been defined already? There's wikipedia articles, white-papers and malicious code snippets out there from which you can learn. You two hardly contribute any information to the subject. Au contraire; your mindless babbling results in foul-informed members here at HBH.
Shut up, watch, learn. Both of you.
hacker2k wrote: /etc/passwd shows you nothing since the password hashes are stored in /etc/shadow.
It lets you enumerate users.
I believe I said that in my description. If the server is MS SQL you can do shell commands with xp_cmdshell (corrected). You can use INTO OUTFILE which someone said in another post to create files and upload a shell through it (thanks again whoever posted that).
That was system… MySQL has load_file() to view files on the server as well (as an alternative to LFI).
Just throwing those small bits in there… please continue with the disagreement. :)
spyware wrote: You're both stupid. Why are you trying to define terms that have been defined already? There's wikipedia articles, white-papers and malicious code snippets out there from which you can learn. You two hardly contribute any information to the subject. Au contraire; your mindless babbling results in foul-informed members here at HBH.
Shut up, watch, learn. Both of you.
Sir yes sir, but first, I'd like to say that my information was true as compared to clone4's retarded restatements and wrong definitions. Also, I'm sure it would help the topic of you enlightened us.
@Zephyr: Hmm, yeah, didn't think about that. Maybe you could find like a test account or guest account of some sort on the server through that.
hacker2k wrote: Sir yes sir, but first, I'd like to say that my information was true as compared to clone4's retarded restatements and wrong definitions. Also, I'm sure it would help the topic of you enlightened us.
Me? Me enlightening you? What have I to say that others haven't? I am merely a information carrier. What value will my words have, when I speak of what others have spoken? None. None at all.
I will NOT act as a bringer of information. Retriever of data. Supplier of text. Google seems happy with it's job, and is good at it.
If you want to know stuff about webappsec, go ask RSnake and companions. However, if you behave there like you behave here, I see nothing but trouble on your path.
Consider yourselves warned.
spyware wrote: You're both stupid. Why are you trying to define terms that have been defined already? There's wikipedia articles, white-papers and malicious code snippets out there from which you can learn. You two hardly contribute any information to the subject. Au contraire; your mindless babbling results in foul-informed members here at HBH.
Shut up, watch, learn. Both of you.
Point wasn't to define, but correct stated information, because it wasn't exactly right…
@OP: The think inted to do requires either to root the server the website is hosted on. For that you would need to scan the server for opened services and then be able to exploit them ( doubt you could ). You could also try Social engeneering on the admin and somehow get the password e.g. for ftp/ssh. Finally you can try this via web hacking, eg the aforementioned RFI. But from your post, I think it is save to assume that you have very low knowledge of any of these, so if you really want to start to learn 'hacking' digg in here, read articles, programming etc. Use google, and forum to answer any further questions…
@hacker2k: Whatever, spy is right, I won't argue. If you wan't finish this off, pm me ;)
hacker2k wrote: Sir yes sir, but first, I'd like to say that my information was true as compared to clone4's retarded restatements and wrong definitions. Also, I'm sure it would help the topic of you enlightened us.
Wow that hurt a little :D haha well if you think so, go on and stay in your imagination land. End of story
clone4 wrote: @hacker2k: Whatever, spy is right, I won't argue. If you wan't finish this off, pm me ;)
And deprive us of the entertainment? How very selfish of you.
Zephyr_Pure wrote: [quote]clone4 wrote: @hacker2k: Whatever, spy is right, I won't argue. If you wan't finish this off, pm me ;)
And deprive us of the entertainment? How very selfish of you.[/quote]
:D:D this actually made me laugh out loud. I would but there literally is no point…
Edit: reaction to the post below, because I don't want to further hijack this thread and go on in this stupid flame.
Ha, yeah. I've googled, I just thought that since we are babbling and stupid and should "shut up, watch, and learn", you would like to tell us what we are mistaking. And, for your information, I'm not just some random moron that knows nothing, has no experience, etc. I've done SQL injections, XSS, CSRF, etc. with great success. Not very much set upt yet, but here is what I've been up to: http://jonnycake.kicks-ass.net/hacks.php. Maybe those can also as examples of these vulnerabilities. My apologies for the RFI, though, I didn't screenshot it.
wow you've found couple of vulnerabilities on some websites, well congrats. My respect, will you be my mentor ?!
spyware wrote: [quote]hacker2k wrote: Sir yes sir, but first, I'd like to say that my information was true as compared to clone4's retarded restatements and wrong definitions. Also, I'm sure it would help the topic of you enlightened us.
Me? Me enlightening you? What have I to say that others haven't? I am merely a information carrier. What value will my words have, when I speak of what others have spoken? None. None at all.
I will NOT act as a bringer of information. Retriever of data. Supplier of text. Google seems happy with it's job, and is good at it.
If you want to know stuff about webappsec, go ask RSnake and companions. However, if you behave there like you behave here, I see nothing but trouble on your path.
Consider yourselves warned.[/quote]
Ha, yeah. I've googled, I just thought that since we are babbling and stupid and should "shut up, watch, and learn", you would like to tell us what we are mistaking. And, for your information, I'm not just some random moron that knows nothing, has no experience, etc. I've done SQL injections, XSS, CSRF, etc. with great success. Maybe those can also as examples of these vulnerabilities. My apologies for the RFI, though, I didn't screenshot it.
@clone4: Nah, I don't do pms, don't help anyone else. I like to have information sitting on a forum where other people can see and hopefully won't make the same mistake whether or not I'm right.
Edit: Reaction to above: Lol, I was just saying that I actually know how to do this and basic vulnerabilities. He seemed to think that I was a retard that wanted to be an 31337 h4x0r. I'll take the link off if it's retarded. Oh, and it also shows that XSS is not executed by the server, it's executed by the client.
Edit2: BTW, it was directed to spyware, not you.
Edit3: Oh, btw, I think being able to find any vulnerabilities is great for someone of my age and with the small amount of time I have been learning (only about like 4-6 months of actual learning) and I'm actually getting paid to do this, I'm sure you can' t say that (and say you've had success with the test).
wow how fucking cocky are you. No I'm not paid for anything, and yes I've probably been doing hacking longer, but who gives a shit how old are you or if you are paid for something ?! How do you even know I want to be paid for this, how do you know that I want have career within the compter security. I do this for fun, and I don't need approval of some little fuck like you are…
btw yes you were right about the xss ( string processed by server–>executed by browser ), see I can admit when I'm wrong, opposed to stubborn idiot like you
clone4 wrote: wow how fucking cocky are you. No I'm not paid for anything, and yes I've probably been doing hacking longer, but who gives a shit how old are you or if you are paid for something ?! How do you even know I want to be paid for this, how do you know that I want have career within the compter security. I do this for fun, and I don't need approval of some little fuck like you are…
btw yes you were right about the xss ( string processed by server–>executed by browser ), see I can admit when I'm wrong, opposed to stubborn idiot like you
Oh, thanks. Finally you admit you were wrong. All it took was to piss you off enough. But, again, most of my post was directed to spyware and not you. You just seem to like to say stuff so I figured I could say something to make you mad. It worked :D. Again, please state what I was wrong about? I invited spyware to enlighten us so we could learn something, but he didn't want to. Maybe you can tell me something I said wrong. Also, I didn't plan on getting paid until I was offered. I found a vuln, told the admin, admin offered to pay me if I tried to find new vulns, I took the offer because I would like to buy a couple books. I too do it for fun, but if you get offered money, you aren't going to turn it down.
Edit: Btw, I had nothing to admit I was wrong about that I was wrong. The whole conversation basically revolved around you thinking that XSS was server-side. I'm stubborn? And, yes, I am cocky, but, hey, if you admitted that XSS was client-side then half this thread wouldn't exist. I'm only cocky if I find it necessary to teach someone something :O.
Wow. This is bad soap opera material.
Anyhow, seeing that the OP hasn't returned there is no point in trying to correct a mistake made by either one OR both of you. Obviously he hasn't come back and will NOT see your mindless blabbering.
Oh, and spyware, if Yours31f was given a root access to a server he would find away to save all of his precious downloaded techno song remixs to free up some gigs on his PC.
Listen, harry_potter28, I will let you in on the hackers secret to web page editing. The only rule we request is dont mess up a website without a decent reason and dont spread the secret to any friends unless you trust them WITH YOUR LIFE.
You can edit any web page with the following code :
javascript:document.body.contentEditable ='true'; document.designMode='on'; void 0;```
enter this in the url bar (in the spot you put a website address)and you can do what you please. You didn't hear the secret from me. Oh and make sure you use a proxy so they dont get your real ip ;)
Resource: "fun with xss" - exidous
fashizzlepop wrote: Wow. This is bad soap opera material.
Oh, and spyware, if Yours31f was given a root access to a server he would find away to save all of his precious downloaded techno song remixs to free up some gigs on his PC.
nah, i have a an xdd for that, and btw, I don't do remixes anymore. only my own creations, but that is on the back burner for now.
Infam0us wrote: Listen, harry_potter28, I will let you in on the hackers secret to web page editing. The only rule we request is dont mess up a website without a decent reason and dont spread the secret to any friends unless you trust them WITH YOUR LIFE.
You can edit any web page with the following code :
javascript:document.body.contentEditable ='true'; document.designMode='on'; void 0;```
enter this in the url bar (in the spot you put a website address)and you can do what you please. You didn't hear the secret from me. Oh and make sure you use a proxy so they dont get your real ip ;)
Resource: "fun with xss" - exidous
LOL, don't refresh or you will ruin your masterpiece!