Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Find information about victim

  1. Home
  2. Forum
  3. Web hacking
  4. Find information about victim

ghost's Avatar

ghost

0 0

How can I find where exactly victim's site bought host and domain ???

And some1 explain me this problem please : I went to http://www.networksolutions.com/whois to whois victim.com , and this is the result :

Domain Name: VICTIM.COM
...
Domain servers in listed order:
NS1.XX.NET 	66.98.XXX.XX
NS2.XX.NET 	66.98.XXX.XX

–> So victim bought host and domain at XX.NET . Ok , I went to networksolutions and whois XX.NET , this is result :

Domain servers in listed order:
NS1.XX.NET 
NS2.XX.NET

Ok , now I tried to hack XX.NET . God , see the etc/passwd I hacked :

XX:x:32003:506::/home2/XX:/usr/local/cpanel/bin/noshell
VICTIM:x:32274:777::/home2/VICTIM:/usr/local/cpanel/bin/noshell

S**t , why XX is the user as VICTIM . And I also find some user's domain that sell host and domain . So what exactly where victim bought host and domain .

:( Please some1 explain more clear for me about this problem ?


Mr_Cheese's Avatar

Mr_Cheese

0 1

goto: www.whois.net/

then it gives you the name/address/contact number/email/server.. everything you need to know about the person who registered the site + where / who hosts it.


ghost's Avatar

ghost

0 0

Ok , I did like you said and the result is : Registration Service Provided By XX (that's XX.net I said) And when I whois XX.net there's no result like that . —> So victim really registered host and domain at XX.net

—> So my problem is that : why in etc/passwd that I found XX is the user like victim :

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
..............................
XX:x:32003:506::/home2/XX:/usr/local/cpanel/bin/noshell
VICTIM:x:32274:777::/home2/VICTIM:/usr/local/cpanel/bin/noshell

—> So XX is not root ???


n3w7yp3's Avatar

n3w7yp3

Member
0 0

No, not always…. and, these appear to have shadowed passwds (i'm not gonna explain this becase if you can get /etc/passwd you probably know what that is).

Now, like i said depending on the domain, the user may have thier own seperate account, and they may also have the root acct. dump the hashes into john, and then try and login to root with thier user passwd (or just crack the root passwd). Or use a local exploit… whatever…

BTW, i find it quite odd that you can grab /etc/passwd, but can't use whois…


ghost's Avatar

ghost

0 0

No, not always…. and, these appear to have shadowed passwds (i'm not gonna explain this becase if you can get /etc/passwd you probably know what that is).

Now, like i said depending on the domain, the user may have thier own seperate account, and they may also have the root acct. dump the hashes into john, and then try and login to root with thier user passwd (or just crack the root passwd). Or use a local exploit… whatever…

Ok , I know it's the shadowed passwds and cracked it . And thanks , now I found that you're true . The etc/passwd that I had is XX.net's and I dump the database config of them , I had every answers :o

BTW, i find it quite odd that you can grab /etc/passwd, but can't use whois…

:p Like I said , I went to networksolutions to whois victim and XX.net . And when I had the etc/passwd of XX.net , like I said , I don't understand why XX.net is not root ? (But now understood) . So it's the reason why I ask you about whois , before that I thought that I'm wrong :)


n3w7yp3's Avatar

n3w7yp3

Member
0 0

Ah, kk, I was just misunderstanind you. I didn't mean any offense ;)

BTW, in most *nix distros (inclusing Linux) there is a whois command. try it out ;)