Gaining Access To A Flash Site

Right then, lets say I wanted to deface a purely based flash site. Company site, nothing but one .swf file, bit of javascript, and a .pdf document or two. Any idea how i'd go about this? I know how to get the flash file and edit, but it's more getting it there, basically just vunerabilites.

is there a login part to the site?

Post a link.

These are simple. Download all the flash files and you have complete control over the site. Its like having the ability to view all the source of a PHP based website

You dont have 'complete control' over the site at all if you get its source.

Also, you'll just be having all of the swf files….which are the exported version of the actual files. You're gonna need something like ASViewer if you want to do anything worthwhile, and even at that, there are ways ro protect.

Root it, then you're going somewhere.

I'd like to see the link to thsis site?

Cheers

Dantronix B)

hm, it's entirely flash but i cant get the files somehow, and no there's no login section etc.

It's not me wo has a problem with it, it's pretty much an entire department inthe company, they want it to get attacked because it is basically just a flash presentation that doesnt look good, but the boss thinks it's incredible as it;s flash, and refuses to change it.

I'd like to point a few things out.

1 - you have provided no proof that your dad works for the company whose site it is 2 - it's not your, or your dad's site to deface 3 - the person whose site it is, you have just clarified, does not want it defaced

So, essentially, not only is this thread is nothing more than a glorified "Hack this site for me" thread, but its also pretty illegal.

I just thought I'd point that out.

this wasnt a "hack this site" thread, it was just a "could this site be hacked" thread, meaning look for vulnerabilities, therefore it is not illegal, since it goes on the same principle of the legality of this site. The fact that there is information here, and no one is responsible for actions you take because of it

Aenman's right, I'm not asking anyone here to do anything on it, I'm just looking for vunerabilities.

thanks you, it's good im not the only 1 who reads the rules

OK. Well lets put it this way.

Aenman123, you yourself have admitted to peeking around this website looking for vulnerabilities. The question was how he could hack a site, he even named the fucking company he wants to hack and he's freely giving away the URL in PMs.

No offence, lil-old-me, but for all we know, this stuff about your dad working at the company and a department wanting it defaced COULD be bullshit.

I'm not accusing anyone of anything. I just thought I'd point out the illegality of this thread.

Should you have just said "hypothetically, how would I go about doing this…", then it would be fine. But you've named the company, and should that site get hacked, I'd say that hellboundhackers is gonna seem pretty fucking liable.

wen did i say i tried to hack the site, i dont know what ur talking about, and hbh cant be liable b/c theres the disclaimer

HBH provides a free of charge, legally safe training environment to the public for the sole purpose of Internet security, doing so puts us in legal risk if certain rules are not followed. By logging into, or by viewing anything on this site you agree to the following ToS (Terms of Service):

1. You agree that you are not affiliated with, a member of, or related to anyone who is a current, past, or future member of said "Police", and will not inform said "Police" of any information, large or small, contained on this remote database, nor to the usernames of said "member(s)" involved in legal procedures (I.E. Booking, charging, sentencing, trials, and/or parole hearings); Nor are you using any computer owned by/used by/or able to be used by said "Police"

2. You agree to use the information stored on "HBH" including but not limited to "Articles", "Exploits", and/or "Challenges" or any information stored in the 'forums' for educational/personal information and will strictly abide by all legal rules stated by your countries government, under consequence of law. Also, you will not use said information for any server/malicious hacking of HBH's remote website, doing so will void said "Terms of Service".

3. In the event of said legal action occurring, HBH severs all ties with said "member(s)" and is not able to be held liable for any information/tips/tricks/programs supplied by said site; Also in the event of said legal action occurring, if asked HBH will remove all user(s) involved in said legal action, and will void ToS.

4. HBH and all information contained within/associated with HBH is strictly the collective property of the Hellbound Staff, in accordance with ToS refrain from re-using/reproducing/copying/editing any part of this remote website in whole or in part; Said actions will result in ToS becoming void, and username(s) owned by said "Member(s)" being removed from the database.

5. Any or all legal action brought upon HBH is to be dealt with separate from said "Member(s)" and as such any illegal statements made by said "Member(s)" is to be ignored/nullified by said "Police" if a search is warranted.

6. Any actions taken by administrators must be respected by said members, if said members refuse to accept judgement against them are no longer associated with said HBH, HBH admin team, and/or other members of HBH. Any and all evidence found on said ex-members PC, macs, and/other boxes are evidence belonging legally to that said owner and no owner/member involved in HBH.

7. Any members presented with legal troubles will not be funded/helped/encouraged in any way/shape/form until said legal troubles are handled; Any funds encouraging messages/help is done at the risk of said members and is not tied to HBH even if stated by an admin;

8. Any member caught defacing a website and linking back to HBH in any shape or form including iframes and "shouts" will result in the said member being banned from HBH and having their IP black listed. HBH will not be held responsible for your actions nor justify them.

By agreeing to these ToS you agree to follow all terms under void of ToS; Voiding of ToS will cause deletion of user account from database and/or banning of said user's IP address; attempting to bring legal action against HBH will also result in voiding of ToS;

USE AT YOUR OWN RISK. (Not ours)

Thanks, Mr_Cheese, Grindordie

Hm, Aenman is right but I do get what your saying Bobby and I get where your coming from. Serously no-one try to hack the site please, look for vunerbilities by all means but dont hack, coz I know I've said I've said i might but like i mentioned earlier they really need it this week, sales seminar or summit.

try fixing ur original post, saying hypathetically, would it be possible to…

that could help too

aenman123 wrote: wen did i say i tried to hack the site, i dont know what ur talking about, and hbh cant be liable b/c theres the disclaimer

Anyone can delete their posts aenman, it just take a special kind of person to do it and then plead innocence.

And all that stuff about when you use the forums, you have to talking about stuff that isn't illegal, did you miss that part of the disclaimer out?

I agree with both BobbyB and Aenman. But the last sentence from Bobby would sum it all up to the fact that either asking to hack or asking for vulnerabilities it's still all done on HBH. They've already had problems with legal issues. To make things all fine lil-old-me you should continue this (if you choose) on an Instant Messenger.

lil-old-me wrote: Please if anyone feels inspired dont do anyting till next week, coz they need it this week to sell things.

To me, that translates as "Feel free to hack this site, just not until next week." And you can't just go looking for vulnerabilities, that can still be illegal.

No problem, I've also eddited my initial post and the one where i mention the company name etc.

-edit- Aye I know Bobby I just eddited that.

BobbyB I totally agree with you on this.
I did look at the site(not for vulnerabilities BUT to see why his "DAD" does not like it.) The truth is it is not too bad a page. just a little bad on the image size put into the flash.
Leave well enough alone and either do the hack yourself OR delete this thread. That is my opinion because this is a quite illegal posting (as BobbyB did point out)

Delete the thread, makes everyones lives easier.