gaining root

ya see my friend has this website but he made it using freewebs. and he wants to see if i can gain root to it. but i dont know how to get the ip of his website. would it be the freewebs ip or would his website have is own ip?

Just ping it?

It will be freewebs, though. They'll run a number of websites (probably a lot, no one visits them) off a dedicated server. They'll have tonnes of servers, though, so you'll still need to find the specific server's IP.

P.S. I doubt you'll get root if you're asking this.

Freewebs website. Read ^.

well ill give it a go im using the article on gaining root. i just need to know the ip address. any any ideas on finding the server its running off

cmd

ping <site>

yeah but it just says uknowen host

ok ive used putty to get it and now im asked for user name and password in http://www.hellboundhackers.org/readarticle.php?article_id=183 is says to log in as anon and teh password should be anonymous but that doesnt work!! can any1 help?

hmm, out of curiosity why use ping for a DNS query? Seems a bit pointless to give your IP to the server just to find out it's IP when you can just DNS it using nslookup, dig, host, etc.

Whenever I'm investigating a new server I actually block it's IP with my router or IDS software initially to prevent any direct connections AT ALL. Better safe than sorry. ;)

yes i spose but this is my friends site…or will freewebs get pissed off? and btw do u no wat username or passwords i cud try out?

Oh and I think the article you're referring to is about the rooting challenge that just happened, there will NOT be a default pass of anonymous on every server.

My advice would be don't even attempt to root an internet server with the amount of knowledge you don't have, you are asking to get busted. If you end up getting in by accident you will no doubt leave traces of your entry all over the place (can you say LOG FILES).

Playing around with SQL or JavaScript injection and gaining admin rights to some tom joe's website is one thing… rooting an actual server that belongs to an internet services company is another. If you don't know completely what you are doing, then dont try.

lol kk. whoa thanks for the heads up dude. that coulda got nasty!!!! well do you have any tips on any java or sql injections i could do?

well if he wrote his site with PHP/MySQL then you could try and play with the any variable input to get an error (that will tell you if its vulnerable), you can use javascript to manipulate data in forms, cookies, etc and you can sometimes use XSS to steal cookies and crap.

Just study the site and get a feel for the code, then use logic and a little imagination to find a weakness.

what exactly is stealing cookies, is it stealing other peoples cookies to see what sites they visited or am i way off track?

Well cookies can hold a number of things, such as the last time they visited, their name's, etc. The most useful data collection from a cookie would be a username/password. Even the most secure sites can fall to simple XSS attacks.

Neoquesty wrote: lol kk. whoa thanks for the heads up dude. that coulda got nasty!!!! well do you have any tips on any java or sql injections i could do?

I strongly suggest you learn about sql injections, javascript injections. like, ffs java != javascript. 2 different laguages. And also, we cant just say "oh use this sql injection" because it probably wont work. The amount of times sql injection actually works is extremely low. Take the time to map out the site, save all the files on your hard drive, view the source for each page. Spend time lookinig for exploits on the server, you need to do your research before attempting a hack, or you will be busted.

To further refine what fagitz said, the main use of XSS cookie stealers is to steal admin session cookies. When you replace your cookies with a stolen admin's session cookie the website thinks you are logged in as them.

I would agree that you definitely need to research. Learn PHP, JavaScript and SQL and read up on injection and XSS. Then get a few good proxies and go play :P

kk ty guys ill have my head in the books from now on.

just to point out.

freewebs, only hosts html sites. So SQL injection wont work.

basically - you wont be able to hack a freewebs site. you wont be able to root it.. unless your extremely skilled, and from your "java or SQL injections" it seems you really dont know alot.

Nicely said Mr_Cheese. I agree, since you think javascript injection is the same as "java injection" then you really dont know alot.

And Mr_Cheese thanks for pointing they only host .html files, i totaly forgot eh:@

nononnno i knew java and javascripy were different. java is a way more powerful lnaguage. i was just being lazy and not writing javascript. i know. really stupid:(

Dont be so harsh on the kid. He's probably just learning. Pm I found the root and I actually got in and changed some info.

Dont be so harsh on the kid. He's probably just learning. Pm I found the root and I actually got in and changed some info.

ty dude. you learn from everything!! and i learned from this. so its a good thing. you found root to what?

the RootWars that HBH has setup

Speaking of root wars, is it down now? :S