Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Hacking a Vote Panel.

  1. Home
  2. Forum
  3. Web hacking
  4. Hacking a Vote Panel.

ghost's Avatar

ghost

0 0

Oksy so on this private server I play on they have a vote panel, if you vote for them you gain 1 vote point. The thing is, you can only vote once every 12 hours. The page is here:http://208.43.192.210/avsnew1/. What would be some kind of javascript injection to break the timer?


ranma's Avatar

ranma

Member
0 0

Most likely not, but if you give us your user/pass we could see what we could do.

PM me if you trust me ;)


ranma's Avatar

ranma

Member
0 0

After checking it out: Dude, cheating blizzard=not cool. Also, hacking them probably= very difficult. I'm sure they use IP to check votes or most likely users with a server-side code to check for hours.


ghost's Avatar

ghost

0 0

Its not through Blizzard, its a private server owned by some 18 year old.


spyware's Avatar

spyware

Banned
0 0

The counting of variables (such as time) is done server-side, by a server-side language, the data will be stored in a sql server. The only way to hack that voting process is if you compromise the server by editing the data (sql) or the counting process (editing the php/asp/whatever script).

If I were tasked with hacking that system, I'd first search for possible sql injections, and if that fails, try to get to an admin panel.

If all else fails, you'll have to attack the box directly, hack the services that it's running.


ghost's Avatar

ghost

0 0

What happend to the whole… don't ask for help hacking something/illegal act rule?


ghost's Avatar

ghost

0 0

S1L3NTKn1GhT wrote: What happend to the whole… don't ask for help hacking something/illegal act rule? Well, in this case the page in question is illegal in itself as it's a private server. You could say that makes it slightly more officially acceptable.


korg's Avatar

korg

Admin from hell
0 0

```markupCREATE TABLE realms (
id int(10) unsigned NOT NULL auto_increment,
name varchar(32) default NULL,
sqlhost varchar(32) default NULL,
sqluser varchar(32) default NULL,
sqlpass varchar(32) default NULL,
chardb varchar(32) default NULL,
PRIMARY KEY (id)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1; CREATE TABLE votemodules (
id int(10) unsigned NOT NULL auto_increment,
name varchar(32) default NULL,
image varchar(128) default NULL,
url varchar(128) default NULL,
PRIMARY KEY (id)
) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1; CREATE TABLE voterewards (
id int(10) unsigned NOT NULL auto_increment,
realm tinyint(3) unsigned default NULL,
name varchar(32) default NULL,
description text,
itemid int(10) unsigned default NULL,
points int(3) unsigned default NULL,
PRIMARY KEY (id)
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1; CREATE TABLE votes (
ip varchar(16) default NULL,
account varchar(16) default NULL,
module tinyint(3) unsigned default NULL,
time int(11) default NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;


Take it from there.

ghost's Avatar

ghost

0 0

COM wrote: [quote]S1L3NTKn1GhT wrote: What happend to the whole… don't ask for help hacking something/illegal act rule? Well, in this case the page in question is illegal in itself as it's a private server. You could say that makes it slightly more officially acceptable.[/quote]

LoL, :p, its running windows with open rdp, c'mon how hard could it be ;)


Demons Halo's Avatar

Demons Halo

Member
0 0

everyone in here can tell you that I'm the biggest noob that have ever walked on the face of the earth, yet I managed to get some interesting results using a simple nmap scan -_- so my suggestion is:

  • download nmap
  • use google