 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 229
 Members: 0
 Total: 229
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
I hate these site's! |
|
 Posted: Thu Nov 25, 2010 5:57 am |
 |
|
| Despotic |
| Active user |
 |
|
| Joined: Nov 17, 2010 |
| Posts: 42 |
|
|
|
 |
|
 |
|
I hate the site's that I've spent an hour hacking only to find that logging in as the admin has no admin panel or the admin/pass for the site isnt the same for the /admin/ section. Fukin pop-up script that asks for another uname/pass. Grrrrrr! 
Good security though  |
|
|
|
|
| Posted: Thu Nov 25, 2010 8:07 am |
|
|
| vince213333 |
| Advanced user |
 |
|
| Joined: Aug 03, 2009 |
| Posts: 737 |
| Location: Belgium |
|
|
|
|
|
|
Most irritating thing is a htaccess protection, which you probably mean by "pop-up script"  .
Had the same issue a couple of months ago too. Got the admin passwords of some famous cell phone company here, but their admin panel was under construction (login page worked though). Now I can't find the passes anymore :/. |
|
|
|
|
| Posted: Thu Nov 25, 2010 1:50 pm |
|
|
| Despotic |
| Active user |
|
|
| Joined: Nov 17, 2010 |
| Posts: 42 |
|
|
|
|
|
|
|
htaccess protection.... thank you.
I was wondering wtf was happening. |
|
|
|
|
| Posted: Thu Nov 25, 2010 5:44 pm |
|
|
| x3roconf_ |
| Advanced user |
 |
|
| Joined: May 01, 2008 |
| Posts: 101 |
|
|
|
|
|
|
|
| vince213333 wrote: | | Most irritating thing is a htaccess protection.. |
True. |
|
|
|
|
| Posted: Fri Nov 26, 2010 12:38 am |
|
|
| Despotic |
| Active user |
|
|
| Joined: Nov 17, 2010 |
| Posts: 42 |
|
|
|
|
|
|
|
so umm....
Is there a way to overcome this?
I hacked several site's by finding validator.php and could download the .htaccess but there was no uname/pass there. or did I over look something? |
|
|
|
|
| Posted: Fri Nov 26, 2010 12:01 pm |
|
|
| x3roconf_ |
| Advanced user |
|
|
| Joined: May 01, 2008 |
| Posts: 101 |
|
|
|
|
|
|
|
| Despotic wrote: | so umm....
Is there a way to overcome this?
I hacked several site's by finding validator.php and could download the .htaccess but there was no uname/pass there. or did I over look something? |
Password hashes are generally stored in a file called .htpasswd |
|
|
|
|
| Posted: Fri Nov 26, 2010 12:43 pm |
|
|
| vince213333 |
| Advanced user |
|
|
| Joined: Aug 03, 2009 |
| Posts: 737 |
| Location: Belgium |
|
|
|
|
|
|
Have a look in the htaccess file. There should be a line like this:
| Code: | | AuthUserFile /full/path/to/.htpasswd |
|
|
|
|
|
| Posted: Fri Nov 26, 2010 10:24 pm |
|
|
| Despotic |
| Active user |
|
|
| Joined: Nov 17, 2010 |
| Posts: 42 |
|
|
|
|
|
|
|
Beautiful!!
.htpasswd user/pass was the same for his godaddy account to  |
|
|
|
|
| Posted: Sat Nov 27, 2010 6:01 pm |
|
|
| capt |
| Advanced user |
|
|
| Joined: Nov 04, 2008 |
| Posts: 232 |
|
|
|
|
|
|
|
| oh nice you where able to load the .htpasswd Did you have an LFI or sometype of shell access? |
|
|
|
|
| Posted: Mon Nov 29, 2010 10:00 am |
|
|
| vince213333 |
| Advanced user |
|
|
| Joined: Aug 03, 2009 |
| Posts: 737 |
| Location: Belgium |
|
|
|
|
|
|
| My guess would be he got a backup via the validator list, then got the admin pass, uploaded a shell and got in |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
