Hack the Shoutbox
Hack the Shoutbox
Sorry for not asking you squirrle first off, but I Have read the code many times for the shoutbox and I think there might be some security problems with it. (not obvious ones, but it is php were talking about)
So here is the game, providing it's cool with red... Hack the shoutbox, I said HACK, not crack. Let's see what we can find from this program.
Archived topic from Iceteks, old topic ID:1507, old post ID:12741
So here is the game, providing it's cool with red... Hack the shoutbox, I said HACK, not crack. Let's see what we can find from this program.
Archived topic from Iceteks, old topic ID:1507, old post ID:12741
- Red Squirrel
- Posts: 29209
- Joined: Wed Dec 18, 2002 12:14 am
- Location: Northern Ontario
- Contact:
Hack the Shoutbox
Yep, go for it, see what you can find. If there's any problems I'll fix them swifly.
Archived topic from Iceteks, old topic ID:1507, old post ID:12756
Archived topic from Iceteks, old topic ID:1507, old post ID:12756
Honk if you love Jesus, text if you want to meet Him!
Hack the Shoutbox
yes, and let me know asap
Archived topic from Iceteks, old topic ID:1507, old post ID:12840
Archived topic from Iceteks, old topic ID:1507, old post ID:12840
- Red Squirrel
- Posts: 29209
- Joined: Wed Dec 18, 2002 12:14 am
- Location: Northern Ontario
- Contact:
Hack the Shoutbox
Have you tried anything yet?
Archived topic from Iceteks, old topic ID:1507, old post ID:12875
Archived topic from Iceteks, old topic ID:1507, old post ID:12875
Honk if you love Jesus, text if you want to meet Him!
Hack the Shoutbox
Not besides getting it to load outside of the Iframe... Im wondering if it will parse linux commands and how I can put them into there... this would be a much bigger problem for me, Im thinking...Red Squirrel wrote: Have you tried anything yet?
Archived topic from Iceteks, old topic ID:1507, old post ID:12880
- Red Squirrel
- Posts: 29209
- Joined: Wed Dec 18, 2002 12:14 am
- Location: Northern Ontario
- Contact:
Hack the Shoutbox
I don't think it would work. Basically, what it does is turn the POST data into plain text, fixes it so " is " etc... (by default when you send data it does it the other way) and once it's fixed like that, it also changes < to the actual html code for < and does the same with > so that alone removes all possibility to parse html, then the next step is to change a few characters to other things, so turns to <b> etc... So it's not [ turns to < but rather specific tags.
Archived topic from Iceteks, old topic ID:1507, old post ID:12888
Archived topic from Iceteks, old topic ID:1507, old post ID:12888
Honk if you love Jesus, text if you want to meet Him!
Hack the Shoutbox
So, i need to learn some php and cracking, a lot more then, eh?
Archived topic from Iceteks, old topic ID:1507, old post ID:12890
Archived topic from Iceteks, old topic ID:1507, old post ID:12890
- Red Squirrel
- Posts: 29209
- Joined: Wed Dec 18, 2002 12:14 am
- Location: Northern Ontario
- Contact:
Hack the Shoutbox
Yep most likely. But you have the code so that can help.
Archived topic from Iceteks, old topic ID:1507, old post ID:12891
Archived topic from Iceteks, old topic ID:1507, old post ID:12891
Honk if you love Jesus, text if you want to meet Him!
Hack the Shoutbox
I just thought of something. Is it possible for me to make a chat.php, but filled with malicious code, and then download your forum page, and execute the code locally but with the full url to the chat.php on your site? We did this on the hackthissite.org test and something similar worked.
Archived topic from Iceteks, old topic ID:1507, old post ID:12996
Archived topic from Iceteks, old topic ID:1507, old post ID:12996
- rovingcowboy
- Posts: 1504
- Joined: Wed Dec 18, 2002 10:14 pm
Hack the Shoutbox
nope this is a hack prove box your not going to get it hacked no matter how hard you try
Archived topic from Iceteks, old topic ID:1507, old post ID:12999
Archived topic from Iceteks, old topic ID:1507, old post ID:12999
roving cowboy/ keith
- Red Squirrel
- Posts: 29209
- Joined: Wed Dec 18, 2002 12:14 am
- Location: Northern Ontario
- Contact:
Hack the Shoutbox
You could easly do that, heck, you can even chmod stuff with php so before doing anything to a file you just chmod it via php. A php script could easly be written to delete all files in a directory, or do other stuff.wldkos wrote: I just thought of something. Is it possible for me to make a chat.php, but filled with malicious code, and then download your forum page, and execute the code locally but with the full url to the chat.php on your site? We did this on the hackthissite.org test and something similar worked.
But the thing is, it has to be ON the server. And getting it on is the thing. But the easiest way for this would be through social engeneering.
"hey check out this new script, install it and run it"
Bang.
Archived topic from Iceteks, old topic ID:1507, old post ID:13005
Honk if you love Jesus, text if you want to meet Him!
-
- Posts: 5140
- Joined: Fri Jan 10, 2003 1:14 am
Hack the Shoutbox
I should think Red wouldn't fall for that. A lot of people would though. Hacking sometimes takes more than computer knowledge I would imagine.Red Squirrel wrote: But the easiest way for this would be through social engeneering.
"hey check out this new script, install it and run it"
Bang.
Archived topic from Iceteks, old topic ID:1507, old post ID:13036