76 lines
2.8 KiB
Plaintext
76 lines
2.8 KiB
Plaintext
How to Hack the WWWboard Message Board 2.0
|
|
written by kM
|
|
www.hackersclub.com/km
|
|
05/12/97
|
|
===========================================
|
|
|
|
If your website uses the WWWboard cgi script from Matt's Script Archive
|
|
(www.worldwidemart.com/scripts) you could be vulnerable to hackers getting
|
|
the admin id and password and deleting messages. Unfortunately Matt lists
|
|
people who use his wwwboard cgi script. Whoops...I tested the first person on his
|
|
list and yes it was a semi-good job of protection (renaming the cgi's) but I was still
|
|
able to get the password and able to go in and edit the messages. **NOTE** I didn't
|
|
though because I was satisfied with just getting in.
|
|
|
|
By default you must put the passwd.txt file in the same directory as your wwwboard.
|
|
If this is true anyone could simple download the passwd.txt file and put it against
|
|
Password crackers like Crackerjack or John the Ripper (UCF). I tested this myself
|
|
and found my wwwboard was vunerable.
|
|
|
|
You might ask... How do I fix this?? Well simple, rename the file to a unique file name.
|
|
and edit your cgi scripts to reflect the new file name. Make your password difficult..with
|
|
alpha-numeric so a password attack won't crack it.
|
|
|
|
===========================================
|
|
|
|
How to crack the passwd.txt file.
|
|
|
|
If you happen to get a hold of this file save it to your hard drive.
|
|
I'll explain how to crack it.
|
|
|
|
The passwd.txt file contains only 1 user id and 1 encrypted password.
|
|
|
|
For example: (this is mine)
|
|
km:aeMkCtJZYkUnI
|
|
|
|
By Default the id and password are
|
|
Username: WebAdmin
|
|
Password: WebBoard
|
|
|
|
Hopefully the webmaster would have changed this...
|
|
|
|
Once you get this download a copy of John the Ripper (available at the HackerZ Hideout)
|
|
|
|
You will need to edit the passwd.txt file and make it look like a Unix passwd file. This file
|
|
uses the same encryption scheme that is vulnerable to a dictionary attack.
|
|
|
|
(Q) What do you mean by edit the passwd.txt file?
|
|
(A) Make it look like this...
|
|
|
|
km:aeMkCtJZYkUnI:275:15:James. "Tiger" Gordon: /usr/email/users/jgordon:/bin/csh
|
|
|
|
Save the text file and kick off John the Ripper or Cracker Jack to hack the password.
|
|
|
|
Once you get the password go back to the site in which you got the passwd.txt file and
|
|
look at the source html code. If they use the standard settings you will see a call to
|
|
wwwboard.pl or .cgi in there. If this is true 99% of the time they didn't rename the admin
|
|
script which is wwwadmin.pl or .cgi Use this and jump right in and do your deed. However
|
|
I do suggest if you plan on deleting messages that its *YOUR* responsibility. I'm just
|
|
writing about vulnerability I found.
|
|
|
|
Send questions or comments to kM@hackersclub.com
|
|
=============================================
|
|
Copyrighted (C) 1997
|
|
by kM
|
|
All rights Reserved
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|