So, seriously, I want you guys to try and hack my website.

[notfred]

There's got to be at least one or two people here with a moderate ability to do this kind of thing. I want someone to go to a site I'm developing and see if you can get any information from the part of the site that requires you to be logged in. If you CAN get anything off the site, please PM me and tell me how you did it.

 

[AgaBoogaBoo]

If I find anything in terms of holes I'll contact you on Saturday. I'd PM this but my box is full and I don't have the time right now to clean it out and/or see what I can do in terms of what you asked.

 

[Legendary]

All I can tell you is that your site is safe from random guesses. 😉
However looking at your HTML it doesn't look like your user/pass actually gets CHECKED anywhere. It looks like the form just redirects to welcome.html no matter what is in the two input boxes. But I might be reading it wrong too. Or maybe the purpose is not to check the login at all, but the security of everything else on the server?

 

[jonmullen]

If you really want use to help you out...you could give us a little more info about the page.

 

[Soybomb]

Give someone a login and see if it can keep them contained......are the os/daemons secure? Theres alot to check into...

 

[yllus]

Originally posted by: Legendary
All I can tell you is that your site is safe from random guesses. 😉
However looking at your HTML it doesn't look like your user/pass actually gets CHECKED anywhere. It looks like the form just redirects to welcome.html no matter what is in the two input boxes. But I might be reading it wrong too. Or maybe the purpose is not to check the login at all, but the security of everything else on the server?

You're definitely reading it wrong. 😉 Just because the file extension is .html doesn't mean it's just HTML.

Knowing notfred's penchant for Perl I'd guess that's how the check is being run, but I don't remember if does a HTML header check reveals if a document is Perl/CGI or not. I don't see mod_perl listed as being installed on the server, though...

Headers for http://trewtungsten.thetruck.net/adplanner/welcome.html

HTTP/1.1 200 OK
Date: Mon, 10 Nov 2003 04:22:44 GMT
Server: Apache/1.3.28 (Unix) mod_jk2/2.0.0 mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.2 PHP/4.3.2 FrontPage/5.0.2.2634 mod_ssl/2.8.15 OpenSSL/0.9.6b
Connection: close
Content-Type: text/html; charset=ISO-8859-1

First line of attack would be to try an overflow, I suppose? Secondly, look into whether any of the modules listed above have known security issues and bore through that. Umm...what else? I'm not an experienced hand at this.

 

[yllus]

Apache 1.3.29 is the best available version of the 1.3 series, and is recommended over all previous 1.3 releases. This release fixes a number of bugs and addresses a security issue:

Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to can create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.

 

[Twista]

 

[Descartes]

Worst-case scenario I could just employ a dictionary attacker I wrote since you're using html-forms authentication with no apparant limit on attempts. e.g.:

C:\dev\cs\webrute>webrute http://trewtungsten.thetruck.net/adplanner/welcome.html uids pwd
s "You have entered an incorrect username or password"
uid good :
pwd yes : Failure
pwd hi : Failure
pwd testing : Failure
pwd excellent : Failure
pwd great : Failure
pwd test : Failure
pwd good : Failure

It would take a while though, and I don't think you'd appreciate the load on your server.

 

[halik]

its most likely php script with httpd.conf set to run php on html files

 

[xcript]

Originally posted by: Twista

Nice.