Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do we crash systems, browsers, or otherwise bring things to a halt, and how do we protect those things? 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Help on a stupid forum
Posted by: pixxellator
Date: June 06, 2007 06:49PM

Ok, so this is a website http://drasil.net/ that runs a forum. I need to take down the forum, or just actually prove that it's hackable, i would even do the whole site, if it's possible. I don't care what method is used to haX0r it...but as long as it works.

Options: ReplyQuote
Re: Help on a stupid forum
Date: June 06, 2007 10:09PM

why not just find an XSS whole in the site to prove that it is hackable, no reason to take down the whole site unless you are doing this out of malice intent. Which in that case no one here will likely help you because this forum is not meant for stuff like that.

Options: ReplyQuote
Re: Help on a stupid forum
Posted by: Anonymous User
Date: June 07, 2007 05:59AM

This is a second post? I thought In read it elsewhere...

Options: ReplyQuote
Re: Help on a stupid forum
Date: June 07, 2007 06:33AM

I guess he figured he doubled his chances if he posted it 2 times.

>> I don't care what method is used to haX0r it...but as long as it works.

Well in that case, ask the admin for the password preferably posting it on the forum 2 times as you posted this question to increase your chances. He will eventually get pissed off and give you the password thus proving the site is hackable. He'll likely ban you, but its one method to 'haX0r' him.

Options: ReplyQuote
Re: Help on a stupid forum
Posted by: pixxellator
Date: June 07, 2007 05:07PM

OK, thanks... You didn't have to be a jackass about it, I accidentally put it in this category, so I also put it in the CORRECT one. I'm not trying to double my chances. I'm not going to eliminate the site, I just want to prove it's hackable. I was just wondering if anyone could find any holes

Options: ReplyQuote
Re: Help on a stupid forum
Date: June 07, 2007 10:39PM

>> Ok, so this is a website [drasil.net] that runs a forum. I need to take down the forum, or just actually prove that it's hackable, i would even do the whole site, if it's possible. I don't care what method is used to haX0r it...but as long as it works.

When you ask your question like that, it makes it sound like you are some 16 year old script kiddy trying to take down someones site out of malice intent.

"I am doing a pentest for a friend and need to check if his forum at drasil.net is vulnerable to exploitation. Does anyone have any ideas on what to try?"

That in my opinion would have been a better thought out question. Where it doesn't look like you are looking for freebie to take 'take down' someone's site. Just my 2 cents, so don't get all mad.

As for answering your question look up known vulns for phpBB securityfocus.net is a good place to start. Then see if the forum is vulnerable to any of them. If the admin is on top of his/he patching then you will likely be out of luck and will have to find other means than the phpBB forum to exploit the site.

Options: ReplyQuote


Sorry, only registered users may post in this forum.