Ciao a tutti,
non scrivo spesso su questa lista ma gironzolando per HackBB ho
incontrato questo post che mi sembrava giusto far notare...
Questo è il link al thread:
http://clsvtzwzdgzkjda7.onion/viewtopic.php?f=12&t=9100
Per chi non accedesse alla rete .onion ho fatto un veloce
copia-incolla qui sotto che non è chiarissimo ma rimane comunque
comprensibile...
Ma secondo voi sono seriamente così stupidi ?
Buona lettura.
---
bye
Sid
a frustrated webmaster
Postby jackluminous » Mon Oct 15, 2012 2:02 am
Hi guys,
I want first to introduce myself a bit since it is my first post.
I'm not really skilled in hacking stuff , and probably i didn't wanted
to get confident with it untill this past month.The truth is that i'm
a lazy web master: i've never wanted/tried to harden websites i'm
working on.Shame on me , I know.
I said "this past month". In particular one website is getting
"softly" defaced in different ways like white on white links to porn
or some asians websites..when i discover one , one other link appear.
the point is: I want some of you to tell me what's the problem with
that website and some link or topic to understand better what the
matter is.
My aim is being able to fight equally ;) By now i feel that i really
need to improve my abilities: it's like standing in front of thousand
closed door..you know that behind there might be a treasure but you
have no time to open every single door. that is kinda frustrating.
the website is
www.casapounditalia.org
instead of asking for PM , i preferred to show it. this way is less painful :)
..the only reward i can afford to offer you is a "Powered by
yournickname security knowledge" on the bottom on the page :)
thanks for your attention,
Paolo
jackluminous
----------------------
Re: a frustrated webmaster
Postby tr0gdor » Mon Oct 15, 2012 3:36 am
lol took a 30 second look at it and this guy is not lying hahaha :P
theres little white on white links here and there [bottom left side
corner] and some guy probably found a file injection or sqli vuln on
it [possibly someone got a sqli, i see some get variables that may be
vuln. no promises as I havent tested them] But yaa someone definitely
has access to that server haha.
Looking for hackers to do some jobs with.
If interested shoot me a PM.
Tormail: tr0gdor@???
----------------------
Re: a frustrated webmaster
Postby jackluminous » Tue Oct 16, 2012 1:53 am
thanks for replying , tr0gdor!
Sorry for the delay but i can connect tor just when i'm home late night.
As you can see there's just, fortunately, that link on left side
corner that i wanted to keep to let people see what's happening.
Can you (and/or somebody) please tell me more? just a suggestion .. i don't know
I don't want to bore you with my issues , i know there's no reason to
help me. just don't forget the reward :D
thanks again
----------------------
Re: a frustrated webmaster
Postby Guest » Sat Oct 20, 2012 12:12 pm
Are you really admitting to being the webmaster of a website on HackBB
and posting the link to the website? (rhetorical question)
I hope you realize visiting HackBB may be considered illegal, and law
enforcement almost certainly read HackBB. You've also given them away
to find your real life identity. I'd edit my post now if I were you.
Guest
----------------------
Re: a frustrated webmaster
Postby jackluminous » Sat Oct 20, 2012 2:31 pm
Well , the point is that i just don't care about.. about what ? a
website? it can be defaced? so? i can restore it anytime i want. I'm
ok with it.
If you know a different place to ask , please tell me.
Answer me now: if you got your bike stolen a lot of times, what do you
do? how can you solve it? going to the cops? IMHO it would be better
to understand lockpicking basics and choose a different lock next
time. that's the point.
this topic got read by 80+ people and the website is still online with
just that little deface on the bottom. the only problem is that i've
not found yet the root of the problem, not my exposure.
jackluminous
----------------------
Re: a frustrated webmaster
Postby tr0gdor » Sat Oct 20, 2012 3:14 pm
1. its not fucking illegal to visit this place anymore then its
illegal to visit any clearnet site or have any hacking tools i.e
backtrack and the such. And yes law enforcement reads hackbb but the
thing about it being on tor is they dont fucking know who you are.
What about exit node sniffing?? you dumb mother fucker if anyone was
here doing something super illegal they would also be running through
a vpn with no logs. He is just trying to hire someone to help him so
if you aren't gonna help him and you're gonna be a dumb ass, shut up
and you can go back to hackforum where you obviously belong. /end rant
And as for the actual problem with the site. My guess is there trying
to boost there site in the search engine [SEO] so thats why the link
probably there. Try changing the admin password to the site. [That way
you know there not just guessing it or brute-forcing it.] You could
also try looking around in all the directories looking for maybe a
webshell or backdoor [yes you would have to check all the pages :P]
Finally, I still think its a sql injection and there just stealing the
password and finding an admin panel or something. Try firing up sqlmap
and testing a bunch of parameters.
Looking for hackers to do some jobs with.
If interested shoot me a PM.
Tormail: tr0gdor@???
----------------------
Re: a frustrated webmaster
Postby TwentySky5514 » Sat Oct 20, 2012 8:39 pm
Don't fight it! You can't win!
Seriously, do you actually care or just prefer the spam links not to
be there? If you actually care go to stackoverflow and ask why your
site is being defaced. They'll get mad at you, close your post and
give you links to the same questions with real solutions. Read up on
that
Or just don't do anything cause it will be a lot of work to fix and
you really dont care. Especially if it isn't that bad (ie no porn
popups or redirects)
----------------------
Re: a frustrated webmaster
Postby TwentySky5514 » Sat Oct 20, 2012 8:59 pm
Guest wrote:Are you really admitting to being the webmaster of a
website on HackBB and posting the link to the website? (rhetorical
question)
I hope you realize visiting HackBB may be considered illegal, and
law enforcement almost certainly read HackBB. You've also given them
away to find your real life identity. I'd edit my post now if I were
you.
Too bad guest are enabled, I'd like to ridicule him by name. But what
tr0gdor said. Unless you live in china its likely to be very legal to
be here.
Where are some russian hackers, I'd like to talk to them :)
----------------------
Re: a frustrated webmaster
Postby Optimus Crime » Sat Oct 20, 2012 10:55 pm
TwentySky5514 wrote:Where are some russian hackers, I'd like to
talk to them :)
A lot of russki fetishism around here lately..
contact_me.txt
----------------------
Re: a frustrated webmaster
Postby TwentySky5514 » Sat Oct 20, 2012 11:23 pm
haha, i didn't see anything russian related mention here until i
started browsing AFTER i wrote that