Re: [Hackmeeting] casapound su HackBB

このメッセージを削除

このメッセージに返信
著者: dickreckard
日付:  
To: hackmeeting
題目: Re: [Hackmeeting] casapound su HackBB
lol.
missa che è ora di un po' di sano social engineering :)


Il 21.10.2012 21:01 sid ha scritto:
> Ciao a tutti,
>
> non scrivo spesso su questa lista ma gironzolando per HackBB ho
> incontrato questo post che mi sembrava giusto far notare...
>
> Questo è il link al thread:
>
> http://clsvtzwzdgzkjda7.onion/viewtopic.php?f=12&t=9100
>
> Per chi non accedesse alla rete .onion ho fatto un veloce
> copia-incolla qui sotto che non è chiarissimo ma rimane comunque
> comprensibile...
>
> Ma secondo voi sono seriamente così stupidi ?
>
> Buona lettura.
>
> ---
> bye
>
> Sid
>
>
>
> a frustrated webmaster
>
> Postby jackluminous » Mon Oct 15, 2012 2:02 am
> Hi guys,
> I want first to introduce myself a bit since it is my first post.
> I'm not really skilled in hacking stuff , and probably i didn't
> wanted
> to get confident with it untill this past month.The truth is that i'm
> a lazy web master: i've never wanted/tried to harden websites i'm
> working on.Shame on me , I know.
> I said "this past month". In particular one website is getting
> "softly" defaced in different ways like white on white links to porn
> or some asians websites..when i discover one , one other link appear.
> the point is: I want some of you to tell me what's the problem with
> that website and some link or topic to understand better what the
> matter is.
> My aim is being able to fight equally ;) By now i feel that i really
> need to improve my abilities: it's like standing in front of thousand
> closed door..you know that behind there might be a treasure but you
> have no time to open every single door. that is kinda frustrating.
>
> the website is www.casapounditalia.org
> instead of asking for PM , i preferred to show it. this way is less
> painful :)
>
> ..the only reward i can afford to offer you is a "Powered by
> yournickname security knowledge" on the bottom on the page :)
>
>
> thanks for your attention,
> Paolo
>
> jackluminous
>
> ----------------------
>
> Re: a frustrated webmaster
>
> Postby tr0gdor » Mon Oct 15, 2012 3:36 am
>
> lol took a 30 second look at it and this guy is not lying hahaha :P
> theres little white on white links here and there [bottom left side
> corner] and some guy probably found a file injection or sqli vuln on
> it [possibly someone got a sqli, i see some get variables that may be
> vuln. no promises as I havent tested them] But yaa someone definitely
> has access to that server haha.
> Looking for hackers to do some jobs with.
> If interested shoot me a PM.
> Tormail: tr0gdor@???
>
> ----------------------
>
> Re: a frustrated webmaster
>
> Postby jackluminous » Tue Oct 16, 2012 1:53 am
> thanks for replying , tr0gdor!
>
> Sorry for the delay but i can connect tor just when i'm home late
> night.
> As you can see there's just, fortunately, that link on left side
> corner that i wanted to keep to let people see what's happening.
> Can you (and/or somebody) please tell me more? just a suggestion .. i
> don't know
> I don't want to bore you with my issues , i know there's no reason to
> help me. just don't forget the reward :D
>
> thanks again
>
> ----------------------
> Re: a frustrated webmaster
>
> Postby Guest » Sat Oct 20, 2012 12:12 pm
> Are you really admitting to being the webmaster of a website on
> HackBB
> and posting the link to the website? (rhetorical question)
>
> I hope you realize visiting HackBB may be considered illegal, and law
> enforcement almost certainly read HackBB. You've also given them away
> to find your real life identity. I'd edit my post now if I were you.
>
> Guest
>
> ----------------------
> Re: a frustrated webmaster
>
> Postby jackluminous » Sat Oct 20, 2012 2:31 pm
> Well , the point is that i just don't care about.. about what ? a
> website? it can be defaced? so? i can restore it anytime i want. I'm
> ok with it.
> If you know a different place to ask , please tell me.
> Answer me now: if you got your bike stolen a lot of times, what do
> you
> do? how can you solve it? going to the cops? IMHO it would be better
> to understand lockpicking basics and choose a different lock next
> time. that's the point.
> this topic got read by 80+ people and the website is still online
> with
> just that little deface on the bottom. the only problem is that i've
> not found yet the root of the problem, not my exposure.
>
> jackluminous
>
> ----------------------
> Re: a frustrated webmaster
>
> Postby tr0gdor » Sat Oct 20, 2012 3:14 pm
> 1. its not fucking illegal to visit this place anymore then its
> illegal to visit any clearnet site or have any hacking tools i.e
> backtrack and the such. And yes law enforcement reads hackbb but the
> thing about it being on tor is they dont fucking know who you are.
> What about exit node sniffing?? you dumb mother fucker if anyone was
> here doing something super illegal they would also be running through
> a vpn with no logs. He is just trying to hire someone to help him so
> if you aren't gonna help him and you're gonna be a dumb ass, shut up
> and you can go back to hackforum where you obviously belong. /end
> rant
>
> And as for the actual problem with the site. My guess is there trying
> to boost there site in the search engine [SEO] so thats why the link
> probably there. Try changing the admin password to the site. [That
> way
> you know there not just guessing it or brute-forcing it.] You could
> also try looking around in all the directories looking for maybe a
> webshell or backdoor [yes you would have to check all the pages :P]
> Finally, I still think its a sql injection and there just stealing
> the
> password and finding an admin panel or something. Try firing up
> sqlmap
> and testing a bunch of parameters.
> Looking for hackers to do some jobs with.
> If interested shoot me a PM.
> Tormail: tr0gdor@???
>
> ----------------------
>
> Re: a frustrated webmaster
>
> Postby TwentySky5514 » Sat Oct 20, 2012 8:39 pm
> Don't fight it! You can't win!
> Seriously, do you actually care or just prefer the spam links not to
> be there? If you actually care go to stackoverflow and ask why your
> site is being defaced. They'll get mad at you, close your post and
> give you links to the same questions with real solutions. Read up on
> that
>
> Or just don't do anything cause it will be a lot of work to fix and
> you really dont care. Especially if it isn't that bad (ie no porn
> popups or redirects)
>
> ----------------------
>
> Re: a frustrated webmaster
>
> Postby TwentySky5514 » Sat Oct 20, 2012 8:59 pm
>
>     Guest wrote:Are you really admitting to being the webmaster of a
> website on HackBB and posting the link to the website? (rhetorical
> question)

>
>     I hope you realize visiting HackBB may be considered illegal, and
> law enforcement almost certainly read HackBB. You've also given them
> away to find your real life identity. I'd edit my post now if I were
> you.

>
>
>
> Too bad guest are enabled, I'd like to ridicule him by name. But what
> tr0gdor said. Unless you live in china its likely to be very legal to
> be here.
>
> Where are some russian hackers, I'd like to talk to them :)
>
> ----------------------
>
> Re: a frustrated webmaster
>
> Postby Optimus Crime » Sat Oct 20, 2012 10:55 pm
>
>     TwentySky5514 wrote:Where are some russian hackers, I'd like to
> talk to them :)

>
>
>
> A lot of russki fetishism around here lately..
> contact_me.txt
>
> ----------------------
>
> Re: a frustrated webmaster
>
> Postby TwentySky5514 » Sat Oct 20, 2012 11:23 pm
> haha, i didn't see anything russian related mention here until i
> started browsing AFTER i wrote that
> _______________________________________________
> Hackmeeting mailing list
> Hackmeeting@???
> https://www.autistici.org/mailman/listinfo/hackmeeting