 |
Web Hosting by Netfirms | Free Domain Names by Netfirms |
|
|
|
|
|
|
|
WWWBOARD HACKING Intro Get passwd.txt What we have to do is get the username and password for the WWWboard so we can login to their WWWboard, where can we find this info? Same directory with the WWWboard e.g. “http://yahoo.com/wwwboard/” Say this was a real directory going there will usually display the contents of the WWWboard folder. And there my friends is where you will find a file named “passwd.txt” yeah you guessed it the password file. Click it you will see something like this<b> “username:qwrudhi268hsl”</b>. The first word there will be the username of the admin then that colon then the password, ok stop smiling that is the password but it is encrypted. If you ready want to hack that WWWboard you will have to crack that password (unencrypt it) which is the hardest part of this mission, no one said hacking was easy. Crack The Password So lets crack it, I suggest that you save the passwd.txt to you puter and download john the ripper and a word list (dictionary) from some site there are lots out there google it. Yes this cracker cracks unix passwords so we make the WWWboard password look like a UNIX password this is because they use the same encryption method. Now I will not try to explain exactly how a UNIX password is structured but instead of just 2 parts that the WWWboard has there is 7 parts, each part hold info about the user’s account e.g. using the same fake password would be “username:qwrudhi268hs0:a:a:a:a:a” In a real UNIX password file those “a” are replaced with type of user account, type of shell etc. but all the cracker wants is the first two sections user and pass. Just put the passwd.txt and the word list in the same dir as john.exe and run your command prompt --> navigate to the john directory --> issue this command “john –pwfile:passwd.txt –wordfile:wordlist.txt” it will take a while then if you are successful then on the left side of the screen you will see the username and the password, what id did was pipe the results to a file like “john command >> file.txt”. Ok so we cracked it sweet but it gets sweeter, go back to yahoo.com/wwwboard/ and look for a file called wwwadmin.pl or wwwadmin.cgi or wwwboard.cgi or wwwboard.pl, note some admins try to hide it by renaming it but it will have the extension .pl or cgi (explore people). It should look like this. WWWadmin for WWWboard Remove files by message number Remove files by date Remove files by author Change Admin Password.
Just choose your activity and input your pass and username and enjoy. I really don’t encourage trashing the board, I just did this to prove to my self that I can do it, and you should. Almost forgot you may not know any sites that have a wwwboard but google.com does they know hundreds ask them ‘just Google it”. Try with the quotes -: “passwd.txt” – the password file “WWWBOARD” – the directory “wwwboard.cgi” – the .cgi control panel “wwwboard.pl” - the .pl control panel “wwwadmin.cgi” - the .cgi control panel “wwwadmin.pl” - the .pl control panel THE END |
|
|
