************************************************ Hacking a WWWBOARD by: Pinzel /Version 1.0/updates on my homepage ! United Underground Member ************************************************ Sections: 00 The date. 01 What the hell is a wwwboard? 02 Basic idea of hacking 03 Where to get the password file? 04 What to do with this nice file? 05 Ok..I have a password..but how 2 use it? 06 Rest of the shit.... ------------------------------------------------ SECTION 00 Today we have the 29.07.97 ------------------------------------------------ SECTION 01 Q:"Dear Pinzel...I'm a 13 year old boy and I want to learn how to hack...WHAT IS A WWWBOARD?????" ;-) A:"A wwwboard is a place in the net where users are able to discuss some sort of shit...you can see the results of what they write in a HTML document. If you want to see such a nice wwwboard, then go to yahoo.com or other search engines and search for the word ----->wwwboard<------ (simple huh???). In the most times the wwwboard file is called wwwboard.html or wwwboard.htm ." ------------------------------------------------ SECTION 02 The basic idea of hacking a wwwboard: 01: Search for a wwwboard. 02: Get the password file. 03: encrypt the password file. 04: Get access as the admin. 05: Do what you want but remember: Are you a hacker or a trasher? ------------------------------------------------ SECTION 03 Where is this fuckin password file all the world talks of??? Nearly all the time the password file is in the same directory where the wwwboard.html file is located. Just got to your browser and change http://you.suck.com/wwwboard/wwwboard.html to http://you.suck.com/wwwboard/password.txt if you have no result...try to change it into passwd.txt or only passwd. You get the file? Ok next step---> ------------------------------------------------ SECTION 04 Lets take a look at this nice file: rstrehle:aefgBfbreI8e6 \ /\ / \ /\ / username crypted password You see? First the username and than after the dubble- point the crypted password! Now the work beginns :-) Search in the net for a Unix-passwd cracker like Jack, John or KC... Search for a wordlist (please take a big one!) Edit the password.txt file so that it looks like an UNIX passwd file! the file called password.txt rstrehle:aefgBfbreI8e6 gets to an UNIX file called passwd. rstrehle:aefgBfbreI8e6:150:25:Sven Pinzel: /usr/email/users/spinzel:/bin/csh WRITE THIS IN ONE LINE !!! I think that on some crackes (John I think) you don't have to edit the file..! RUN THE CRACKER !! ------------------------------------------------ SECTION 05 What to do whit the fuckin password?? Did your computer scream piiiiiep !!! You got the password?!?!?!?!? Ok... ...back to the net... to use the password you need to find the admin- programm which is usually stored in the cgi-bin directory. It is usually called: wwwadmin.pl or wwwadmin.cgi. Do what you want !!! ------------------------------------------------ SECTION 06 For questions visit my homepage at http://www.cyberjunkie.com/pinzel or directly eMail me at pinzel@cyberjunkie.com !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Notice: I never trashed a wwwboard! I told every systemadministrator about his security hole! I hope you do so too! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! BTW: If you want to test your crack programm just create a file with the username and the password out of SECTION 04. If you get the password "benito" you're on the right way! ------------------------------------------------