.

Idea on how to hack the index.html

<<

jggozum

Newbie
Newbie

Posts: 5

Joined: Sat Feb 02, 2008 1:53 am

Post Sat Feb 02, 2008 3:12 am

Idea on how to hack the index.html

Hi fellas, im new here. can i have your ideas on how to hack html pages? mostly likely breaking the index.html page. the server is Windows Server 2000 and using IIS 5. thank you so much. its good to be here.
<<

Marshel007

Jr. Member
Jr. Member

Posts: 61

Joined: Mon Oct 15, 2007 9:20 pm

Location: Kingdom of Saudi Arabia

Post Sat Feb 02, 2008 4:04 am

Re: Idea on how to hack the index.html

can you elaborate more ?
<<

jggozum

Newbie
Newbie

Posts: 5

Joined: Sat Feb 02, 2008 1:53 am

Post Sat Feb 02, 2008 4:41 am

Re: Idea on how to hack the index.html

hi mashel. i want some ideas on how to change the index.html page of the target. thanks
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Sat Feb 02, 2008 5:40 am

Re: Idea on how to hack the index.html

You could attempt to penetrate the box running an IIS 5 exploit. Hope your not asking the members of this forum to help you aid in an unethical attack on a site.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

jggozum

Newbie
Newbie

Posts: 5

Joined: Sat Feb 02, 2008 1:53 am

Post Sat Feb 02, 2008 7:38 am

Re: Idea on how to hack the index.html

im just asking the idea on how to.. the tactics on how to do it.
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Sat Feb 02, 2008 10:52 am

Re: Idea on how to hack the index.html

I think the members are a bit confused because of the lack of details. For example, what is contained within the index page?  What kind of functionality does it have?  More importantly, why are you trying to break it?  As for a general strategy, when you are doing web pen testing you need to think in layers.  If the target page has fields where you can input data then you can try to attack the actual functionality via sql/ldap/crlf/etc injection.  If you have a local proxy such as paros you can try to attack some of the actual HTML/HTTP header traffic by manipulating session, authentication, etc data or even some more advanced injection attacks.  Locally on your system you can mess with the cookies or even save a copy of the site and try client side attacks by breaking the code.  If none of the application level attacks work then move down to the actual web service.  If you know it is IIS then research attacks specifically meant for that web server.  Many of the attacks that you performed against the web page will result in error messages that might even give you version or patch level.  If those attacks don't work then try to figure out if there are supporting apps you can attack.  Does the webpage have an Oracle back-end?  Is there some type of authentication framework that they use? Go for those next.  When all else fails drop down to the OS level.  If you know it is Win2K then you have a massive amount of exploits available.  If all that fails... there is always email and trojans.
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
<<

jggozum

Newbie
Newbie

Posts: 5

Joined: Sat Feb 02, 2008 1:53 am

Post Sat Feb 02, 2008 1:32 pm

Re: Idea on how to hack the index.html

thank you so much pseud0.. lots of ideas.. i already break it thru ftp.. *cheers*
Last edited by jggozum on Sat Feb 02, 2008 1:42 pm, edited 1 time in total.
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Sat Feb 02, 2008 4:23 pm

Re: Idea on how to hack the index.html

jggozum wrote: i already break it thru ftp..


LoL, and there is that.
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Sun Feb 03, 2008 8:36 am

Re: Idea on how to hack the index.html

Yeah, I guess I left out the ole' index.html.ftp.banyan.ext3  buffer smurf underflow.
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
<<

jggozum

Newbie
Newbie

Posts: 5

Joined: Sat Feb 02, 2008 1:53 am

Post Tue Feb 05, 2008 8:08 am

Re: Idea on how to hack the index.html

hi again fellas..

psued0 what do you mean?
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Tue Feb 05, 2008 8:33 am

Re: Idea on how to hack the index.html

Nothing at all. Too much coffee, to little sleep, and poor control over the voices in my head.  ie. I was being stupid.
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Tue Feb 05, 2008 6:33 pm

Re: Idea on how to hack the index.html

Ah crap! You mean the buffer smurf underflow doesn't really exist?
;D
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Tue Feb 05, 2008 10:05 pm

Re: Idea on how to hack the index.html

Yes, it does, but Smurfette only did it a couple of times.  She was young and needed the money.
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software