ThisisLegal.com

ThisisLegal Forums

Welcome to the forums! A chance for site members to chat and get help.

You are not logged in.

#1 2009-02-10 16:46:31

Tabbris
Member
Registered: 2009-02-10
Posts: 7

Putting it to use

So the more I get into this stuff by reading forums, tutorials, videos, challenges etc. the more I'm drawn to keep going and learning as much as possible.  I'd like to try some of this stuff in a real world application.  A friend of mine has a blog site which is hosted by another friend on his server.  I figured it would be the perfect oppor­tunity and he already knows what I'm up to.  Only problem is I don't know where to start, obviously due to inexperience but I'd like to have a go at it anyway hopefully with some help from you guys.

I've tried to apply some of the basic stuff from the general challenges but I don't see it going anywhere.  I guess what I'm looking for are some ideas to try or to get pointed in the right the direction. 

Offline

#2 2009-02-10 17:32:53

t0mmy9
Administrator
Registered: 2005-01-07
Posts: 21

Re: Putting it to use

So your trying to hack a blog hosted on your friends server?

Well, it would be good to see other users recommend here, but a start is always seeing what blog software is running, and if theres any know vulns for it. Or if its his own if it can be injected. And also running Nmap to see what por­ts are open and what software is running on them.


Site admin

Offline

#3 2009-02-10 18:42:41

Tabbris
Member
Registered: 2009-02-10
Posts: 7

Re: Putting it to use

Looks like its done with Wordpress. Nmap found 11 open por­ts, not sure how to tell what software is running on them though.

Offline

#4 2009-02-11 04:18:42

5ystem_0verride
Member
Registered: 2009-01-13
Posts: 7

Re: Putting it to use

How about link the site so we can se what its vulnerable to and then give u some hints?


Who Is General Failure And Why Is He Reading My Hard Disk?

Offline

#5 2009-02-11 07:47:41

Tabbris
Member
Registered: 2009-02-10
Posts: 7

Re: Putting it to use

It says in the RULES thread to at no point post the web address which is why I left it out.  Thank you for offering to help and PM sent biggrin

Offline

#6 2009-02-11 07:56:48

t0mmy9
Administrator
Registered: 2005-01-07
Posts: 21

Re: Putting it to use

Thanks for reading the rules, but if the other site owner is aware of what you are doing then posting a link is fine smile


Site admin

Offline

#7 2009-02-11 07:57:30

Tabbris
Member
Registered: 2009-02-10
Posts: 7

Re: Putting it to use

Alright cool, the link is http://lovelifelove.com/

Offline

#8 2009-02-11 17:35:37

t0mmy9
Administrator
Registered: 2005-01-07
Posts: 21

Re: Putting it to use

Hmm, since there seems to be nothing else on the site other than wordpress your target is to get into

http://lovelifelove.com/content/wp-login.php

the username is admin, try to think like him for the password, or a brute forcer could be coded.


Site admin

Offline

#9 2009-02-11 19:03:27

Tabbris
Member
Registered: 2009-02-10
Posts: 7

Re: Putting it to use

Think I could try a phishing email or would I have better luck with brute force?

Out of curiosity, did you some how navigate or find the log in page or did you just know the location from experience?

Offline

#10 2009-02-12 07:03:30

t0mmy9
Administrator
Registered: 2005-01-07
Posts: 21

Re: Putting it to use

just knew the location. And yes, trying to phish them would be fun to try. I would send a fake email from wordpress admins


Site admin

Offline

Board footer

Powered by FluxBB