Putting it to use

Tabbris · 2009-02-10 16:46:31

So the more I get into this stuff by reading forums, tutorials, videos, challenges etc. the more I'm drawn to keep going and learning as much as possible. I'd like to try some of this stuff in a real world application. A friend of mine has a blog site which is hosted by another friend on his server. I figured it would be the perfect opportunity and he already knows what I'm up to. Only problem is I don't know where to start, obviously due to inexperience but I'd like to have a go at it anyway hopefully with some help from you guys.

I've tried to apply some of the basic stuff from the general challenges but I don't see it going anywhere. I guess what I'm looking for are some ideas to try or to get pointed in the right the direction.

t0mmy9 · 2009-02-10 17:32:53

So your trying to hack a blog hosted on your friends server?

Well, it would be good to see other users recommend here, but a start is always seeing what blog software is running, and if theres any know vulns for it. Or if its his own if it can be injected. And also running Nmap to see what ports are open and what software is running on them.

Tabbris · 2009-02-10 18:42:41

Looks like its done with Wordpress. Nmap found 11 open ports, not sure how to tell what software is running on them though.

5ystem_0verride · 2009-02-11 04:18:42

How about link the site so we can se what its vulnerable to and then give u some hints?

Tabbris · 2009-02-11 07:47:41

It says in the RULES thread to at no point post the web address which is why I left it out. Thank you for offering to help and PM sent biggrin

t0mmy9 · 2009-02-11 07:56:48

Thanks for reading the rules, but if the other site owner is aware of what you are doing then posting a link is fine smile

Tabbris · 2009-02-11 07:57:30

Alright cool, the link is http://lovelifelove.com/

t0mmy9 · 2009-02-11 17:35:37

Hmm, since there seems to be nothing else on the site other than wordpress your target is to get into

http://lovelifelove.com/content/wp-login.php

the username is admin, try to think like him for the password, or a brute forcer could be coded.

Tabbris · 2009-02-11 19:03:27

Think I could try a phishing email or would I have better luck with brute force?

Out of curiosity, did you some how navigate or find the log in page or did you just know the location from experience?

t0mmy9 · 2009-02-12 07:03:30

just knew the location. And yes, trying to phish them would be fun to try. I would send a fake email from wordpress admins

ThisisLegal Forums

#1 2009-02-10 16:46:31

Putting it to use

#2 2009-02-10 17:32:53

Re: Putting it to use

#3 2009-02-10 18:42:41

Re: Putting it to use

#4 2009-02-11 04:18:42

Re: Putting it to use

#5 2009-02-11 07:47:41

Re: Putting it to use

#6 2009-02-11 07:56:48

Re: Putting it to use

#7 2009-02-11 07:57:30

Re: Putting it to use

#8 2009-02-11 17:35:37

Re: Putting it to use

#9 2009-02-11 19:03:27

Re: Putting it to use

#10 2009-02-12 07:03:30

Re: Putting it to use

Board footer