ASP and PHP guidance

bladesgore · Post by **bladesgore** » 31 Oct 2008, 15:02

Hi there all. I just recently got interested in hacking 2 very intriguing sites. So for the past few months i've been trying to get their into their administrator login panels, and administrator user/pass.

The websites are
REMOVED (IMPOSSIBLE TO HACK!)
REMOVED (HACKABLE)

So far i've only done sql injections, however was only successful with one thanks to a friend. i was able to get a mysql supplied argument error for Removed

There is a SQL vulnerability in the signup page:

Removed

that gives the following error message:

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/fjnet/public_html/modcons/user.signup.php on line 211

But from there i don't know where to start or insert SQL injections in order to get tables and columns to get into the admin panel and admin user/pass. If anyone has any suggestions, comments, or guidance, please do reply.

The other site Removed, is completely impossible to hack, the admin panel is unreachable, and forget about trying to get the admin user/pass probably because it is .ASP based.

Reply your suggestions, comments and guidance if you have any

Thanks for viewing

NOTE: I removed the links due to you posting hacked sites - when someone clicks those links it will trace back to here. This is not good for us. Please read the rules and do not post hacked links (or in this case, links susceptable to SQL injections.

Thanks,
Big-E

Post by **Gogeta70** » 31 Oct 2008, 18:21

I can see that you're legitimately interested in hacking, which drives me to give you a non-scornful reply. It is against the rules to post websites here in terms of asking for help on compromising their security, however i can see you're trying to learn. Since i cannot view the sites myself, and do not have the time or desire to do so, i can't give you a really insightful reply, but a few tips.

Any moderately skilled hacker knows that the basics of hacking in software related situations revolve around malformed input. This means that for websites, you would try url malformation and test the filtering of input forms. However, if the website itself is deemed secure, you may want to try an alternate route. For example, try port scanning that IP address, and then follow with scanning their IP range (maybe you can access a less secure target, and work from there). Overall, it depends on the knowledge that their administrator has on security.

Remember above all else, be anonymous!

bladesgore · Post by **bladesgore** » 01 Nov 2008, 13:14

Sorry, i just recently joined, and wasn't aware of the rules, but in all Thank You for sharing your insight on my situation. I will definitely take word to your advice.

Thank you once again.

//

Also one more thing, would you happen to know someone, willing able able to shine some light on my situation, if so can you please direct me to them.

Thank you

Do not double post

// cats

Post by **Gogeta70** » 01 Nov 2008, 15:34

I cannot. You have come here, the people that can help you are here as well. The knowledge that you gain will depend on the questions you ask. Instead of asking a question that reveals the big picture (such as your initial post in this topic), ask questions regarding a specific aspect of what you're trying to do. For example: "Could you guys direct me to a website where i can learn more about MySQL and how sql injection works?" or "What programs would you guys recommend i use for port scanning a target, and what tips can you give me for staying anonymous?"

Remember to keep your questions specific, because the more vague the question, the less fulfilling the answer.

Post by **computathug** » 01 Nov 2008, 23:15

G-man, your answers suggest your age long past reality.

This is a pleasure not only to myself but many others on here!

If the topic starter listens to your advice they will get all their answers they need.

Bladesgore welcome to the forum. Take heed and take the answer as good hearted and people will pass their knowledge.

Take the piss you get fcuk all.

No i have not made a spelling mistake. If you have come to a point and click forum then you have come to the wrong place. If you want to learn and ask different questions the please join in.

Hope you enjoy your stay!!!!

thugz

bladesgore · Post by **bladesgore** » 04 Dec 2008, 12:13

Ok since your all willing to help so much, i thank you in advance very much! so thank you! for working with me.

Right now i am having trouble finding holes in websites, both .asp and .php

What would you suggest i look into in order to quickly locate and exploit holes in websites. i've heard of vulnerability scanners. but i was thinking of learning how to locate the holes myself, and so i was wondering if you had any tips or suggest me doing anything to be able to do that.

Thank You,

p.s. computathug, i know that wasn't a spelling error

Post by **Gogeta70** » 04 Dec 2008, 13:26

You're on the right track. However, you can't expect to hack everything you come across. Learning is only part of the process, the other half is experience. Try some easier stuff. Setup your own website and purposely make it exploitable in one way or another (for example, set up an old version of phpbb forums).

On the other hand, i've noticed you haven't really been active on suck-o. Maybe if you stick around and post a bit, you'll find what you're looking for, and make some new friends as well.

bladesgore · Post by **bladesgore** » 05 Dec 2008, 15:21

Thanks for the reply, yea ive been out of the country lately, just recently got back from vacation that is why i was down for a long time.

I was told that any web application is exploitable no matter what...did i hear wrong?

Also i know i should learn myself first, but i was just looking for some guidance as to how to locate exploitable holes on websites.

Thank You

suck-o.com

ASP and PHP guidance

ASP and PHP guidance

Thank You :)

THANKS:D:D:D Questions Questions

Reply