digichat hacks ?
digichat hacks ?
hello guys digichat is a java apllet chat i was wondering if u have any type of hacks for digichat 4.0 or higher . thx verry much . example of a chat .
http://web.naharnet.com/chat/ .
there is a guy gaining acees to there admin they can't do nothing about it and i asked him how he do it he dont want to share it . i know where he goes to do that but i dont know how to bypass the permission
here is where i need to go http://host5.digichat.com/DigiChat/DigiClasses/ in there u can try http://host5.digichat.com/DigiChat/Digi ... master.zip and u can download the file but is there a way that i can see the folders and files . or if this is a hard way do u have some other trick to get in a digichat applet .
thx in advance.
http://web.naharnet.com/chat/ .
there is a guy gaining acees to there admin they can't do nothing about it and i asked him how he do it he dont want to share it . i know where he goes to do that but i dont know how to bypass the permission
here is where i need to go http://host5.digichat.com/DigiChat/DigiClasses/ in there u can try http://host5.digichat.com/DigiChat/Digi ... master.zip and u can download the file but is there a way that i can see the folders and files . or if this is a hard way do u have some other trick to get in a digichat applet .
thx in advance.
-
- Infinite Haze
- Posts: 334
- Joined: 11 Jun 2005, 16:00
- 19
- Location: abroad
- Contact:
it's hard yeah
well yeah the trick is kind a hard butthere is alot of ways to do it like u use proxymitro so u use it like a bridge betwen the server side and ur pc and in proxymitro u put a code and this code will modify the original one it's like sql injection ... but this is java the prob is i dont know the code . and i have 2 choice the choice to by pass permission in the link that i gaved before that i dont know how but since u do t his the rest is some simple java coding . well thx anyways if some1 else has a idea dont be shy to share it hehe .
- bad_brain
- Site Owner
- Posts: 11638
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Code: Select all
isMac = (navigator.appVersion.indexOf("Mac")!=-1) ? true : false;
IEmac = ((document.all)&&(isMac)) ? true : false;
IEwin = ((document.all)&&(navigator.appVersion.indexOf("MSIE")!=-1) && !isMac) ? true : false;
NS = (navigator.appName.indexOf("Netscape")!=-1) ? true : false;
document.writeln("<APPLET NAME='DigiChat' CODEBASE='http://host5.digichat.com/DigiChat/DigiClasses/' ");
document.writeln("CODE='com.diginet.digichat.client.DigiChatApplet' ");
document.writeln("HEIGHT=100 WIDTH=200 ALIGN='MIDDLE' ");
if (isMac)
document.writeln("ARCHIVE=Client_Mac.jar MAYSCRIPT>");
else if (!isMac)
{
if (IEwin)
{
document.writeln("ARCHIVE=Client_Plugin.jar MAYSCRIPT>");
document.write(" <PARAM NAME=cabbase value=Client_IE.cab>");
document.write(" <PARAM NAME=useslibrary value=DigiChat Applet>");
document.write(" <PARAM NAME=namespace value=Digi-Net>");
document.write(" <PARAM NAME=useslibrarycodebase value=Client_IE.cab>");
document.write(" <PARAM NAME=useslibraryversion value=4,0,1,0>");
}
else if (NS)
document.writeln("ARCHIVE='Client_NS.jar' MAYSCRIPT>");
}
document.write(" <PARAM NAME=MenuItem1 VALUE=Naharnet>");
document.write(" <PARAM NAME=MenuLocation1 VALUE=http://www.naharnet.com>");
document.write(" <PARAM NAME=MenuItem2 VALUE='Naharnet MobileCenter'>");
document.write(" <PARAM NAME=MenuLocation2 VALUE=http://web.naharnet.com/sms/>");
document.write(" <PARAM NAME=HttpServlet VALUE='http://host5.digichat.com/servlet/HttpTunnelingServlet'>");
the site really sucks btw, it tries to drop spyware on your box....
lot of info
yeah lot of info on the running applet but with what they will help me ? lol
- bad_brain
- Site Owner
- Posts: 11638
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
well, I meant you maybe find something exploitable in the source.
but to either manipulate the files on the server or get around the restriction you would need to exploit the server. and well, you surely know that it´s impossible to say how/if it´s possible without the usual information gathering. a good idea would be a scan with nikto, maybe it finds other accessable directories which can be useful, you find it in the networking stuff dl-section..
but to either manipulate the files on the server or get around the restriction you would need to exploit the server. and well, you surely know that it´s impossible to say how/if it´s possible without the usual information gathering. a good idea would be a scan with nikto, maybe it finds other accessable directories which can be useful, you find it in the networking stuff dl-section..