digichat hacks ?

No explicit questions like "how do I hack xxx.com" please!
Post Reply
User avatar
zigo
suck-o-fied!
suck-o-fied!
Posts: 88
Joined: 07 Jul 2005, 16:00
16

digichat hacks ?

Post by zigo »

hello guys digichat is a java apllet chat i was wondering if u have any type of hacks for digichat 4.0 or higher . thx verry much . example of a chat .
http://web.naharnet.com/chat/ .
there is a guy gaining acees to there admin they can't do nothing about it and i asked him how he do it he dont want to share it . i know where he goes to do that but i dont know how to bypass the permission
here is where i need to go http://host5.digichat.com/DigiChat/DigiClasses/ in there u can try http://host5.digichat.com/DigiChat/Digi ... master.zip and u can download the file but is there a way that i can see the folders and files . or if this is a hard way do u have some other trick to get in a digichat applet .



thx in advance.

mystikblaze
Infinite Haze
Infinite Haze
Posts: 334
Joined: 11 Jun 2005, 16:00
16
Location: abroad
Contact:

Post by mystikblaze »

..
Last edited by mystikblaze on 21 Jun 2009, 07:38, edited 1 time in total.

User avatar
zigo
suck-o-fied!
suck-o-fied!
Posts: 88
Joined: 07 Jul 2005, 16:00
16

it's hard yeah

Post by zigo »

:roll: well yeah the trick is kind a hard butthere is alot of ways to do it like u use proxymitro so u use it like a bridge betwen the server side and ur pc and in proxymitro u put a code and this code will modify the original one it's like sql injection ... but this is java the prob is i dont know the code . and i have 2 choice the choice to by pass permission in the link that i gaved before that i dont know how but since u do t his the rest is some simple java coding . well thx anyways if some1 else has a idea dont be shy to share it hehe .

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11598
Joined: 06 Apr 2005, 16:00
16
Location: The zone.
Contact:

Post by bad_brain »

Code: Select all

isMac = (navigator.appVersion.indexOf("Mac")!=-1) ? true : false;
			IEmac = ((document.all)&&(isMac)) ? true : false;
			IEwin = ((document.all)&&(navigator.appVersion.indexOf("MSIE")!=-1) && !isMac) ? true : false;
			NS = (navigator.appName.indexOf("Netscape")!=-1) ? true : false;
		
			document.writeln("<APPLET NAME='DigiChat' CODEBASE='http://host5.digichat.com/DigiChat/DigiClasses/' ");
			document.writeln("CODE='com.diginet.digichat.client.DigiChatApplet' ");
			document.writeln("HEIGHT=100 WIDTH=200 ALIGN='MIDDLE' ");
			if (isMac)
				document.writeln("ARCHIVE=Client_Mac.jar MAYSCRIPT>");			
			else if (!isMac)
			{
				if (IEwin)
				{
					document.writeln("ARCHIVE=Client_Plugin.jar MAYSCRIPT>");
					document.write(" <PARAM NAME=cabbase value=Client_IE.cab>");
					document.write(" <PARAM NAME=useslibrary value=DigiChat Applet>");
					document.write(" <PARAM NAME=namespace value=Digi-Net>");
					document.write(" <PARAM NAME=useslibrarycodebase value=Client_IE.cab>");
					document.write(" <PARAM NAME=useslibraryversion value=4,0,1,0>");
				}
				else if (NS)
					document.writeln("ARCHIVE='Client_NS.jar' MAYSCRIPT>");
			}
	
			document.write(" <PARAM NAME=MenuItem1 VALUE=Naharnet>");
			document.write(" <PARAM NAME=MenuLocation1 VALUE=http://www.naharnet.com>");
			document.write(" <PARAM NAME=MenuItem2 VALUE='Naharnet MobileCenter'>");
			document.write(" <PARAM NAME=MenuLocation2 VALUE=http://web.naharnet.com/sms/>");

			document.write(" <PARAM NAME=HttpServlet VALUE='http://host5.digichat.com/servlet/HttpTunnelingServlet'>");
			
includes some info which could be useful.... :wink:
the site really sucks btw, it tries to drop spyware on your box....

User avatar
zigo
suck-o-fied!
suck-o-fied!
Posts: 88
Joined: 07 Jul 2005, 16:00
16

lot of info

Post by zigo »

8) yeah lot of info on the running applet but with what they will help me ? lol

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11598
Joined: 06 Apr 2005, 16:00
16
Location: The zone.
Contact:

Post by bad_brain »

well,check the links, maybe you´ll be able to get a grip on the source files/classes... :wink:

User avatar
zigo
suck-o-fied!
suck-o-fied!
Posts: 88
Joined: 07 Jul 2005, 16:00
16

Post by zigo »

i cheked the link for digiclasses but the prob is the acess is denied :S

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11598
Joined: 06 Apr 2005, 16:00
16
Location: The zone.
Contact:

Post by bad_brain »

ah,ok....well,you would need to exploit the server then... :?
but you said you´re good in Java, so how about decompiling the classes and check for possibilities there?

User avatar
zigo
suck-o-fied!
suck-o-fied!
Posts: 88
Joined: 07 Jul 2005, 16:00
16

Post by zigo »

ok let's say i decompile the classes file but when i will modify them how im gona run them on there server side that is the prob that is why i need to break the permissions :P and im still looking how to do this lol . by breakign the link permission u will be able to edit the files directly .

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11598
Joined: 06 Apr 2005, 16:00
16
Location: The zone.
Contact:

Post by bad_brain »

well, I meant you maybe find something exploitable in the source.
but to either manipulate the files on the server or get around the restriction you would need to exploit the server. and well, you surely know that it´s impossible to say how/if it´s possible without the usual information gathering. a good idea would be a scan with nikto, maybe it finds other accessable directories which can be useful, you find it in the networking stuff dl-section..:wink:

User avatar
zigo
suck-o-fied!
suck-o-fied!
Posts: 88
Joined: 07 Jul 2005, 16:00
16

Post by zigo »

:lol: thx very much im gona try this and i give u news :P .

User avatar
zigo
suck-o-fied!
suck-o-fied!
Posts: 88
Joined: 07 Jul 2005, 16:00
16

Post by zigo »

hmm i think i llneed ur help with nikto is it made in perl i dont have perl :S dang it i have one verison of it that i u se for my server but cant run srcipts in it already tried . damn

Post Reply