Sethioz Industries Forum

[AXEVALENTINE]

hello everyone,this is my firs tipic here :) first of all i want to say sorry because my english is just terrible :D
so can anyone explain me how to get own this site ? http://legenda.wapop.org/ this is wap site..
any ideas ?

[Sethioz]

depends what you trying to do, you should first use search and search thru the forum, there's lot about website hacking.
but explain what you're trying to do there.

[AXEVALENTINE]

depends what you trying to do, you should first use search and search thru the forum, there's lot about website hacking.
but explain what you're trying to do there.

i have 2 goals...
1- i am trying to hack in-game stats ( exp,coins) by webscarab but i am faced difficulties...
2-i want to stole script from ftp but its really hard for me... i have not enough knowledge...
i need someone to show me right way :)

[Sethioz]

1 - WebScarab is indeed good tool to go, but might not show everything.
i recommend scan the website with some vulnerability scanner (google for them). good one to use is Acunetix web vulnerability scanner, but its not free. so buy or torrent it.
So you get some kind of overview of what is going on and if there are known vulnerabilites they will be shown in scanner.
Then you might also want to try other tools, like burp suite, paros proxy, wpe pro (yes it works on browsers too). There are few others but can't remember the names.

2. steal script from FTP? what exactly you mean?
FTP = file transfer protocol
not sure what you mean by "steal from ftp"
can you see the script somewhere on web page?
you know its somewhere in their system and need to find it?
explain more.

[AXEVALENTINE]

1 - WebScarab is indeed good tool to go, but might not show everything.
i recommend scan the website with some vulnerability scanner (google for them). good one to use is Acunetix web vulnerability scanner, but its not free. so buy or torrent it.
So you get some kind of overview of what is going on and if there are known vulnerabilites they will be shown in scanner.
Then you might also want to try other tools, like burp suite, paros proxy, wpe pro (yes it works on browsers too). There are few others but can't remember the names.

2. steal script from FTP? what exactly you mean?
FTP = file transfer protocol
not sure what you mean by "steal from ftp"
can you see the script somewhere on web page?
you know its somewhere in their system and need to find it?
explain more.

first of all i want to say thank you for answer :)
1- i will try scanners what u said and will write some results what i will got

2- when i said ftp i mean server where are saved website files like scripts... i know that it can be hacked if u hack admin ftp...

[AXEVALENTINE]

i scanned site via Acunetix web vulnerability scanner :) and i got many results :)
so please tell me what is that am i looking for exactly ?

[Sethioz]

there is nothing specific, you have to go step by step, just read thru each vulnerability. if you don't understand the terms, google them.
not everything is real vulnerability, acunetix just gives you an idea how site works.
hacking a site needs lot of effort. lot of googling and patience is needed.

what exactly did you try with webscarab?
on some sites you can intercept the request and change values and they take effect. like on low security sites you can change the payment amount if you buy something and get something for 0.1 for example.
also in webscarab, there's option "reveal hidden fields", enable that.

[AXEVALENTINE]

there is nothing specific, you have to go step by step, just read thru each vulnerability. if you don't understand the terms, google them.
not everything is real vulnerability, acunetix just gives you an idea how site works.
hacking a site needs lot of effort. lot of googling and patience is needed.

what exactly did you try with webscarab?
on some sites you can intercept the request and change values and they take effect. like on low security sites you can change the payment amount if you buy something and get something for 0.1 for example.
also in webscarab, there's option "reveal hidden fields", enable that.

i think that this site is low defenced ..
i will try something with webscarab

[AXEVALENTINE]

and also can you tell me other tool like webscarab ? ::) because i have problems with it :(

[Sethioz]

"i have problems with it" doesn't help at all, explain.
webscarab is one of the best tools of its kind and i did mention other ones.
I can't remember the name of the proxy i used, it had a quitar logo (yellow / orange / white).
might have been "Charles proxy" earlier version, try Charles Proxy.
but i still find webscarab most useful.

Also don't forget old good "firebug" extension for firefox. it comes in handy.

[AXEVALENTINE]

"i have problems with it" doesn't help at all, explain.
webscarab is one of the best tools of its kind and i did mention other ones.
I can't remember the name of the proxy i used, it had a quitar logo (yellow / orange / white).
might have been "Charles proxy" earlier version, try Charles Proxy.
but i still find webscarab most useful.

Also don't forget old good "firebug" extension for firefox. it comes in handy.

when i use webscarab and type webscarab's port/Ip AND BRowsers PORT/IP same....it cant connect internet error text : (ConnectionHandler.run): ConnectionHandler got an error : java.lang.NullPointerException

[Sethioz]

I don't understand what you doing.
what exactly is "browsers ip/port" ?
all you do, is get add-on like "proxysel" for firefox and add "127.0.0.1:8008" there
then you enable it and select WebScarab and it will work.

[AXEVALENTINE]

I don't understand what you doing.
what exactly is "browsers ip/port" ?
all you do, is get add-on like "proxysel" for firefox and add "127.0.0.1:8008" there
then you enable it and select WebScarab and it will work.

i saw your tutorial on knowledge base and try to do everything step by step...
when i connected to google and search something (your example is sethioz) webscarab opens several windows...after this i ignored them by abort requests and i am faced with this error

WebScarab encountered an error trying to retrieve

GET http://www.google.ge:80/search?site=&so ... sgaUjYC4DQ HTTP/1.1
Host: www.google.ge
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: PREF=ID=61c47992060df6a5:U=fd0ab95803c967f9:FF=0:TM=1362774351:LM=1362774392:S=5h92wnSrXsNOOL7_; NID=67=OzslDqMywEy9TInfb3xBZRHlhzQOHUdDxrlyUyVmJ7Fiosx96rUcnyo9WBP_km38e9ghkaKM6hmV-HZRU8__vqYV25VKUTmA9cnNyVw3t3eMr5dUaFlHSv31qCAeLrc5; _GPL_it=1
Connection: keep-alive

The error was :

Request aborted in Manual Edit
at org.owasp.webscarab.plugin.proxy.ManualEdit$Plugin.fetchResponse(ManualEdit.java:237)
at org.owasp.webscarab.plugin.proxy.ConnectionHandler.run(ConnectionHandler.java:233)
at java.lang.Thread.run(Unknown Source)

[Sethioz]

... duh
you need to go back to basics.

those "windows" that it opens are intercepted requests waiting for your action (i thought its common sense..)
it only told you that keep alive packet was not sent, because YOU did not send it...DUH!
you're the cause of the "error" because you did not choose action for "keep alive" packet so connection timed out.

you have to first understand WHAT webscarab is and what it can do .. before clicking everything and saying there is error.

and that thing at end ... are you checking for some plugins or updates? or WHY are you connecting to "org.owasp.webscarab.plugin.proxy.ManualEdit$Plugin.fetchResponse" ?
i don't know what you are doing, WebScarab works fine for me.
to me it seems like you just don't know how to use it, but i can't tell for sure.

if you believe it is not your fault, take screenshots of what you are doing or make video.

[AXEVALENTINE]

... duh
you need to go back to basics.

those "windows" that it opens are intercepted requests waiting for your action (i thought its common sense..)
it only told you that keep alive packet was not sent, because YOU did not send it...DUH!
you're the cause of the "error" because you did not choose action for "keep alive" packet so connection timed out.

you have to first understand WHAT webscarab is and what it can do .. before clicking everything and saying there is error.

and that thing at end ... are you checking for some plugins or updates? or WHY are you connecting to "org.owasp.webscarab.plugin.proxy.ManualEdit$Plugin.fetchResponse" ?
i don't know what you are doing, WebScarab works fine for me.
to me it seems like you just don't know how to use it, but i can't tell for sure.

if you believe it is not your fault, take screenshots of what you are doing or make video.

nii. i am not saying that i did everything well :) maybe its my fault...i will test it again

[AXEVALENTINE]

i have one question :( why is that i cant see whole function ? ( PICTURE IS FROM WPE PRO)

this HEX includes some special symbols or what happen ?

[Sethioz]

once again, you need to go to BASICS.
what you call "HEX" is ASCii ..
your knowledge is simply too low to go into these things, if you don't even know what HEX is and what packet is.
HEX contains only 0123456789ABCDEF, duh. there are no symbols.

its simple as that, you can't begin hacking if you don't know most basic things, like what is HEX and what is ASCii

[AXEVALENTINE]

once again, you need to go to BASICS.
what you call "HEX" is ASCii ..
your knowledge is simply too low to go into these things, if you don't even know what HEX is and what packet is.
HEX contains only 0123456789ABCDEF, duh. there are no symbols.

its simple as that, you can't begin hacking if you don't know most basic things, like what is HEX and what is ASCii

yes,i know what contains HEX but... i have no idea why is that when i trying to decode some HEX i cant see whole text ( see my image) what is this ....(dots) ? why is that i cant see whole decoded hex ?

[Sethioz]

lol ... i don't know what else to say.

[AXEVALENTINE]

lol ... i don't know what else to say.

BREAK YOUR MIND :d