egamingsupply(FFXI) site hackable?

..if you have any kind of requests regarding what i do or if you want to report a problem with site (download, dead link ..etc)

egamingsupply(FFXI) site hackable?

Postby Aroldy_eg6 » Tue Jul 20, 2010 8:09 pm

hey Seth i was wondering if that site is hackable? some guy from there scammed my FFXI account and i want payback lol i know a few months
ago that same site was hacked by somebody else. anyways let me know if you can, I'm not sure if i can post the link to the website here or
i could just PM you the link? let me know thanks =)

edit: sorry if i posted this on the wrong section =/
Aroldy_eg6
Newbie..
Newbie..
 
Posts: 3
Joined: Tue Jul 20, 2010 5:55 pm

Re: egamingsupply(FFXI) site hackable?

Postby KEN » Wed Jul 21, 2010 9:44 am

yes wrong place,its not request.....u r asking about things related to that site not requesting to do some work for u so this relates to computer and internet hack related.....since this post is public u should not post the link here.
User avatar
KEN
Moderator
Moderator
 
Posts: 756
Joined: Thu Jan 28, 2010 8:11 am

Re: egamingsupply(FFXI) site hackable?

Postby Sethioz » Thu Jul 22, 2010 6:07 pm

yes you can post link out in public. i do these things just for fun and to test my skills, so i dont care what is your reason. i will give it a quick scan and see if something pops up.

wrong place ? well yes and no. it IS request after all, but it should go into darkside, however i will not move it, because requests section is general and i have not set any rules about requests (think it stays this way).
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: egamingsupply(FFXI) site hackable?

Postby Aroldy_eg6 » Thu Jul 22, 2010 7:31 pm

ok cool thanks seth =) here is the link http://www.egamingsupply.com/forum/buy- ... -accounts/
Aroldy_eg6
Newbie..
Newbie..
 
Posts: 3
Joined: Tue Jul 20, 2010 5:55 pm

Re: egamingsupply(FFXI) site hackable?

Postby Sethioz » Thu Jul 22, 2010 8:43 pm

whats with the long link ? site link would have been enough, because when i scan the site, i scan entire site, not just forum.
i put it to scan, it will take over 10 hours.
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: egamingsupply(FFXI) site hackable?

Postby Sethioz » Thu Jul 22, 2010 8:55 pm

if you put some effort in it, you can hack it. first big vulnerability is that it allows remote DNS zone transfers, you can google it and see. it is possible to optain lot of data because of this vulnerability.
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: egamingsupply(FFXI) site hackable?

Postby Aroldy_eg6 » Thu Jul 22, 2010 11:37 pm

sorry for the long link, and thanks for the hint i'll do more research on that and see what i can do as well on my part

edit: what programs do you use to help you obtain all the information you need to hack the server or to even get started?
i just recently started learning about all this so my hacking skills wont be as uber as yours lol but i always learn quick though
and i like putting a lot of effort into what i do.
Aroldy_eg6
Newbie..
Newbie..
 
Posts: 3
Joined: Tue Jul 20, 2010 5:55 pm

Re: egamingsupply(FFXI) site hackable?

Postby Sethioz » Fri Jul 23, 2010 6:37 am

nmap can be used to scan for open ports. for example if stmp port is open, it might mean that you can send emails thru their server, which would most likely get their domain disabled if you send mass spam thru their stmp.

rest is done by vulnerability scanners, such as acunetix (google for web vulnerability scanner or exploit tools..etc). metasploit is also one nice thing, however its quite old and doesnt have much in it against nowday stuff.

i also forgot to check what hosting they are using. i already checked their dns zone file, check it yourself and then do a ip whois on the server IP.

to do check for dns zone file, google for something like "how to do dns zone transfer" or "dns zone transfer tool", theres some online services for that. note that this is only possible if server is incorrectly setup.

then you will get their server ip, which can also be get by recording some traffic while you browse their site.

now use that IP to do a ip whois (google for "ip whois"). that will give you the IP results, who it belongs to, then google for that hosting company, go to their website and find out about that hosting. look/ask for one specific thing. if they have limited transfer bandwitdh per month. if its limited, find out how much is limit, usually its small enought so you can use Luigi's method to make continuous download, so it downloads something over and over again and by doing that, it kills the site bandwitdh. if they have payed hosting, they will get charged for it, if its free, site will go down (in some payed, site will go down and they get extra charge).

go to Knowledge Database and search for "continuous download" to see how it can be done.

we did that to one idiot admin with about 5 ppl and he got charged so much that he either didnt want or was unable to pay, so that domain is down ever since (about 3 years).

/////////////////////////////////////////////////////////////////////////

now one other thing, is to find out what website and/or forum system they are running, or well any of the systems running on their server and google for "xxxxx exploits" or "xxxxxx vulnerabilities". one good site to be checked is milw0rm.com
sometimes you might get lucky and find some written exploits that can be used on some of the php programs running in their server to fuck it up.
i didnt really look, just ran the scan, but i think they using either phpbb or vbulletin.

and finally, ofcourse there is manual hacking, which usually gives most results. for example cookie stealing, you get/make cookie stealer, you implant the link to your cookie stealer into image for example (on their site/forum, wherever you can post) and if they click it, you get their cookie. if you get admin cookie, you will have admin rights, it is probably not enought to go into admin panel, but enought to delete posts and click the evil "prune" forum button for example and set time to 0, so it deletes everything.
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown


Return to Requests / Report Problems

Who is online

Users browsing this forum: Google [Bot] and 4 guests