Hack My Site

[auctiontrader]

Hi,

I am setting up an auction website and would like to see if it is possible for anyone to hack into my admin area.

I have setup a test domain, so that anything you do will not affect my real site.

http://test.auctiontrader.co.nz.a.seekdotnet.com/admin/login.php


If you wish to confirm that i am infact the owner of this domain simply email
[email protected]

If you are able to hack into this admin area, please do not post the technique in this open forum.. rather email me with the details and if you can offer a solution as to how to fix the security problem I will no doubt offer you some monetary reward.


Cheers.

 

[slipondajimmy]

Hmmm I think you might be posting in the wrong forum . Hackers at namepros??

 

[vip-ip]

Impossible is nothing
E-mail me the script so I can look for bugs.
admin[@]vip-ip.net

 

[nick-8318]

Impossible is nothing
E-mail me the script so I can look for bugs.
admin[@]vip-ip.net

Ya, showing the code to a select few would be best to find bugs....otherwise just giving the html output of it...well we have no clue what variables you are using and what not However if a bug goes "hidden" ...then some lucky person taking a guess on some things finds it and you have no clue

things the programmer can do to double check his work:
1. Check to make sure all data being process through a database is secure...eg. using addslashes() (if php)
2. Verify that all your data is stripped of html tags (unless you want to allow it, if you trust users/admins) This can be done with: htmlentities() (in php) This function converts > to > This prevents the html from being processed, it just shows it on the page.
3. Dont use common words such as: "test", "admin", or "" for your secured logins.

 

[adam_uk]

havnet hacked it yet but i know your running iis 6.0 and an older version of php (4.3.8)

ive also found out that the server its hosted on is called SKNET56 and the domain its connected to is called SKNETMASTER

its not exactly major stuff but its information (especially your php version) which could help people get on there way.

 

[vip-ip]

Port scanning a server and looking up the domain's whois wont give you much on leeching thru a PHP script :D

 

[adam_uk]

Port scanning a server and looking up the domain's whois wont give you much on leeching thru a PHP script :D

i did no port scanning. all found through wget. but if a real hacker wanted to cripple the server or find another way around the scripts it might help them to do so.

and also found out that the server is running an older version of php which is why they should upgrade because of some security bugs with php pre 4.3.10

 

[pratiknaik]

Why don't you post at hackers.com -> itfreaks.com ?

-Pratik

 

[Veolus]

Yeah, i agree with pratiknaik, you should post on those sites instead. This is a hacker-free community :D I think...

 

[pratiknaik]

Hacking is nothing illegal. Just a beautiful word for ethusiatics...we aren't talking about crackers

-Pratik

 

[Veolus]

hmm i thought it was illegal :D please explain why it isn't :talk:

 

[hotrod12]

Hacking is nothing illegal. Just a beautiful word for ethusiatics...we aren't talking about crackers

-Pratik

Ha the day hacking is legal is the day that every website on the internet provides their admin password on their homepage. It's not happening anyday soon.

 

[pratiknaik]

I wish people knew the difference between a "hacker" and a "cracker"

http://www.stallman.org/articles/on-hacking.html
http://www.cs.berkeley.edu/~bh/hackers.html

-Pratik

 

[snareklutz]

I wish people knew the difference between a "hacker" and a "cracker"

http://www.stallman.org/articles/on-hacking.html
http://www.cs.berkeley.edu/~bh/hackers.html

-Pratik

In my opinion, if you said there was a difference between them to, then you'd be a cracker.

 

[pratiknaik]

And why is that so ?

 

[se]

there's a diff with hacker and cracker..as pratiknaik explained...

the "good guys" are normally called "ethical hackers"

lol

 

[Midano]

Hack My Site

How do we know it's YOUR site on the first place?

 

[primacomputer]

I wish people knew the difference between a "hacker" and a "cracker"

http://www.stallman.org/articles/on-hacking.html
http://www.cs.berkeley.edu/~bh/hackers.html

-Pratik

And so do I. A brief history lesson...
Originally a hacker was someone who hacked. That meaning, to get something done not necessarily in the most conventional way. People who did this with computers were called computer hackers. A cracker was what Americans called a biscuit.

By ~1980, through ignorance, fear, and media sensationalisms the average American had been convinced that anyone who hacked computers was an evil misfit bent on world domination. The name was shortened to “hacker” and has stuck (with the negative connotation) ever since. There was, in fact a small group of hackers who did the sorts of things portrayed in the media. Some of the “good” hackers may try to deny it but it's pretty obvious that the “bad” hackers commandeered the word “hacker”, or at least that the media did it on their behalf.

Coincidently around this time a new niche of computer hacking was developing to counter a growing technology known a copy protection. These hackers were not deemed worth being being called hackers and so were called crackers. This has also persisted till now. Most Americans were unaware of this and continued to use the word cracker strictly to refer to biscuits.

Then, towards then end of the 80's there was another hack. Not a computer hack, a newspaper kind. He decided that since all the good stories about hackers had been done he would make on up. He did a few minutes of research and the best he could come up with was to invent this pedantic hacker/cracker thing. Until then it never existed. It would not exist today were it not for some peoples insatiable desire to believe anything they read.

Ha the day hacking is legal is the day that every website on the internet provides their admin password on their homepage. It's not happening anyday soon.

Hacking, in any way you define it is legal in many situations. Every time a client forgets their password I hack to recover it or otherwise gain access to their machine/data. Every time I'm asked to a a security audit on a system/network what I do could be described as nothing but hacking. This is basically what they OP is asking for. You can do this legally nearly any way possible in any country that does not have a law called the DMCA.

How do we know it's YOUR site on the first place?

You would probably start by contacting him as instructed at the start of the thread. A little due diligence should be done here, but since he apparently has control of the name and mail server It's a pretty good bet he's legit.

 

[aing]

big lol :D

 

[Mayur]

look at post dates man. this is two months old.