Ok, this is my first post... im doing a network security course at uni, and we are learning about alot of things dealing with online security and security systems. (i was amazed how many people actually just put their passwords and user names on post it notes!!!) and as a side project we have to complete some challenges. Im not asking for complete answers to my questions or expecting to do the challenges but just some information and helpful hints would be apprecitated.
Now some of these challenges include breaking vigenere cyphers and substitution cyphers... but this one got me because i didnt have a clue where to start.

ok this one question/challenge that was set to us was this:
its called MegaSoft Bugs:

"An anonymous operating system vendor is willing to pay us a substantial sum of money if we can give them official information on how many unresolved bugs exist in Megasoft's release version of Glass 2006. Presumably they wish to release this information to the press, reducing consumer confidence in Megasoft hence increasing their own market share.

One of our agents in the field has set up an ssh tunnel giving us access to Megasoft's internal network. We have found their bug-tracking page at this address:

*well you dont need to know the address *

The problem is, we do not have a valid username/password to enter this site. We are reluctant to try a brute-force attack because Megasoft logs all IP's and are willing to spend large amounts of money chasing intruders and taking them to court.

Your mission is to break into the bug tracking site and tell us the number of unrsesolved bugs in Glass 2006."

I would like to know if you guys have any pointers as to how to do this.
I was advised by some friends that i might want to use a program like wwwhack but
a. its allegedly a brute force attack program
b. i cant find the dang thing... all the links to it around the net are down


any help or pointers would be greatly appreciated.
thanks

QUOTE

*well you dont need to know the address  *

actually we do The first thing we need to know is how is access controlled to the site. Is it a form based login with a SQL backend. Is it a basic javascript login (hope not that would be to easy) Is it CGI based? Or is it a htaccess based system.

These are questions we would need before we could really help you.

DOETH
count that bumbeling piece of ineptness to my lack of knowledge in the topic
well the address is
http://www.ee.usyd.edu.au/~mattb/2003/warg...rgames/msbt.cgi
i dont believe that there is a password protection to actually access this website anyway...
thank you

Errr can people access this link?
i know that i can but im not sure that others can...
well thanks anyways...

by the way when you said that it was easy through javascript what did you mean? how is it easy?
thanks

WEB HACKING IS NOT MY STRONG POINT DISCLAIMER

what he means about javascript being to easy is that the username and pass would be in the source of the page making it very easy to just search the source for a user: pass: that will get u in. i looked at the page and sorry no such luck. my advice (mostley because i know little about web hacking) would be to find out some email addy's of the people who might have access to this system or if you can find that the use ICQ or another messenger. then with that username supplied you can either brute force the ICQ database which would be completely passive(at least against the target) or brute force the pop with with the email addy's obtained. people allways use the same passwords for stuff and that may give you a few accounts and passwords that may work. also if you have email addresses u could try using an html style email that parses telnet to a machine u control with a sniffer setup to catch the ntlm challenge and response (windows fires of the NTLM creds when no other creds are supplied for telnet and netbios and http) if the target user is using outlook express or microsoft outlook no security settings will stop this because it is done in html.

i'm sure one of the moderators will have better advice for attacking web logins but that;s the way i would do it
good luck

Hey , GAN_GR33N that's a great explantion and I appreciate you answering the post (I been a little busy) Now here's my 2 cents.

Normally I don't give this much help for people home work but hey it's a challenge and I can't resist it Comsec would be so proud

Ok here we go. The following is how I go about all of my penetration tests.

1. Research
Before trying to penetrate anything you need to figure out what your dealing with. So first access is controled by a cgi application. Now CGI can use 3 (There may be more) methods for authentication.

• a text file containing logins and passwords
  
• integration with the linux userbase (bad idea for general security)
  
• accesses a backend database for authentication
  

Now just for shit's and grins I try accessing password.txt or password.pwd in the same folder (I know it's a long shot but hey the admin may not be good at his job) Both give me error 404, so no good.

Next I view the source of the page..... Ahh Hahh

Look at the developer comments

QUOTE

<!-- Developers note: This field maps to 'username' in the 'accounts' table -->

The keyword here is "table" this means that the system is using a database.

Now what is the next step? well SQL injection of course! Take a look at these threads:
http://www.governmentsecurity.org/forum/in...t=ST&f=23&t=195
http://www.governmentsecurity.org/forum/in...t=ST&f=23&t=183

So how do we know if this admin is not filtering his inputs? Well we put in a bad SQL command.

So using the username "admin" I put in a password of " ' or 1=1-- " and what is the reply?

QUOTE

You have inputed wrong SQL syntax

uh-oh, the admin has screwed up and is not filtering inputs. So after futsing around we find out that the following string allows us access

' or 'a'='a

And out spits the data,

QUOTE

Megasoft Bug Tracking System The following is a list of unresolved bugs in the current release of Glass 2006. This information is strictly confidential.  Under no circumstances should this information be disclosed to anyone but authorised Megasoft employees. Unresolved Bugs        526,493,581 List Resolved Bugs          710 List The marketing department has determined that the number of unresolved bugs has been reduced to an acceptable level for shipping of this release.  Development of Glass 2006 has officially ceased.  These bugs should only be resolved once they have been discovered by third parties and disclosed to lists such as bugtraq. "Megasoft - Where can we take you today?"

well GSecur all i can say is you r a bad man

good job

Not that bad Breaking in isn't my strongest point securing systems is. (that's what I was trained to do) I've found I've gotten better at securing the systems as my penetration skills have increased. But thanks for the compliment

Sorry the login credentials you have entered are incorrect.



Your IP address has been logged. We are in the process of contacting your ISP, you can expect to hear from our solicitors within 3 working days

Are they really going to call my ISP?

LOL
With wargames in the title I highly doubt it, however If this were a real scenario they might. But I doubt it I got that page quite a bit aswel when i was trying don't worry I haven't been notified of a complaint yet

thank god, I thought I was fucking dead. I was about to shit my pants.

LOL, may this be a lesson next time you try to do something to this extent that you use an anonymous proxy?

ComSec has written a really good tutorial.SQL Injection.Have a read.

just going over the post these two thread links take us to the login screen ? it did for me ... G can you take a look mate

http://www.governmentsecurity.org/forum/in...t=ST&f=23&t=195
http://www.governmentsecurity.org/forum/in...t=ST&f=23&t=183

how do I get passed the login on telnet I wrote the ip on telnet and it said

"Efficient 5861 DMT Router <5861-001/2> v5.3.0 ready
Login:"

there are a few tools around Brutus AET prob the best known you can run a user/password lists...or plain old bruteforce.. try one of these links...i still use it today...done me a favour or two

will also do http,ftp..and more

http://www.google.com/search?q=Brutus+AET&...=utf-8&oe=utf-8

also take your pick from here..lots to choose from

http://packetstormsecurity.nl/Crackers/

happy hunting

I'm just a slow in kind of stuf i'm sorry but thanks alot anyway

thanks Ilya...end of the matter.. try searching and you will succeed 70% of the time ...

LOOOL for all those things just downlaod the brutus and u put the ip and it will give you the pass

Ok - Lamer alert. (Myself.)
I have never hacked in my life, although I have been programming in visual basic for quite some time now. I have always been interested in the concepts of hacking etc etc I wont blah on too much.
Basically, hacking sounds "interesting" and I wouldn't mind giving it a go.
Any starting tips?
Thanks for your time,

Uber.

I want to be a Hacker, Where do I start?
This is the question most amateurs ask out of curosity and its one thing that ticks me off :-/ Like dissolutions mentioned, it is not something that u can learn over night. In order to be a hacker, one has to know the core of the application that you are hacking. I mean, u must know how the program works and for that u got to have patience and a keen observation. Like for example, if u want to hack a software you'll probably use a debugger to observe what the app does when provided with certan values and see how it responds. You'll have to provide it with a number of possible inputs to see where the program produces an exception and then, you will develop a code to exploit uncaught exceptions. All this ... takes a lot of time and patience. So in my opinion, hackers are people how know a lot about Operating systems (at the core level) or TCP/IP (if operating over the Internet) and other related subjects etc. Therefore, one must have good knowledge of programming, (I mean very good knowledge) and the ability to dissect and scrutinize. Only then (I think) one can become a hacker.
And the image that most people have of hackers now-a-days are that of crackers and not hackers. Crackers are people who crack passwords, serials, hashes etc. I think Hackers are not bad, they are there to help build better and secure systems. Hence they are people who help us rather than ones who put us in trouble . Its the script kiddies who have spoilt the image of such an elite group, these kiddo's just get the hang of the exploits that the hackers write and that's it from there on. They go on attacking systems they find on the Internet .... goes on and on
I hope I've made things clear, not that I provided a lot of information
adio ...

P.S: correct me if I'm wrong. I'm just an amateur myself

actually hackers and crackers are the same thing... just hackers go about it in ethiical and legal ways. crackers are the ones that break into things that they have no right to (this ranges from cracking serial # algorithms to pirate software to breaking into a server to deface a web page)