Lesson 2 by kM kM@hackersclub.com Read the Following and then go hack my wwwboard. Its located at www.hackersclub.com/km/lessons/wwwboard ================================================================== This lesson will show and teach you how to hack a wwwboard. What is a wwwboard? Its a CGI script (a good one) written by Matt Wright. I recently found a simple hack in order to get in and gain admin rights to delete messages and create your own admin id and password. Again its a simple hack nothing hard about it.What will I need in order to hack the wwwboard?
You will need a cracker (Cracker Jack or John the Ripper). You might also grab some dictionary files from the files area for use with the password crackers. Knowledge of how to hack a unix password file. (Lesson #1 if you don't know how) Read this file Hack wwwboard It talks about hacking out the password file associated with wwwboard. Your Journey to hack the wwwboard starts in www.hackersclub.com/km/lessons/wwwboard I set this up for everyone to take shots at hacking.Why would I want to hack the wwwboard?
Many people who run wwwboards choose poor passwords, so see if they setup the wwwboard correctly. Maybe you want to delete messages, maybe you want your own id. Its a simple and easy hack that anyone can do.Why is the wwwboard hackable?
The passwd.txt file is located in the same directory as the wwwboard.html file. By changing wwwboard.html to passwd.txt you can view the password file. Save this file and do some small edits and you can attempt to crack it. If the webmaster uses some simple password its going to be easy to hack. Then you will want to run the admin script which 9 out of 10 times is located in the /cgi-bin/wwwadmin.pl or wwwadmin.cgi. Run that use the id and password and have fun.How do I know if its cgi or a pl?
Check the source code of the wwwboard.html file. If it places a call to a .pl the wwwadmin script will be pl. If its cgi then you get the picture. Anyhow have fun..I'll be watching... kM