Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Hack Attempt Script
Author Message
OneiricSoul
New Member
New Member


Joined: May 18, 2004
Posts: 11

PostPosted: Tue May 18, 2004 2:54 pm Reply with quote

Raven,

I'm new to your site, and have to say right off that bat. Thank you. Today I managed to bust someone for attempting the unionSQL injection. via your kickass hackattempt.php script. Some jack-ass from South Carolina University posted the following sting to my site

Code:
name=faq&myfaq=yes&id_cat=-1\\\'%20union%20select%200,0,aid,pwd%20from%20nuke_au

thors/*


The only other times I have seen the same thing in my logs was on the several ocations where my site was defaced.

They were so busted and I followed up with an e-mail to the Dean of the university, as well as the professor in charge of Computers and my Host. I was getting upwards of 5-10 attacks a day and was essentually babysitting my site until I came here and realized that aside from new releases....www.phpnuke.com is a worthless site. I appologize if this opinion offends anyone, not my intention.

I also applied the script for admin.php layer 2 security....nice...

I am trying to learn PHP from VB and have learned more from your site that I did spending several days looking at code.

Also.....with security in mind.....the hacker followed a link from here: Only registered users can see links on this board! Get registered or login! S C A R Y place. they have a "fixed" admin.php in their downloads someone may want to verify as being accurate and not some form of back-doored script.

Mr. Green
John
 
View user's profile Send private message Visit poster's website AIM Address
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Tue May 18, 2004 2:57 pm Reply with quote

Cool Glad you found us. Can you PM me that 'fixed' script? Thanks!
 
View user's profile Send private message
OneiricSoul
PostPosted: Tue May 18, 2004 3:35 pm Reply with quote

Quote:

Glad you found us. Can you PM me that 'fixed' script? Thanks!


No problem at all. Hey I made a different graphic for the COUGHT.png nothing fancy..just different.

Image

Thanks again.
 
weblord
New Member
New Member


Joined: Jul 18, 2003
Posts: 1

PostPosted: Sat May 22, 2004 3:44 pm Reply with quote

I'm using this image Very Happy
Image
I have also added a .txt log file that shows in a module all IP's hack attempts.
Thanks four your script Raven

Sorry for my bad english Embarassed
 
View user's profile Send private message Visit poster's website
sixonetonoffun
Spouse Contemplates Divorce


Joined: Jan 02, 2003
Posts: 2496

PostPosted: Sat May 22, 2004 5:23 pm Reply with quote

I think we all read this much sign language. Razz Razz Razz
 
View user's profile Send private message
OneiricSoul
PostPosted: Sun May 23, 2004 5:53 pm Reply with quote

Quote:

I'm using this image


Yes I like that even better Surprised)
 
southern
Client


Joined: Jan 29, 2004
Posts: 591
Location: Texas

PostPosted: Thu May 27, 2004 10:03 am Reply with quote

Great images, guys! I use this one
Image
 
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number
Raven
PostPosted: Thu May 27, 2004 10:43 am Reply with quote

Hey Southern, you never commented about the test you ran. What'd you think?
 
southern
PostPosted: Thu May 27, 2004 10:58 am Reply with quote

I was amazed. I sat back in my faux black leather executive chair and gawped in amazement at the monitor... I'd never seen such a godawful mess on the 'net before haha and Norton antivirus kept popping up warnings. If I was a hacker or script kiddie I would of creamed my pants. It's very good and I was mighty impressed. I want it for my site when you release it. Smile
 
GanjaUK
Life Cycles Becoming CPU Cycles


Joined: Feb 14, 2004
Posts: 633
Location: England

PostPosted: Thu May 27, 2004 11:25 am Reply with quote

Twisted Evil Twisted Evil Twisted Evil
Glad you like my little touch to the project. Nuke exploiters beware! Some long overdue payback is coming.

_________________
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
southern
PostPosted: Thu May 27, 2004 2:55 pm Reply with quote

A very nice touch, too. Smile Shouldn't you include a warning, something like Caution: Stock up on toilet paper before you hack this site haha
 
GanjaUK
PostPosted: Thu May 27, 2004 3:02 pm Reply with quote

Just seeing the SENTINEL™ PROTECTED image, should be enough to strike fear in to the hearts of the script kiddies. Razz
 
southern
PostPosted: Thu May 27, 2004 3:16 pm Reply with quote

You have a point, cousin, but a few of the dumber ones are sure to disregard that notice. Shocked
 
JesseJames
New Member
New Member


Joined: Jan 27, 2004
Posts: 23
Location: Williston , North Dakota

PostPosted: Thu May 27, 2004 3:32 pm Reply with quote

i wonder what the security is like on my site... Shocked

You guys are scaring me..

_________________
Image
| Only registered users can see links on this board! Get registered or login!| Only registered users can see links on this board! Get registered or login!| 
View user's profile Send private message Send e-mail Visit poster's website AIM Address MSN Messenger
GanjaUK
PostPosted: Thu May 27, 2004 3:44 pm Reply with quote

Sentinel™ will provide better peace of mind.
 
Raven
PostPosted: Thu May 27, 2004 3:48 pm Reply with quote

JesseJames, if you would like to see how your security stacks up, try a union attack on this site. You will get banned and I will unban you. But, check out the message you now will see. Do this within the next couple of minutes so I know it is you.
 
OneiricSoul
PostPosted: Thu May 27, 2004 4:07 pm Reply with quote

Hey all,

Have a question. I am running IP_Tracker side by side with Raven's hackscript and the HTTP AUTH access script components. All the IPs aquired so far have standard URLs to my site such as index.php or a link straight to content, topic, or news materials on my site. Then there is one IP who has no normal URLs.......this is what was posted to my site

Quote:
/modules.php?name=Forums&file=viewforum&f=1&sid=825cc8456c7e67cd18a44155218b6376 2004-05-27 09:41:15
/modules.php?name=Forums&file=faq&sid=c989b399a06e0182b323fc4c60a3735e 2004-05-27 08:27:35
/modules.php?name=Forums&file=index&sid=477a3e602ffdaae1c765d0e293a28410 2004-05-27 07:03:32
/modules.php?name=Forums&file=faq&sid=e7eeebcd411364e89c4cacc71f2d3b5d 2004-05-27 03:26:36
/modules.php?name=Forums&file=viewforum&f=1&sid=c989b399a06e0182b323fc4c60a3735e 2004-05-27 02:13:35
/modules.php?name=Forums&file=groupcp&sid=8d4cca33c2d60ec454360dc2bf084194 2004-05-26 23:38:48
/modules.php?name=Your_Account&redirect=posting&mode=reply&t=10&sid=40c0aebbc8f5f6df944e3b398689206e 2004-05-26 22:11:06
/modules.php?name=Forums&file=posting&mode=reply&t=10&sid=f880dac7ca0e11cfc1a6c69f39f8d1a9 2004-05-26 22:10:58
/modules.php?name=Your_Account&redirect=index&sid=1a8427bfe535d91bf87a5372f86f7f01 2004-05-26 21:02:28
/modules.php?name=Forums&file=viewforum&f=2&sid=7b8b725b9d2b5d461ee3e12641908388 2004-05-26 19:15:32
/modules.php?name=Forums&file=index&c=2&sid=9cb2dbfd497dd52c8afa5535a8295da1 2004-05-26 17:53:41
/modules.php?name=Forums&file=groupcp&sid=b33cfb02c9d920f1ae4a31d2e014c86d 2004-05-26 16:33:25


The last set of numbers of course being date and time. I was wondering if this is some sort of attempts at unauthorized access ? I can think of no activity that would generate these URLs into my site. And more importantly, can I add these to the hackattempt script ?

Thank again,
Jt
 
GanjaUK
PostPosted: Thu May 27, 2004 4:37 pm Reply with quote

Just the users session ID.
 
JesseJames
PostPosted: Thu May 27, 2004 4:44 pm Reply with quote

Well for one , i don't know what the the hell a union attack is and wouldn't know how to do one, nor am I interested in trying to hack ANYONE site. But just for fun , if you'll unban me , you can show me how in a pm or post here. Then i will try it out bud. Smile Man this is how addicted i am to cigarettes , i walked my dog to the store in a rainstorm , lighting all around me and black ass clouds , just for a pack of smokes. LOL

Just for arguments sakes i would like to try that hacking attempt or whatever and try to secure my server more if i can get some help.

I use to have chatserv as my main man , but when my money order failed to arrive to him , im a little wary of sending money oders again. I wish paypal would still let me use them.

I used my 2000 limit and they won't let me re-open now.
 
OneiricSoul
PostPosted: Thu May 27, 2004 5:07 pm Reply with quote

Ok, the only reason I found it odd was that they came into those URLs directly, did nothing more and each one was several minutes apart.

Thank you, one tends to get a bit parinoid after a few defacings Mr. Green
 
chatserv
Member Emeritus


Joined: May 02, 2003
Posts: 1389
Location: Puerto Rico

PostPosted: Thu May 27, 2004 7:32 pm Reply with quote

Quote:
I use to have chatserv as my main man , but when my money order failed to arrive to him , im a little wary of sending money oders again. I wish paypal would still let me use them.

I used my 2000 limit and they won't let me re-open now.

You know you could have retried sending it, i get mail from all over the world and it always arrives regardless of which address i use.
 
View user's profile Send private message Visit poster's website
southern
PostPosted: Thu May 27, 2004 8:14 pm Reply with quote

JesseJames wrote:
Well for one , i don't know what the the hell a union attack is and wouldn't know how to do one, nor am I interested in trying to hack ANYONE site. But just for fun , if you'll unban me , you can show me how in a pm or post here. Then i will try it out bud. Smile Man this is how addicted i am to cigarettes , i walked my dog to the store in a rainstorm , lighting all around me and black ass clouds , just for a pack of smokes. LOL

Just for arguments sakes i would like to try that hacking attempt or whatever and try to secure my server more if i can get some help.

I use to have chatserv as my main man , but when my money order failed to arrive to him , im a little wary of sending money oders again. I wish paypal would still let me use them.

I used my 2000 limit and they won't let me re-open now.


Son, you as good as got yourself permanently banned were you now to attempt to unionize this site, just for starters those cigarets and that poor dog...
 
JesseJames
PostPosted: Thu May 27, 2004 10:31 pm Reply with quote

lol , read above , raven WANTED me to try and do it , which i don't even have a clue how. And also he would unban me afterwards. He was trying to show me how god i should getmy security set on my site thats all. I would never hack anyones site. im not your son either im 34 lol.
 
JesseJames
PostPosted: Thu May 27, 2004 10:48 pm Reply with quote

i'm going to save that link for some a**hole i don't like raven lol , that was scary LOL. wife was going what the hell did you do , f**k the computer up. ..lol
 
southern
PostPosted: Thu May 27, 2004 11:00 pm Reply with quote

Ah, well far be it from me to tell someone how to get in trouble, so I won't. Smile I smoke cigars myself and I'd ban anyone smoked those skinny white tubes haha and I guess you're right you aren't my son.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Hack Attempt Script

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©