The Furious Angels
FA Discussion => General => Topic started by: Anonymous on July 06, 2004, 08:23:27 pm
-
"Posted: Jul 6, 2004 8:43 PM (by a guy named infa-red)
ummm guys..... u do know there are ways of simply accessing the ftp and server stats of ur little webby
i suggest u shud improve security as i managed to get a number of user names and passwords just by trying to complete ur challenge, and only with the use of flash gets ftp site explorer,
all you need is one arsehole to come along and your done for,
last time i cecked i want one but u know for future"
I didn't know if there was any weight to this statement. Thought maybe this could use some attention, even if it's only a little bit... :?
-
Perhaps I sholud clarify - this was, again, in our Recruitment Thread.
-
I'll tell you what I told tbone. Until I see proof, it's bull.
-
Hmm...this is disconcerting....but I think it's best uf we follow Likwid's idea...no need getting all worked up if nothing has happened already. I do suggest though that we look into ways to secure ourselves better just in case.
-
I think I agree with both of you, but just wanted to make sure this info was at least known.
-
way to be on top of things kairos
-
I do thank you Kairos.
-
Well, after taking a look at the challenge, from what I can tell and from what i've gathered from a white hat friend of mine, it actually wouldnt be that hard to hack our site or the ventrilo server, if your using a brute forcer.
-
again... enough with the speculation and make with the proof. Of course you could brute force any of our passwords... but whoever that yahoo was... was making it sound like there was a vulnerable exploit.
Being able to "actually not that hard to hack" isn't an exploit or a vulnerability. Unless one of the users has a very weak password.
Which is why passwords should be a mix of numbers and letters and lower and upper case.
-
Anything and everything is hackable. ANYTHING. It's just a matter of how easy it is that prevents people from doing it.
-
Hmmm....unlike the other guy, I never stated for sure that you could hack into our site. Again, I was pseculating and pointing out that, with the help of a brute forcer of cours,e it wouldnt be that hard to hack.
I succomb to your knowledge likwidtek, as I truly dont know as much about how the site runs as you do, of course.
-
lol honestly I wanna see someone do it! So that I can learn the vulnerabilities of the site. If there are any white or grey hats out there... then by all means hack away... leave 2 things. Proof, and a fix. ;)
-
Hmmm.....i'll see if my friend would think about doing it.
-
ill change my password *whistle whistle* it is rather easy to figure out
edited: Changed
-
Brute forcing shouldn't even be considered "hacking" It can be done on anything, and requires no thought whatsoever....
-
If the guy could view our usernames and passwords, he could clearly view the directories and file structures... so why didn't he submit an app? -And I seriously doubt it'd be one of our guys; they'd point it out.
-
Yah, it is script kiddie crap, but it can be done easily. And that makes it worse that anyone can do it the. watcher, not better. Heheh.
-
werd
-
I decided to do a little research, partially out of boardom, and downloaded the program he claims to have used to get "some" of our usernames and passwords.
All he could have seen with this was the directory and file-structures that likwidtek, or the host/software he used to make this site, allowed. There are lots of locked directories; some even hidden. You can't get the answer to the puzzle using this method, nor ANY usernames. He'd have to force the download of a users.php file that is locked unless accessed via the ftp or whatever other method likwidtek uses. The host limits access from public connections. So, as you said, likwidtek, BS.
-
Um, i'd just like to point something out right here and now:
If anyone, including members of the Furious Angels, gets so into MxO that they start hacking other factions sites, they are pathetic and we should disregard anything they say because we recognize that they are sad, sad individuals seeking attention in the only way they know how. If they were normal people seeking attention, they would just streak or something.
P.S. Streaking is cool.
-
soma u gonna streak with me? i'd have to warn you, im white and hairy, so i look dark :)
-
Streaking is cool...
I remember microsoft giving one of their windows programs to a good few hackers not sure of exact number but it was a lot, they offered somthing like $25,000 dollars to hack it and tell them how they did it, nobody could do it, untill they released it and it was hacked the next day.
As likwid said bring on the hackers, makes us safer.
-
Crimson_optix what program was that?
-
Why does likwidteck have the spammer brand when he is the site admin? That is kind of odd that he would brand himself, probably just a glitch.
-
Flashget, it's just a download accelorator type of program.. made for download management. it has a site explorer feature. It just allows for site directory browsing... but again, it didnt allow for the viewing of locked files or directories. There's no way to use it maliciously as the guy said.
-
I'm sure Likwid did brand himself Ajax....just as a funny thing to do.
-
hmm well iggot some friends ill see if they can help u out likwidtek but knowing them they will Fudge the site up so it would probally be better if i didnt ooh and i also nee to change my pass im gonna do that now
-
Just a note, just by using HomeSite during my challenge, I was able to access most of the root php files, which I only know was there because I am familiar with postnuke. They don't give any information away except how the login and registration routines work, and since public registration is disabled, it's a non-issue. The ftp is secure, and telnet is not even active. The only way in is through brute force or obtaining a legit user/pass.
I hereby call shenanigans on his post.