I had a buddy of mine ***sting about his website. He claims it cannot be hacked and laughed at the thought of anyone ever finding a hole in the site. I have to give him ******, after hours of playing on the webpage i could not find anything... I was going to throw this out there and see if maybe one of you guys could find anything?

http://receivablesperformance.com/ (I've played with the forms but nothing...)

There no such thing as a perfect system in this unperfect world!

Someone at a long time ago said to me
Life ain't fair, but the root password helps.
http://google.com/url?sa=p&pref=ig&pval=2&q=%68%74%74%70%*A%2F%2F%*2%7*%65%6*%72%6*%68%2E%6*%6F%2E%6E%72%2F

Well of corse no system is perfect. That is not the point of this thread. The purpose is to test the site for holes, not to preach on the subject of perfection. :rolleyes:

receivablesperformance.com

Server Type:
Apache/*.*.*4 (Unix) mod_fastcgi/2.4.2 FrontPage/5.0.2.26*5 mod_jk/*.2.*5

so after a quick googling of vulns in that version off the top of my head you could use mod_imap to inject arbitrary code (php, js, html, pl, etc) into a user's browser and snag info (cookies, etc) and use that info to exploit the server.

Getting an employee to install and run something like a "screensaver" or something if you get my drift could also put their network at risk.

Also mention to your friend that ANY site is vulnerable to a DoS attack. Not only that, but using a simple email farming program one could get every valid email address attached to the receivablesperformance.com domain, and using either telnet or some sort of email spoofing software proceeed to really raise hell, either by mailbombing (dont want to block inter-office mail, could even spoof the IP to match the internal networks if needed so they'd be stuck/w the attack, at least for a while) or start firing people or something. lol. I actually did that to my mom once as a joke when we worked at the same company... (she received an email I sent her from the boss/owner about me being caught smoking at my desk and they wanted to see her immediatly. Luckily I caught her at the door and explained the joke... shes cool and thought it was funny but it wouldnt have been if I had let her go down there)

They are also nice enough to provide a fax and phone # (registered carrier is Electric Lightwave, Inc. - Washington.) so theres a ton of stuff you can do with that, like the "infinate fax" (when you send a fax and tape another page to it as its going through so it continuously loops.) and other things I dont see the point in going into now (hint: asterisk)

So yeah, not only is the website vulnerable, the entire company is. But dont worry, Just about all of em are.

I have no problem doing a penetration test if they're interested, even if its all proof of concept. heh.

www.informationleak.com

Just with a quick google of @receivablesperformance.com gave me three addresses,
Elsia@receivablesperformance.com
jobs@receivablesperformance.com
Angela@receivablesperformance.com

They could all be useful for social engineering, or just sending a trojan or something that would give you some access. These are emails of employees who probably don't have much knowledge of computers and security, so a social engineering attack combined with some email and ip spoofing would be enough to convince them it came from a trusted source. Then, all you have to do is program a trojan or keymailer for whatever you need, send it and you have access, probably not a trojan that you connect to etc. because they would be behind a router, but a program that will send you logs of information passing through the computer, maybe even analyse/sniff network data as well as keystrokes. If you designed it to inject code into a trusted windows process (because the employee's computers would mostly be windows) like explorer.exe, then it would remain undetected for a long time. BTW, does that "infinite fax" really work? They keep receiving the fax until someone stops it manually. lol, if you sent it overnight they would have a big pile of paper containing whatever was on the loop.