PDA

View Full Version : Moonbat's Guide to FrontPage Hacking



Moonbat
03-27-2007, 02:24 PM
Well the name says it all! This is a guide to hacking (well, pretty much defacing) FrontPage sites. I'll use a fake site called http://www.candycanestotehmax.com

Now, all FrontPage sites have a directory called _vti_pvt. It's like this:

http://www.candycanestotehmax.com/_vti_pvt

This directory usually contains a list of files like so. I used a random site that had the file I needed. Some of these files may or may not be on other sites:


access.cnf **-Dec-**** 05:42 *02
botinfs.cnf **-Dec-**** 05:42 24
bots.cnf **-Dec-**** 05:42 24
deptodoc.btr **-Dec-**** 05:42 *24
doctodep.btr **-Dec-**** 05:42 *24
frontpg.lck **-Dec-**** 05:42 0
linkinfo.cnf **-Dec-**** 05:42 24
service.cnf **-Dec-**** 05:42 655
service.grp **-Dec-**** 05:42 5*
service.lck **-Dec-**** 05:42 0
service.pwd **-Dec-**** 05:42 4*
services.cnf **-Dec-**** 05:42 2
svcacl.cnf **-Dec-**** 05:42 **4
writeto.cnf **-Dec-**** 05:42 24

The file WE need is called service.pwd. This is the file that has username/password information. It looks like this.


# -FrontPage-
candycane:K*BqMOF5w/IGY
You may have to downlaod the file, usually in a Microsoft Word (or other text editor) but sometimes you can view it normally. It doesn't matter either way.

This file tells us the username, candycane, and the password hash (encrypted version of the password), which is K*BqMOF5w/IGY.

The password hash is encrypted in DES encryption. You must use a third party DES brute forcer/dictionary attacker or make your own such program. The first option is our best bet. I recommend a program known as John the Ripper (for anyone who uses Cain and Abel, C&A cannot crack DES). You can get John the Ripper here:

http://www.openwall.com/john/

I'm not gonna waste time explaining how to use it. A tutorial on how is here:

http://www.osix.net/modules/article/?id=455

Anyways, copy down the password hash from the service.pwd file and crack it/dictionary attack it using JTR. This should yield the password in it's true form. Now onto hacking the site.

NOTE: You MUST have Microsoft Frontpage to hack/deface/whatever the site.

Launch FrontPage. Go to File, and click on Open Web. Type the web address of the site. Press OK and then you should be prompted to enter your username and password. Enter the username and the password you got. Click OK again. Now you have access to the site's server! Upload your defacement page or whatever. Have fun.

Remember, don't go over***rd, and you didn't hear this info from me! Okay, yes you did. :twisted:
-Moonbat

Tito
04-20-2007, 07:36 PM
when I open the command prompt, I see this C:\Docume~*\ then my computer name,followed by >. When I type in anything I get this message. Is not recognized as an internal or external command, operable program or batch file. I can't figure out what I'm doing wrong. I'm using windows.

Would you tell me what I'm doing wrong. Thanks

Moonbat
04-20-2007, 10:00 PM
Are you trying to run John the Ripper? Or are you just having DOS trouble in general?

Ezekiel
04-21-2007, 05:39 AM
when I open the command prompt, I see this C:\Docume~*\ then my computer name,followed by >.

You mean your username, I think.


When I type in anything I get this message. Is not recognized as an internal or external command, operable program or batch file. I can't figure out what I'm doing wrong. I'm using windows.

Would you tell me what I'm doing wrong. Thanks

On Windows, there are two ways of running executables (programs) you need to know about: double-clicking and running from the command-line. The programs you should double-click are usually programs with a graphical interface (i.e they run in a window with buttons, menus, etc.), while the programs you run from the command-line are usually programs that work from the command-line (they output text and take instructions on the command-line). You can run the 'graphical' type of program from the command-line (although it's pointless, because they're not designed for that), but you can't run most command-line-based programs by double clicking them. This is because they output a single message of text and close, different to GUI programs that stay on-screen. If you're using a command-line interpreter, the text stays.

Back to your question, when you try to run a program on the command-line (because most commands are in fact programs), Windows searches your current directory (in your case, it was C:\Documents and Settings\USERNAME) and it searches directories such as DRIVE:\WINDOWS\System*2\ for that program (for example, if you entered ping, it would search for ping.exe or another extension. If the program isn't in either of these directories, you get the "Not recognized" error you talked about. To run a program like john the ripper, you have to either place it somewhere Windows will find it (such as the system*2 directory), or you have to use the command cd to change to the exact directory it's located in. The second option is easier.

For example, if john.exe is in C:\Test\qqq\john.exe, you would enter cd C:\Test\qqq then enter john.exe or simply john. With the cd command, you can enter absolute paths (the full path, as shown above), or relative paths (relative to your current directory, such as ..\ goes up one directory and .\ is the same directory, in Windows).

Tito
04-21-2007, 11:30 AM
Moonbat I'm trying to use John the Ripper & having trouble with Dos.

To Mike*5* thanks for the info. I wasn't typing enough into the John Folder.
Example: cd C:\desktop\john,
I should have put cd:desktop\john\john*70*\run\john-*86.

Plus the C:docume~*\username> is already typed in when I open the command prompt window. I was typing in that plus the rest.....Well not exactly that. C:\Documents and Settings\user name\desktop\john and so on. Can you say dumbass.

It also pays when you start using a computer to learn the ins & outs of it. Not just trying to crack programs. I've had this computer for 2 & half years and never messed with the command prompt.
It just wasn't working for me and It felt stupid to ask someone how to use it,lol

Thanks bro, John works now. One more thing, now I got all of your passwords
to your porno sites. Just kidding, I don't have microsofts's frontpage, then I
will, lol

~~smart~fool~~
04-21-2007, 07:27 PM
lol @ this

good job

Snowe
09-08-2007, 07:25 PM
What sites does this "_vti_pvt" thing work on? I've tried several and have gotten zero results, which is very discouraging. Should i not be using I.E. browser? should I be using that microsoft frontpage editor program you spoke of?

ilyacella621
12-21-2007, 05:34 PM
great guide thanks im gonna get into this

duckiesarefun
11-04-2008, 07:37 PM
I get a 404 error, page not found when i type _vti_pvt after a web adress, i've tried many







and is this traceable?

Moonbat
11-04-2008, 09:53 PM
Unless you delete the server's log, yes, they can get your IP and, if the police get involved, they can ***** you down.

duckiesarefun
11-05-2008, 05:42 PM
Thanks, got it to work now

nozf3r4tu
11-05-2008, 08:32 PM
I get a 404 error, page not found when i type _vti_pvt after a web adress, i've tried manyand is this traceable?


Can't find one? try this on google: inurl:index of _vti_pvt

Have fun now ..go to play

unstopGster
04-07-2009, 07:05 PM
hey dude it looks like you are pretty respectable on this forum...im new here and been tryna promote my music im a little devious...i was wondering if you could hack into a myspace account for me and give me the password...if it works i will pay you for future hack jobs! please get back to me i can be reached at miller_eletrics@rocketmail.com please hit me back mann
!

who knows...if u do a good job u might be having a new job!

drumgodmaggott
04-21-2009, 08:27 PM
this might sound stupid but how do you tell which sites are FrontPage sites?

Moonbat
04-24-2009, 09:27 PM
I'm not sure this vuln is really that big anymore. But if you want to try anyway, use a Google Dork, like "inurl:_vti_pvt"

Elainewasty
11-29-2019, 03:23 AM
its says "anonymous" *5 gbp. Is that you?

please forward the paypal confirmation mail to me, then i can sort out what went wrong and adjust the name accordingly in the database.