Moonbat's Guide to FrontPage Hacking
Well the name says it all! This is a guide to hacking (well, pretty much defacing) FrontPage sites. I'll use a fake site called [b][url]http://www.candycanestotehmax.com[/url][/b]
Now, all FrontPage sites have a directory called _vti_pvt. It's like this:
[b][url]http://www.candycanestotehmax.com/_vti_pvt[/url][/b]
This directory usually contains a list of files like so. I used a random site that had the file I needed. Some of these files may or may not be on other sites:
[code] access.cnf **-Dec-**** 05:42 *02
botinfs.cnf **-Dec-**** 05:42 24
bots.cnf **-Dec-**** 05:42 24
deptodoc.btr **-Dec-**** 05:42 *24
doctodep.btr **-Dec-**** 05:42 *24
frontpg.lck **-Dec-**** 05:42 0
linkinfo.cnf **-Dec-**** 05:42 24
service.cnf **-Dec-**** 05:42 655
service.grp **-Dec-**** 05:42 5*
service.lck **-Dec-**** 05:42 0
service.pwd **-Dec-**** 05:42 4*
services.cnf **-Dec-**** 05:42 2
svcacl.cnf **-Dec-**** 05:42 **4
writeto.cnf **-Dec-**** 05:42 24 [/code]
The file WE need is called [b]service.pwd[/b]. This is the file that has username/password information. It looks like this.
[code]# -FrontPage-
candycane:K*BqMOF5w/IGY[/code]
You may have to downlaod the file, usually in a Microsoft Word (or other text editor) but sometimes you can view it normally. It doesn't matter either way.
This file tells us the username, [i]candycane[/i], and the password hash (encrypted version of the password), which is [i]K*BqMOF5w/IGY[/i].
The password hash is encrypted in DES encryption. You must use a third party DES brute forcer/dictionary attacker or make your own such program. The first option is our best bet. I recommend a program known as John the Ripper (for anyone who uses Cain and Abel, C&A cannot crack DES). You can get John the Ripper here:
[url]http://www.openwall.com/john/[/url]
I'm not gonna waste time explaining how to use it. A tutorial on how is here:
[url]http://www.osix.net/modules/article/?id=455[/url]
Anyways, copy down the password hash from the service.pwd file and crack it/dictionary attack it using JTR. This should yield the password in it's true form. Now onto hacking the site.
NOTE: You MUST have Microsoft Frontpage to hack/deface/whatever the site.
Launch FrontPage. Go to File, and click on Open Web. Type the web address of the site. Press OK and then you should be prompted to enter your username and password. Enter the username and the password you got. Click OK again. Now you have access to the site's server! Upload your defacement page or whatever. Have fun.
Remember, don't go over***rd, and you didn't hear this info from me! Okay, yes you did. :twisted:
-Moonbat
Hack job...be my bounty hunter
hey dude it looks like you are pretty respectable on this forum...im new here and been tryna promote my music im a little devious...i was wondering if you could hack into a myspace account for me and give me the password...if it works i will pay you for future hack jobs! please get back to me i can be reached at [email]miller_eletrics@rocketmail.com[/email] please hit me back mann
!
who knows...if u do a good job u might be having a new job!