network monitoring
Closed Thread
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 36

Thread: Gaining Access to Private Forum

  1. #16
    Join Date
    Mar 2007
    Posts
    14
    I might be reading the WhoIs wrong, but it mentions under who to contact for ********* service, a company called EV* Servers.

    [url]http://www.ev*servers.net/[/url]

    And when you look at the ev*servers website, they say that they have merged with the planet. So maybe the host is still under EV*servers?

    If you look at the Whois record for pagemonster.net, it interestingly comes back with some of the same ********* contact information as the mlparena.com forum:

    [url]http://www.whois.net/whois_new.cgi?d=pagemonster&tld=net[/url]

    Registrant:
    Eric Alexander
    P.O Box *2*6
    Fremont, CA *45**
    US
    5*0-468-5505


    Domain Name: PAGEMONSTER.NET

    Administrative Contact:
    Headache, Major [email]majorheadache@comcast.net[/email]
    P.O Box *2*6
    Fremont, CA *45**
    US
    5*0-468-5505


    ********* Contact:
    Headache, Major [email]majorheadache@comcast.net[/email]
    P.O Box *2*6
    Fremont, CA *45**
    US
    5*0-468-5505


    Record last updated 0*-2*-2005 **:22:*0 AM
    Record expires on 0*-*8-2008
    Record created on 0*-*8-2005

    Domain servers in listed order:
    NS*.PAGEMONSTER.NET 70.84.*8*.*8
    NS2.PAGEMONSTER.NET 70.84.*8*.**


    MLParena.com, while registered to someone else, is run by the woman Loa that my husband is involved with, and ponylandghetto is co-run by her but registered to the other woman.

    I'm not sure if this provides any help whatsoever. Thanks so much for trying.

  2. #17
    Join Date
    Sep 2006
    Posts
    1,649
    I looked at SecuriTeam and SecurityFocus for all types of phpBB exploits (I avoided Perl written ones because I don't know how to use them). I tried SQL injections, XSS, remote command executions, anything that might lead to something. Point is that they're running their 'site' on a forum building CMS that's pretty secure.

    I can't think of anything, unless you could bruteforce the FTP login or something.

  3. #18
    Join Date
    Mar 2007
    Posts
    14
    I'm not sure how to do this, but what if you used a brute force password cracker on some of the people who have accounts at both ponylandscatfight or mlparena and another account at ponyland ghetto? (Assuming that ponylandscatfight and mlparena do not limit the number of tries you have to log in; I would have to check that out.) And then tried to see if those people might have used the same password for their ponylandghetto account?

  4. #19
    Join Date
    Sep 2006
    Posts
    1,649
    That might work, but I don't know any brute forcers that can brute force form logins.

    Anyway, go to ponylandghetto, where it says http:// at the top, delete that and put [url]ftp://.[/url] It'll bring up a login. See if you can try multiple times there. Report back.

  5. #20
    Join Date
    Mar 2007
    Posts
    14
    Thanks. I guess I can see the futility of that, because the chances of randomly guessing the word that someone else picked for a password seems very remote.

    Thank you very much for all your efforts. I can't really think of a way around this myself, so I guess I should just give up and hope for the best.

  6. #21
    Join Date
    Sep 2006
    Posts
    1,649
    Not yet. Your person probably used a word out of the dictionary. You can find big wordlists and get a program called Brutus to try all of those in about a few minutes. It should work if you know the username.

  7. #22
    Join Date
    Sep 2005
    Posts
    2,050
    Thanks. I guess I can see the futility of that, because the chances of randomly guessing the word that someone else picked for a password seems very remote.
    Exactly . Brute-force attacks rarely succeed and are very noticeable. Well they do succeed, just after a very long time and only if the password is a dictionary word.

    My advice is to only go down the route of brute-forcing if you're really desperate and there's nothing left to try.

    I avoided Perl written ones because I don't know how to use them
    I haven't used it in a long time, but I seem to remember that the Perl you can get for Windows is called ActivePerl. You can download it here:

    [url]http://www.activestate.com/products/activeperl/[/url]

    After that it's simply a case of typing perl script.pl at the command line. One thing to watch out for though is deliberate mistakes in the exploit script to prevent script-kiddies using their code for illegal purposes.
    Last edited by Ezekiel; 03-17-2007 at 01:52 PM.

  8. #23
    Join Date
    Sep 2006
    Posts
    1,649
    That's smart of the coders to do. Thanks for telling me about ActivePerl, I'll try it.

    @ Wanttoknow - Well, good luck doing what your trying to do. There's not much else we can really do for you.

  9. #24
    Join Date
    Mar 2007
    Posts
    1
    Hi folks! Just wanted to drop in and say Hi! I am one of the people, whose personal information you've posted and whose ***rd you are trying to help this woman gain access to. I wanted to let you know that the ghetto is my ***rd. I alone retain ownership and be assured I am taking any and all precautions to protect it.

    I'd also like to thank all the techies here for the heads up on what kind of assaults I can expect on my ***rd.

    No need to worry, I do not intend on posting here again or being bothersome. However, you may want to ask more questions of the people you are helping and perhaps inquire about the nefarious purposes behind it all.
    I can say with total sincerity that there is nothing on my ***rd in word or content that would be harmful to this woman's children. I and many other members are mothers as well and would not tolerate such a thing.

    King of Siam
    signing out (you believe that right? sure ya do)


  10. #25
    Join Date
    Sep 2005
    Posts
    2,050
    Quote Originally Posted by Butta View Post
    Hi folks! Just wanted to drop in and say Hi! I am one of the people, whose personal information you've posted and whose ***rd you are trying to help this woman gain access to. I wanted to let you know that the ghetto is my ***rd. I alone retain ownership and be assured I am taking any and all precautions to protect it.

    I'd also like to thank all the techies here for the heads up on what kind of assaults I can expect on my ***rd.

    No need to worry, I do not intend on posting here again or being bothersome. However, you may want to ask more questions of the people you are helping and perhaps inquire about the nefarious purposes behind it all.
    I can say with total sincerity that there is nothing on my ***rd in word or content that would be harmful to this woman's children. I and many other members are mothers as well and would not tolerate such a thing.

    King of Siam
    signing out (you believe that right? sure ya do)

    First thing I'd like to say is that none of us had malicious intentions -- we were trying to help someone and testing the security of the site. We're not the type to deface websites or cause other mindless damage. Just so you know.

    Also, the information I think you're referring to is publicly listed registrant data for an Internet domain -- information that anyone can find through performing a whois lookup. Those that have posted it will happily remove it if you wish.

    Regarding the security of your site, I have some advice I'd like to add.

    Forums and content management systems for websites are relatively secure, but over time people discover vulnerabilities in them and share them with the world. These problems are usually fixed in periodic updates of the web-software in question. If you have an old forum version running, an attacker has a whole catalog of exploits to hit you with and gain access to your website. If it's a new version, there's minimal security risk. My point: I'm assuming your forum version is old (the site having been created in 04), so it's ad****ble to upgrade every so often.

    Next piece of advice: you may want to disable directory-listing on your website because certain forum directories listed all their contents. Ask your hosting service about this if you're not a tech person.

    Lastly, you may want to watch out for social engineering (discovery of vital information through human trickery). If someone was determined, they could find out your hosting provider and spoof an email from them asking you to give out certain website details which would grant them access. Don't trust communications from web services unless they give you some sort of proof that they are who they say they are; emails can be sent from any address without actually having access to that account.

  11. #26
    Join Date
    Sep 2006
    Posts
    1,649
    Quote Originally Posted by Butta
    I'd also like to thank all the techies here for the heads up on what kind of assaults I can expect on my ***rd.
    No problem

  12. #27
    Join Date
    Mar 2007
    Posts
    14
    Quote Originally Posted by Butta View Post
    However, you may want to ask more questions of the people you are helping and perhaps inquire about the nefarious purposes behind it all.
    I can say with total sincerity that there is nothing on my ***rd in word or content that would be harmful to this woman's children. I and many other members are mothers as well and would not tolerate such a thing.
    Nefarious purposes? Feel free to ask away; there's certainly nothing nefarious about *my* purposes. I'm not the 2*-year-old flying halfway across the world to stay for a month with someone else's 44-year-old husband--a man who has * children--and calling him "boyfriend" before having even met him. I'm not the college dropout who lives at home, has no ambitions, and has made over *4,000 posts across 6 different My Little Pony ***rds, plays Pony Island, collects bratz-type dolls, poses them and photographs them, and reads manga intended for **-year-olds.

    You will have to excuse me if I do not concur with you that this woman's intentions with my husband may not be harmful to my children. I generally don't trust 2*-year-old women who are nowhere in life and travel halfway across the world to sleep with 44-year-old men.

    But hey, I'm glad you found me! Now that you know my e-mail address, feel free to write any time. I'm actually quite nice when I'm confident that my family and the wellbeing of my children is not being threatened by some golddigging, immature girl looking for a father-figure to take care of her.

    All the information posted here--which you call your "personal" information--is, as correctly pointed out--freely available by doing a simple "whois" query.
    Last edited by Wanttoknow; 03-18-2007 at 11:35 AM.

  13. #28
    Join Date
    Sep 2005
    Posts
    2,050
    I would also like to take this opportunity to ask the person who told the owners of that website about this thread to admit to it now. I'd like to know your reasons.
    Last edited by Ezekiel; 03-17-2007 at 06:14 PM.

  14. #29
    Join Date
    Aug 2006
    Posts
    233
    Mike,You know i wouldn't do something like that,specially to people from this forum i rely on. The only person i ever messed up was that guy trying to scam innocent people here for ****** cards. Ohh and anotherone long time ago,i think her windows were erased
    jabber: gh05t*d@jabb*r.org Email: gh05t*d@hack.cl

    Internet security is as real as your Dreams !

  15. #30
    Join Date
    Mar 2007
    Posts
    14
    It may not have been that anyone told them directly. When I ran a Web blog, I could look at the '*****er' log and see the entrance and exit pages of anybody who visited. If someone clicked on the links that I posted from this site, it would ***** back to this site. So, I suppose that she could simply have followed the links back to see why she was getting hits from this site, read this post, and reached her own conclusions.

    I think it's very nice that you guys help people improve their security by pointing out the vulnerabilities in their systems.

Closed Thread

Similar Threads

  1. Private Disk by Private Loader
    By Hacxx in forum Security & Encryption
    Replies: 5
    Last Post: 01-16-2015, 12:45 AM
  2. gaining IP's through a myspace listener?
    By GH0STce11 in forum Internet Privacy
    Replies: 24
    Last Post: 11-17-2006, 01:04 PM
  3. [VBulletin] Crack protected (private) forum?
    By Crayz in forum Internet Privacy
    Replies: 1
    Last Post: 05-28-2006, 05:11 AM
  4. please help access to moderator forum in any vb
    By de niro in forum Internet Privacy
    Replies: 10
    Last Post: 03-05-2006, 03:58 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts