Moonbat
03-27-2007, 03:24 PM
Well the name says it all! This is a guide to hacking (well, pretty much defacing) FrontPage sites. I'll use a fake site called http://www.candycanestotehmax.com
Now, all FrontPage sites have a directory called _vti_pvt. It's like this:
http://www.candycanestotehmax.com/_vti_pvt
This directory usually contains a list of files like so. I used a random site that had the file I needed. Some of these files may or may not be on other sites:
access.cnf **-Dec-**** 05:42 *02
botinfs.cnf **-Dec-**** 05:42 24
bots.cnf **-Dec-**** 05:42 24
deptodoc.btr **-Dec-**** 05:42 *24
doctodep.btr **-Dec-**** 05:42 *24
frontpg.lck **-Dec-**** 05:42 0
linkinfo.cnf **-Dec-**** 05:42 24
service.cnf **-Dec-**** 05:42 655
service.grp **-Dec-**** 05:42 5*
service.lck **-Dec-**** 05:42 0
service.pwd **-Dec-**** 05:42 4*
services.cnf **-Dec-**** 05:42 2
svcacl.cnf **-Dec-**** 05:42 **4
writeto.cnf **-Dec-**** 05:42 24
The file WE need is called service.pwd. This is the file that has username/password information. It looks like this.
# -FrontPage-
candycane:K*BqMOF5w/IGY
You may have to downlaod the file, usually in a Microsoft Word (or other text editor) but sometimes you can view it normally. It doesn't matter either way.
This file tells us the username, candycane, and the password hash (encrypted version of the password), which is K*BqMOF5w/IGY.
The password hash is encrypted in DES encryption. You must use a third party DES brute forcer/dictionary attacker or make your own such program. The first option is our best bet. I recommend a program known as John the Ripper (for anyone who uses Cain and Abel, C&A cannot crack DES). You can get John the Ripper here:
http://www.openwall.com/john/
I'm not gonna waste time explaining how to use it. A tutorial on how is here:
http://www.osix.net/modules/article/?id=455
Anyways, copy down the password hash from the service.pwd file and crack it/dictionary attack it using JTR. This should yield the password in it's true form. Now onto hacking the site.
NOTE: You MUST have Microsoft Frontpage to hack/deface/whatever the site.
Launch FrontPage. Go to File, and click on Open Web. Type the web address of the site. Press OK and then you should be prompted to enter your username and password. Enter the username and the password you got. Click OK again. Now you have access to the site's server! Upload your defacement page or whatever. Have fun.
Remember, don't go over***rd, and you didn't hear this info from me! Okay, yes you did. :twisted:
-Moonbat
Now, all FrontPage sites have a directory called _vti_pvt. It's like this:
http://www.candycanestotehmax.com/_vti_pvt
This directory usually contains a list of files like so. I used a random site that had the file I needed. Some of these files may or may not be on other sites:
access.cnf **-Dec-**** 05:42 *02
botinfs.cnf **-Dec-**** 05:42 24
bots.cnf **-Dec-**** 05:42 24
deptodoc.btr **-Dec-**** 05:42 *24
doctodep.btr **-Dec-**** 05:42 *24
frontpg.lck **-Dec-**** 05:42 0
linkinfo.cnf **-Dec-**** 05:42 24
service.cnf **-Dec-**** 05:42 655
service.grp **-Dec-**** 05:42 5*
service.lck **-Dec-**** 05:42 0
service.pwd **-Dec-**** 05:42 4*
services.cnf **-Dec-**** 05:42 2
svcacl.cnf **-Dec-**** 05:42 **4
writeto.cnf **-Dec-**** 05:42 24
The file WE need is called service.pwd. This is the file that has username/password information. It looks like this.
# -FrontPage-
candycane:K*BqMOF5w/IGY
You may have to downlaod the file, usually in a Microsoft Word (or other text editor) but sometimes you can view it normally. It doesn't matter either way.
This file tells us the username, candycane, and the password hash (encrypted version of the password), which is K*BqMOF5w/IGY.
The password hash is encrypted in DES encryption. You must use a third party DES brute forcer/dictionary attacker or make your own such program. The first option is our best bet. I recommend a program known as John the Ripper (for anyone who uses Cain and Abel, C&A cannot crack DES). You can get John the Ripper here:
http://www.openwall.com/john/
I'm not gonna waste time explaining how to use it. A tutorial on how is here:
http://www.osix.net/modules/article/?id=455
Anyways, copy down the password hash from the service.pwd file and crack it/dictionary attack it using JTR. This should yield the password in it's true form. Now onto hacking the site.
NOTE: You MUST have Microsoft Frontpage to hack/deface/whatever the site.
Launch FrontPage. Go to File, and click on Open Web. Type the web address of the site. Press OK and then you should be prompted to enter your username and password. Enter the username and the password you got. Click OK again. Now you have access to the site's server! Upload your defacement page or whatever. Have fun.
Remember, don't go over***rd, and you didn't hear this info from me! Okay, yes you did. :twisted:
-Moonbat