First, we must find a program on the internet that is exicutable. The way I go about it, is by utilizing google. If you have a target in mind, there are other methods, but for proof-of-concept, I just use google. In google, search using the phrase
filetype:pl "$FORM{"
Every file will be a Perl script, many of which are exicutable. Within the search results, you will find things like: $FORM{'Mode'}
Mode is the variable. Further into the program, hopefully we could find a flag, that would indicate some sort of action. Look for if statments containing things like eq, ne, or ==. For instance:
if($FORM{'Mode'} eq 'Admin')
In the URL, The url request would then be
http://www.site.org/search/search.pl?Mode=Admin
Now at this point, you have two options.
1) you try to use server-exicuted commands to escallate privalages (directory traversal, password file grabbing, chmod, etc)
2) Use the program to create a DoS condition
If your object is the first, then it is up to creativity and puzzle solving to get you to the next step and I cannot help. However if you are going for a denial of service condition (which is less elegant, and easier), then read on. Once a variable is located, you send a POST command to the address, with the variables included that you would like to do (use perl or c too send a POST command to the webserver. Such examples can be found here). Let's say you found a guest book, and two passed variables are "myname" and "comment". In the case of this guest book, you will do:
POST /cgi-bin/hello.pl HTTP/1.1
myname=John&comment=just+surfing+around
In a quick while loop, the above post will cause a DoS condition. To insure something is exicutable, I would suggest making a search for filetype:pl inurl:"action=" as any action you do will be part of the exicution of the file you are running. You may even get lucky, and find an action that will commit directory traversal or deletion. Using a post to create this action, whatever it may be, will lead to a denial of service condition.
If the human body was never exposed to ailments, it would be impressivly vulnerable to the slightest cold. If our country was never exposed to hacking, it would be oppressivly vulnerable to cyber terrorism. With out the creation of a malicious hacking, Afganistan could have destroyed America's economy with a ping flood. This is why I encourange maclicious hacking, as an ethical practice. Without strengthening our defenses, we are weak. This site is focused on security through knowledge. I detest the fact that so many companies are being exploited because malicious hackers know their security holes before they do. For that reason, I hope to educate where the exploits lay. This isn't a 100% information base, as I only publish things I have been able to implement on myself. No credit is needed anywhere . However if you are a publisher, I would appriciate credit. I am an advocate of open source, so copy and paste and call it your own if you like. If my work is good enough for you to plagerize then that is my biggest compliment . If my work is good enough, I will be approached and asked to write more ... this is natural selection of the digital age .
Previous hacks
Previous Hacks
This link kills spam
spam IP addresses
These are sites I block at my firewall.
cdn2.gms1.net
gms1.net
servedby.advertising.com
advertising.com
a.tribalfusion.com
tribalfusion.com
pimpslord.com
altfarm.mediaplex.com
mediaplex.com
ad.yeildmanager.com
yeildmanager.com
doubleclick.net
isg32.casalemedia.com
casalemedia.com
Two very recommended books:
. . The only hacking forum I have found worth mentioning here