Jump to content


Photo
- - - - -

Viewing private forums!


  • Please log in to reply
12 replies to this topic

#1 kayvan

kayvan

    Will I break 10 posts?

  • Members
  • 6 posts

Posted 19 August 2008 - 09:23 AM

Hi
this is my first post here!
i was googling the whole day for this but I gain nothing! Is it possible to access private areas of a forum which is not allowed for you?
sometimes you need to pay to get some info from a private forum! Can google crawl into these places? I tried some google searchs (like site intext intitle and ...) but I couldn't get what I want! so any suggestions?
(i'm sorry for my bad english. its not my native lang!)
regards!
  • estuallUneste likes this

#2 n3xg3n

n3xg3n

    "I Hack, therefore, I am"

  • Members
  • 960 posts
  • Country:
  • Gender:Male
  • Location:(703)

Posted 19 August 2008 - 09:31 AM

if google can crawl the forums, you can too. Some forums which require registration or subscription are configured to allow googlebot entry to create listings in google which will cause people searching for answers to come and sign up / subscribe. For instance, BinRev allows googlebot to access the Member's Only forums (but not the subscription / position based forums) [Reference] so that the information there will be indexed, but people who come should sign up and hopefully stay (or just use google cache)

This can be used to your advantage if the forums you seek are configured this way (although from your post I don't think they are) by tricking the site into thinking that you are the googlebot. This is achieved using User Agent spoofing, a quick search on a search engine should give you the details of many ways to do it for your browser, and GoogleBot's User Agent string...

Edited by n3xg3n, 19 August 2008 - 04:11 PM.


#3 TelcoBob

TelcoBob

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 409 posts
  • Location:LATA 420

Posted 19 August 2008 - 01:05 PM

this works wonderfully on many poorly configured pay porn fourms out there

#4 Swerve

Swerve

    Dangerous free thinker

  • Members
  • 809 posts
  • Country:
  • Gender:Male

Posted 19 August 2008 - 03:15 PM

Checkout BeTheBot , supposedly lets you view sites like Google/Yahoo does.

#5 StankDawg

StankDawg

    same old Dawg, no new tricks

  • Moderating Team
  • 8,075 posts
  • Country:
  • Gender:Male

Posted 19 August 2008 - 03:31 PM

n3xg3n is right. We allow google to browse some forums as read only. At best, by spoofing googlebot, you would just be able to read and not post. googlebot has no posting privileges. :P

If you want to spoof google bot just to read the registered area of binrev just to see the posts there...why not just register? It is free.

googlebot cannot browse any of our moderators or donors areas. They are whitelist only.

#6 xof7

xof7

    Hakker addict

  • Members
  • 558 posts
  • Location:Spokane, Washington

Posted 19 August 2008 - 04:49 PM

Checkout BeTheBot , supposedly lets you view sites like Google/Yahoo does.


Its very simple to change your user agent in Firefox. Just do a little bit of googleing.

Here is one example from: http://www.tech-reci..._access_content

If you don't want to download user agent switcher then you can also do this:In the adderss bar type inabout:configThen scroll down till you find (you can also use the filter feature)"general.useragent.extra.firefox"Double click on it and type in "Googlebot 2.1". Now this will change your user agent to the google bot. To change the user agent back to the original one just right click and click Reset.

But make sure you remember to change it back... You will get some weird ass shit happening on some sites...

#7 kayvan

kayvan

    Will I break 10 posts?

  • Members
  • 6 posts

Posted 19 August 2008 - 05:06 PM

googlebot cannot browse any of our moderators or donors areas. They are whitelist only.

This is exactly what i'm tryin to do!
I tried that useragent thing. tried BeTheBot too. but no use. Is this means that there is no way to do this? oh, except trying to get a moderator's password!

#8 xof7

xof7

    Hakker addict

  • Members
  • 558 posts
  • Location:Spokane, Washington

Posted 19 August 2008 - 09:34 PM

OR YOU COULD DONATE TO THE FORUM

#9 B0rg

B0rg

    Gibson Hacker

  • Members
  • 98 posts

Posted 20 August 2008 - 11:18 AM

Because forums are usually built on top of a database and there are no specific files for each area, gaining access to a restricted area is not a matter of getting to see a protected file but a matter of gaining access to the database with permissions higher than the ones you usually have.

It's not a question of browser agent but one of credentials: username and password.

stealing cookies, sniffing passwords, capturing an active session, sql injection, xss to capture passwords, and bruteforce cracking of the password are some of possible attack vectors to gain access to a restricted area.

#10 StankDawg

StankDawg

    same old Dawg, no new tricks

  • Moderating Team
  • 8,075 posts
  • Country:
  • Gender:Male

Posted 22 August 2008 - 09:42 AM

Just as a general statement: Hacking a hacking forum is not usually a good idea. :nono: If you mess with the dawg, you may get bit.

#11 duper

duper

    Dangerous free thinker

  • Members
  • 816 posts
  • Location:NYC

Posted 22 August 2008 - 08:26 PM

The Register just put up a news story about this.

#12 Hembree

Hembree

    DDP Fan club member

  • Members
  • 55 posts

Posted 23 August 2008 - 02:31 AM

From my understanding, he wasn't referring to Binrev at all. He was asking about breaking into a forum that is private, and n3xg3n just used Binrev as an example of how some forums might be configured.

You could try to find a vulnerability in the specific forum software that the board uses. If it is a custom board, it may be poorly coded and you may have an easier time finding something just by doing your own research.

bethebot.com:
1) First, find the URL of the site you want to visit. It can be found in the "Address" bar of your internet explorer.
Guess I'll have to download wine.

Edited by Hembree, 23 August 2008 - 02:40 AM.


#13 kayvan

kayvan

    Will I break 10 posts?

  • Members
  • 6 posts

Posted 24 August 2008 - 01:18 PM

hey guys
yeah, i think i have to find a vulnerability or something. but are there any sources for this? somewhere that reports vulnerabilities in web apps. and i dont want to use vulnerability scanners. duper thanks for the link. and Hembree is right. i'm not trying to hack this forums! i'm not a pro! just trying to learn something. thats all!




BinRev is hosted by the great people at Lunarpages!