12 replies to this topic

[kayvan]

Hi
this is my first post here!
i was googling the whole day for this but I gain nothing! Is it possible to access private areas of a forum which is not allowed for you?
sometimes you need to pay to get some info from a private forum! Can google crawl into these places? I tried some google searchs (like site intext intitle and ...) but I couldn't get what I want! so any suggestions?
(i'm sorry for my bad english. its not my native lang!)
regards!

[n3xg3n]

if google can crawl the forums, you can too. Some forums which require registration or subscription are configured to allow googlebot entry to create listings in google which will cause people searching for answers to come and sign up / subscribe. For instance, BinRev allows googlebot to access the Member's Only forums (but not the subscription / position based forums) [Reference] so that the information there will be indexed, but people who come should sign up and hopefully stay (or just use google cache)

This can be used to your advantage if the forums you seek are configured this way (although from your post I don't think they are) by tricking the site into thinking that you are the googlebot. This is achieved using User Agent spoofing, a quick search on a search engine should give you the details of many ways to do it for your browser, and GoogleBot's User Agent string...

Edited by n3xg3n, 19 August 2008 - 04:11 PM.

[TelcoBob]

this works wonderfully on many poorly configured pay porn fourms out there

[Swerve]

Checkout BeTheBot , supposedly lets you view sites like Google/Yahoo does.

[StankDawg]

n3xg3n is right. We allow google to browse some forums as read only. At best, by spoofing googlebot, you would just be able to read and not post. googlebot has no posting privileges.

If you want to spoof google bot just to read the registered area of binrev just to see the posts there...why not just register? It is free.

googlebot cannot browse any of our moderators or donors areas. They are whitelist only.

[xof7]

Checkout BeTheBot , supposedly lets you view sites like Google/Yahoo does.

Its very simple to change your user agent in Firefox. Just do a little bit of googleing.

Here is one example from: http://www.tech-recipes.com/rx/1135/firefox_change_user_agents_access_content

If you don't want to download user agent switcher then you can also do this:In the adderss bar type inabout:configThen scroll down till you find (you can also use the filter feature)"general.useragent.extra.firefox"Double click on it and type in "Googlebot 2.1". Now this will change your user agent to the google bot. To change the user agent back to the original one just right click and click Reset.

But make sure you remember to change it back... You will get some weird ass shit happening on some sites...

[kayvan]

googlebot cannot browse any of our moderators or donors areas. They are whitelist only.

This is exactly what i'm tryin to do!
I tried that useragent thing. tried BeTheBot too. but no use. Is this means that there is no way to do this? oh, except trying to get a moderator's password!

[xof7]

OR YOU COULD DONATE TO THE FORUM

[B0rg]

Because forums are usually built on top of a database and there are no specific files for each area, gaining access to a restricted area is not a matter of getting to see a protected file but a matter of gaining access to the database with permissions higher than the ones you usually have.

It's not a question of browser agent but one of credentials: username and password.

stealing cookies, sniffing passwords, capturing an active session, sql injection, xss to capture passwords, and bruteforce cracking of the password are some of possible attack vectors to gain access to a restricted area.

[StankDawg]

Just as a general statement: Hacking a hacking forum is not usually a good idea. If you mess with the dawg, you may get bit.

[duper]

The Register just put up a news story about this.

[Hembree]

From my understanding, he wasn't referring to Binrev at all. He was asking about breaking into a forum that is private, and n3xg3n just used Binrev as an example of how some forums might be configured.

You could try to find a vulnerability in the specific forum software that the board uses. If it is a custom board, it may be poorly coded and you may have an easier time finding something just by doing your own research.

bethebot.com:

1) First, find the URL of the site you want to visit. It can be found in the "Address" bar of your internet explorer.

Guess I'll have to download wine.

Edited by Hembree, 23 August 2008 - 02:40 AM.

[kayvan]

hey guys
yeah, i think i have to find a vulnerability or something. but are there any sources for this? somewhere that reports vulnerabilities in web apps. and i dont want to use vulnerability scanners. duper thanks for the link. and Hembree is right. i'm not trying to hack this forums! i'm not a pro! just trying to learn something. thats all!