Cheat Engine

tony2108 · Posted: Sat Feb 14, 2009 2:51 pm Post subject: [SSI] And xBit hack

Found this on a website to an anonymous person(credits given)

I saw this useful message on a server mailing list I monitor:

Question: "Is it possible to force ssi on .html file extensions?"

Answer: "Yes, by adding this line to .htaccess:

AddHandler server-parsed .html

Question: "If so, are there any dangers running ssi in this manner?"

Answer: "Yes, you will take a performance hit -- because every web page, whether it has SSI directives or not, will have to be parsed for SSI before it is served up.

A much cleaner solution is to take advantage of XBitHack, which is turned on in the Signature web server configuration. When you set the executable bit on an HTML file, it tells the server to parse that file for SSI. So for each file with server-side includes, just run:

chmod +x filename.html

Then the server will only do parsing for SSI on the files that really need it. (Be sure to remove that line above from .htaccess if you decide to use XBitHack.)

oh and btw SSI is =(Server Sided Included)

Now what is xBit hack?

XBitHack (pronounced "X bit hack") is simply one of those htaccess configuration statements mentioned above. If you're not willing to put up with the performance costs of the "directory method" for enabling parsing of non-.shtml pages covered above, think of XBitHack as a "file method". This is because you can specify on a file-by-file basis which non-.shtml files get parsed.

Using XBitHack for this "file method" has two steps:

* turn on XBitHack by adding the statement to your .htaccess file
* "flag" the html pages you want parsed by changing their permissions to something a little out of the ordinary

If you created the htaccess.txt file above, simply add the statement given below to it and re-ftp/rename it to enable XBitHack. If your .htaccess file contains the AddType and AddHandler statements from above, REMOVE THEM. If you didn't create the file earlier, here are the steps to enabling XBitHack:

1. Use a text editor to create an htaccess.txt file and enter the following statement into it:

XBitHack on

2. Save the file and ftp it (using ASCII mode) to your Web root directory (or whatever directory your index.html file is in).

3. Rename the htaccess.txt file to .htaccess

4. CHMOD the page files, and only the page files, that you want parsed (i.e. that will contain SSI directives) to 744 (instead of 644). This is what tells the server to parse the page.

5. Try it out by entering a URL for one of the pages that contains an SSI directive and see if it's working.

If it doesn't work, check your error log for a message like

XBitHack not allowed here

It is possible that your host allows htaccess but not XBitHack. If you don't find the above error, you'll have to contact your host's technical support operation. However, by knowing what htaccess and XBitHack are, you can ask them intelligent questions regarding your problem. When they realize you know what you are talking about, they will be less likely to feed you a line of BS. Also, don't be surprised if the support person you speak to doesn't know what you are talking about. First-line technical support and sales people are usually entry-level jobs in an organization. If you get the sense they don't know what you are talking about, ask to speak to a more senior support person who does.

What is htaccess?

Most hosting companies will host multiple domains on one server, and all the domains use the same Web server software installed on that server. This presents a problem. What if two Webmasters using the same server need different Web server configurations? Apache addressed this by using .htaccess files. (Other Web-server software packages have similar functionality. If your host isn't using Apache, you'll have to ask them how to implement local configurations.)

Apache, like any other software, has configuration files. Your host edits these "global" configuration files to serve as a default for all of the sites hosted on the server. The .htaccess file (pronounced "h t access") acts as a "local" configuration file so that individual Websites can customize the configuration to suit their needs.

The .htaccess file is an ordinary text file that you can create using Notepad or any text editor and ftp it into your Web root directory. This file will contain the configuration statements (commands) to customize the Apache Web server software for your Website.

Notice that the file name starts with a period. This is to indicate to the Linux/UNIX operating system that it is a "system file" that is used by a server application, not by a user of the system (such as an html file would be). However, with Windows, the period denotes a separator between a file's name and its' "extension". As a result, if you try and create a .htaccess file in Windows it won't have a name. To get around this, create a file called htaccess.txt, ftp that to the server, and then rename it to .htaccess once it's there.

hope this was useful to lunch a research in the future in hacking srever sided like client sided(making hacking easier)

Flyte · Posted: Sat Feb 14, 2009 3:29 pm Post subject:

Stolen from: http://www.parkansky.com/tutorials/bdlogxbh.htm

oib111 · Posted: Sat Feb 14, 2009 3:31 pm Post subject:

Flyte · Posted: Sat Feb 14, 2009 3:33 pm Post subject:

tony2108 · Posted: Sat Feb 14, 2009 3:34 pm Post subject:

i game credits i don't know the names of the guys posted it lol...

sloppy · Posted: Sat Feb 14, 2009 4:02 pm Post subject:

tony2108 · Posted: Sat Feb 14, 2009 4:07 pm Post subject:

dude where's the point of posting this?
i am posting this topics for somebody to read then and learn then it's not just a copy paste :/
I read those articles you don't...
You just post stuff without thinking about them
next time i'll post and the reason for posting this topics to prevent spam comments. Just read and post stuff related to the topic thnk you in advance

oib111 · Posted: Sat Feb 14, 2009 4:13 pm Post subject:

I actually enjoyed the posts. They're quite useful and informative and I probably wouldn't have found them in the first place. So thank you tony.

tony2108 · Posted: Sat Feb 14, 2009 4:36 pm Post subject:

It's good that some people understands the meaning of a good article.
Some people can't just go to the next and write stuff in google without a reason. They can all come here and find them in just 1 forum and not to the whole Network community.
thnx oib111^^
You are far more experienced than me in hacking though Very Happy

sponge · Posted: Sat Feb 14, 2009 4:39 pm Post subject:

If you can't google, you're an idiot.

oib111 · Posted: Sat Feb 14, 2009 4:43 pm Post subject:

tony2108 · Posted: Sat Feb 14, 2009 4:46 pm Post subject:

well some people can't google because they are bored O,o
And CEF has everything anyone would need. They can just come and search in here than google. ^^

DoomsDay · Posted: Sat Feb 14, 2009 4:47 pm Post subject:

tony2108 · Posted: Sat Feb 14, 2009 4:52 pm Post subject:

yeah...
did i say anything wrong?
i just said people could search in here for hacks than google Confused

BanMe · Posted: Sat Feb 14, 2009 4:54 pm Post subject:

well i agree with tony but having coded alot of stuff i hate to see my stuff posted under someone else's name.. its just annoying..

for example i wrote a piece of code using RtlRemoteCall (an idea i got off of alex ionesceu) for redirect a thread executions path and restoring it to origanil(i failed in the attemp, though it was mostly working) then not 3 months later i see my exact words to The T.. it was angering though the site i origanly posted it on(www.curse-x.com) went down permantly i do not enjoy my code being posted under other ppl names..

so it is under import that you the poster should try to find the original poster and give credits to them.. especially in situations where you are pointed out for not working hard enough to find him/her Wink

regards BanMe

and lol @Doomsday.. quite levity :}
btw Tony, CEF's search USE's GOOGLE!.. xD