 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
tony2108
Advanced Cheater
 Reputation: 0
Joined: 26 Nov 2008
Posts: 63
Location: Hacking Battlefield
|
 Posted: Sat Feb 14, 2009 2:41 pm Post subject: [SSI]Server-sided APACHE HACK |
 |
|
Hours of searching actually paid off. The server sided hacking proof is exteding rapidly:
More Server Side Include Trickery
You know Server Side Includes have a decent amount of power under the hood, but you're not entirely sure what quickie trickies can be accomplished. Below, we'll touch on a number of simple SSI hacks that can be used for quick prototyping, simplistic logging or authentication, random file serving, and more.
Prerequisites
1. The Server Side Include module (mod_includes) must be enabled.
Client XYZ wants authentication on their site. You're super busy, they're super anxious. You suggest .htaccess and .htpasswd protection, but they balk at the "unfriendly" authentication box that appears. They want it tomorrow, and you want tomorrow off. With quick SSI tweakery, you whip together the following:
| Code: | {{{
<!--#if expr="$QUERY_STRING = 'username=guest&password=anonymous'" -->
<meta http-equiv="Refresh" content="1; URL=guest/index.shtml">
<!--#elif expr="$QUERY_STRING = 'username=crazyhorse&password=719'" -->
<meta http-equiv="Refresh" content="1; URL=special/index.shtml">
<!--#else -->
<meta http-equiv="Refresh" content="1; URL=oops.html">
<!--#endif -->
}}} |
The above file works as an interim redirector page. You'd have a login page called "login.html", for example, and in it, a form with two input fields called "username" and "password". The form would send the results to the above page, perhaps called "validate.html". The $QUERY_STRING is a key=value pair of all the data sent via the GET form method, and with the above code, we check for two different users: "guest" and "crazyhorse". If we see those usernames AND the correct passwords, then we send the browser a Refresh command to the right directory. If not, we send the browser to an "oops.html" page.
There are a few bad aspects of this hack:
* passwords are stored in plain text in the validate.html file.
* manual editing of the validate.html file can get annoying.
* assumption that the QUERY_STRING will be in the same order each time.
* the username and password is bookmarkable, which can be insecure.
It should, however, tide most simplistic authentication needs until they grease your palms with a bit more money. Of course, ever belligerent, they now want you to change the background color of the site based on the time of day - "sunny in the morning, nightlike at night!". You groan, but again, SSI comes to the rescue:
| Code: | {{{
<!--#config timefmt="%H" -->
<!--#if expr="$DATE_LOCAL < 12" -->
<body background="images/morning.gif">
<!--#endif -->
<!--#if expr="$DATE_LOCAL > 12 && $DATE_LOCAL < 18" -->
<body background="images/afternoon.gif">
<!--#endif -->
<!--#if expr="$DATE_LOCAL > 18" -->
<body background="images/evening.gif">
<!--#endif -->
}}} |
The "timefmt" configuration that we start out with will return all dates in the format we've specified which, in this case, is a zero padded hourly value, like "05" or "12". Our next lines of SSI merely check that hour to see if it's between a certain range of numbers - whatever time it is will have a different background image defined.
You can also modify the above to show a different message (or redirect to a different page, change background colors, etc.) base on what the current second is, producing a close approximation of a "random" element in your pages:
| Code: | {{{
<!--#config timefmt="%S" -->
>
... do something here ...
<!--#elif expr="$DATE_LOCAL = /.1/" -->
... do something else here ...
...
>
... do something else entirely ...
<!--#endif -->
}}} |
Company XYZ doesn't stop, however, no matter how many fruit baskets you send. Now, they want a counter on their site, oh, those dreadful counters. You don't want to actually install a counter on your box (how sullied it would become!), but you can craft one simply with SSI.
| Code: | {{{
<!--#exec cmd=" N=`cat counter.dat` && expr $N + 1 > counter.dat"-->
>
}}} |
The first SSI command above runs a simple shell command line that gets the contents of a "counter.dat" file (which should exist, and contain the number that you want the counter to start at), and then adds 1 to it. The second SSI command will then echo the new contents of the file to the web browser.
Whether the above will work or not will really depend on what your primary shell is on your web server. Here's another example, simplified down to one line:
| Code: | {{{
<!--#exec cmd="echo $[`cat counter.dat`+1] | tee counter.dat"-->
}}} |
The above are just a few of the tricks possible to SSI, and if you allow the "exec" command, you can start incorporating the power of common shell utilities (at the expense of lessened security).
You can also do it with .JS(Javascript) file or VBS(Visual Basic Script) files if you don't have a Database. I would recommend a Algorythm to Encrypt it. 
_________________
"Dark Angel is watching you" |
|
| Back to top |
|
 |
Flyte
Peanuts!!!!
 Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
|
| Back to top |
|
|
oib111
I post too much
 Reputation: 0
Joined: 02 Apr 2007
Posts: 2947
Location: you wanna know why?
|
| Posted: Sat Feb 14, 2009 3:33 pm Post subject: |
|
|
Ok, this one he didn't give credits. and What is SSI then Flyte (I'm honestly curious haha)?
_________________
| 8D wrote: |
cigs dont make people high, which weed does, which causes them to do bad stuff. like killing |
|
|
| Back to top |
|
|
tony2108
Advanced Cheater
Reputation: 0
Joined: 26 Nov 2008
Posts: 63
Location: Hacking Battlefield
|
| Posted: Sat Feb 14, 2009 3:40 pm Post subject: |
|
|
...
It's S= Server S= Sided I= Includes
making it easier for you to read Flyte O,o
and ok my mistake the webpage didn't have a name or something so from now on i'll post the url to the website related
_________________
"Dark Angel is watching you" |
|
| Back to top |
|
|
nwongfeiying
Grandmaster Cheater
![]() Reputation: 2
Joined: 25 Jun 2007
Posts: 695
|
| Posted: Sat Feb 14, 2009 5:49 pm Post subject: |
|
|
| I don't get why people steal other people's work. It's just wrong and I would be pretty pissed if someone stole my work and claimed it as their own.
|
|
| Back to top |
|
|
tony2108
Advanced Cheater
Reputation: 0
Joined: 26 Nov 2008
Posts: 63
Location: Hacking Battlefield
|
| Posted: Sun Feb 15, 2009 4:14 am Post subject: |
|
|
hey did i say it's my work ?O,o
i gave the credits can't you just read???
i bet you didn't read the article. Posted it here so you can read it. If you don't like it do not read it and do not spam the topic
_________________
"Dark Angel is watching you" |
|
| Back to top |
|
|
SXGuy
I post too much
![]() Reputation: 0
Joined: 19 Sep 2006
Posts: 3551
|
| Posted: Sun Feb 15, 2009 6:05 am Post subject: |
|
|
Simple php secure login redirection is all you need, why mess with ssi or .htaccess at all?
| Code: | <?
//prevents caching
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();
session_start();
//clear session variables
session_unset();
//require the functions file
require ("config.php");
require ("functions.php");
//check to see if cookies are already set, remember me
if ((!$lr_user) || (!$lr_pass))
{
$username = $_POST[username];
$password = $_POST[password];
}else{
$username = $lr_user;
$password = $lr_pass;
}
//if username or password is blank, send to errorlogin.html
if ((!$username) || (!$password))
{
header("Location:$base_dir/errorlogin.html");
exit;
}
//sets cookies to remember this computer if the user asks to
if ($_POST[remember] == "Yes")
{
setcookie("lr_user", $username, $duration, "/", $domain);
setcookie("lr_pass", $password, $duration, "/", $domain);
}
if ($_POST[activate] == "Yes")
{
//make the connection to the database
$connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
$db = @mysql_select_db($db_name,$connection)or die(mysql_error());
//build and issue the query
$sql ="UPDATE $table_name SET verified = '1' WHERE username = '$_POST[username]'";
$result = @mysql_query($sql,$connection) or die(mysql_error());
}
//sets session variables
sess_vars($base_dir, $server, $dbusername, $dbpassword, $db_name, $table_name, $username, $password);
//check to see if the user has to change their password
if ($_SESSION[pchange] == "1")
{
$_SESSION[redirect] = "$base_dir/pass_change.html";
}
//check to see if the user has activated the account
if ($_SESSION[verified] == "0")
{
$_SESSION[redirect] = "$base_dir/not_activated.html";
}
//make the connection to the database
$connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
$db = @mysql_select_db($db_name,$connection)or die(mysql_error());
//build and issue the query
$sql ="SELECT * FROM banned";
$result = @mysql_query($sql,$connection) or die(mysql_error());
while ($sql = mysql_fetch_object($result))
{
$banned = $sql -> no_access;
if ($username == $banned || $REMOTE_ADDR == $banned)
{
include ('banned.html');
exit;
}
}
$last_log = last_login();
//updates table with last log as now
$sql = "UPDATE $table_name SET last_login = '$last_log' WHERE username = '$_SESSION[user_name]'";
$result = @mysql_query($sql,$connection) or die(mysql_error());
if (($_SESSION[redirect] != "$base_dir/errorlogin.html") && ($log_login == "1"))
{
include('loglogin.php');
}
//redirects the user
header("Location:$_SESSION[redirect]");
?>
<head><title>Redirect</title></head> |
|
|
| Back to top |
|
|
HomerSexual
Grandmaster Cheater Supreme
 Reputation: 5
Joined: 03 Feb 2007
Posts: 1657
|
| Posted: Sun Feb 15, 2009 7:48 am Post subject: |
|
|
Don't bust his balls because he didn't do everything exactly how we like it here. We all know he didn't write it but he isn't reposting this to make it seem like he did. He posted because he thought someone could learn from it.
But i do agree with everything posted in his threads. I would say create a link to the website and list them all in one post, but i also like having a hardcopy here on CEF incase they are deleted elsewhere(server crash, hackers, etc)
_________________
|
|
| Back to top |
|
|
tony2108
Advanced Cheater
Reputation: 0
Joined: 26 Nov 2008
Posts: 63
Location: Hacking Battlefield
|
| Posted: Sat Feb 28, 2009 9:58 am Post subject: |
|
|
ok ok dude now your playing smart
idc of what you'll say just delete the topic if you want
or do not read it
_________________
"Dark Angel is watching you" |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
