Guide to FrontPage Hacking
Well the name says it all! This is a guide to hacking (well, pretty much defacing) FrontPage sites. I'll use a fake site called http://www.candycanestotehmax.com
Now, all FrontPage sites have a directory called _vti_pvt. It's like this:
This directory usually contains a list of files like so. I used a random site that had the file I needed. Some of these files may or may not be on other sites:
access.cnf 11-Dec-1999 05:42 102
botinfs.cnf 11-Dec-1999 05:42 24
bots.cnf 11-Dec-1999 05:42 24
deptodoc.btr 11-Dec-1999 05:42 324
doctodep.btr 11-Dec-1999 05:42 324
frontpg.lck 11-Dec-1999 05:42 0
linkinfo.cnf 11-Dec-1999 05:42 24
service.cnf 11-Dec-1999 05:42 655
service.grp 11-Dec-1999 05:42 53
service.lck 11-Dec-1999 05:42 0
service.pwd 11-Dec-1999 05:42 41
services.cnf 11-Dec-1999 05:42 2
svcacl.cnf 11-Dec-1999 05:42 114
writeto.cnf 11-Dec-1999 05:42 24
The file WE need is called service.pwd. This is the file that has username/password information. It looks like this.
You may have to download the file, usually in a Microsoft Word (or other text editor) but sometimes you can view it normally. It doesn't matter either way.
This file tells us the username, candycane, and the password hash (encrypted version of the password), which is K9BqMOF5w/IGY.
The password hash is encrypted in DES encryption. You must use a third party DES brute forcer/dictionary attacker or make your own such program. The first option is our best bet. I recommend a program known as John the Ripper (for anyone who uses Cain and Abel, C&A cannot crack DES). You can get John the Ripper here:
I'm not gonna waste time explaining how to use it. A tutorial on how is here:
Anyways, copy down the password hash from the service.pwd file and crack it/dictionary attack it using JTR. This should yield the password in it's true form.
Now onto hacking the site.
NOTE: You MUST have Microsoft Frontpage to hack/deface/whatever the site.
Launch FrontPage. Go to File, and click on Open Web. Type the web address of the site. Press OK and then you should be prompted to enter your username and password. Enter the username and the password you got. Click OK again. Now you have access to the site's server! Upload your defacement page or whatever. Have fun.
You can easily find targets to test this vulnerability on.
Go to Google and type the following: (courtesy of Halla)
This will make Google search in a site's URL for the words sevice.pwd. This will bring up a whole bunch of links. Click one, and you'll be taken to that site's service.pwd file. From there, follow the tutorial and you'll be in business in no time!
Remember, don't go overboard, and you didn't hear this info from me!
Okay, yes you did.
Rating: - 0 out of 0 votes