secure Posted May 24, 2012 Report Share Posted May 24, 2012 (edited) Site webcamnow.comChallenge: - aflarea adresei de mail a oricarui user existent- aflarea parolei in plaintext a oricarui user existentIn situatia de fata gasiti adresa de mail si parola userului _admin_Nivel: easyRaspunsurile le puteti da si aici. Edited May 24, 2012 by secure Quote Link to comment Share on other sites More sharing options...
secure Posted May 24, 2012 Author Report Share Posted May 24, 2012 Sa punem si o mica recompensa. 10 shelluri fresh pentru castigator.Hint: nu e sql injection Quote Link to comment Share on other sites More sharing options...
Paul4games Posted May 24, 2012 Report Share Posted May 24, 2012 Nu stiu daca se pune dar am gasit mai multe emailuri de inregistrare de genul:https://www.webcamnow.com/reg/confirm?t=40c575e47a178e4f Quote Link to comment Share on other sites More sharing options...
secure Posted May 24, 2012 Author Report Share Posted May 24, 2012 Nu se pune. Quote Link to comment Share on other sites More sharing options...
DreptulLaReplica Posted May 24, 2012 Report Share Posted May 24, 2012 mail: sdb2343@freecamdates.comrevin cu pass Quote Link to comment Share on other sites More sharing options...
secure Posted May 24, 2012 Author Report Share Posted May 24, 2012 E bine pana aici. Quote Link to comment Share on other sites More sharing options...
Guest Kovalski Posted May 24, 2012 Report Share Posted May 24, 2012 ------------------------------------------------------------------ - EXPL-A-2003-005 exploitlabs.com Advisory 005------------------------------------------------------------------ -= Webcam Now =-morning_woodJune 10, 2003Vunerability(s):----------------1. Cleartext Passwords in Windows registryProduct:--------Webcam Now BroadcasterWebcamNow Free Video Chathttp://www.webcamnow.com/download.htmlReviews:--------Description of product:-----------------------"WebcamNow provides free Internet video broadcasting service (software and hosting) for personal use. Live video can be broadcast from virtually any PC camera or video capture device by simply creating an ID and start the WebcamNow Video Broadcaster. Additionally, the video is accompanied by real-time communication through text and voice chat. Live webcam broadcasts can be viewed through any current browser that supports Java by going to the Videochat start page or the WebcamNow home page"VUNERABILITY=============Local:------View user / password in these registry keys:HKEY_LOCAL_MACHINE\SOFTWARE\WebCamNow\Users\NameHKEY_LOCAL_MACHINE\SOFTWARE\WebCamNow\Users\Passwordthere is no excuse for a plaintext passsword in the windows registry fileperiod.Any computer with multiple users is vunerable to password discovery anddisclosure. hint - hash yer passRemote:-------none( unless remote registry is enabled or a intranet / lan topology [orprevious remote compromise] )Vendor Fix:-----------No fix on 0dayVendor Contact:---------------[email PROTECTED] - Concurrent with this advisoryCredits:--------Credits:--------Donnie WernerExploitlabs "were finding your holes"se pune? Quote Link to comment Share on other sites More sharing options...
DreptulLaReplica Posted May 24, 2012 Report Share Posted May 24, 2012 ------------------------------------------------------------------ - EXPL-A-2003-005 exploitlabs.com Advisory 005------------------------------------------------------------------ -= Webcam Now =-morning_woodJune 10, 2003Vunerability(s):----------------1. Cleartext Passwords in Windows registryProduct:--------Webcam Now BroadcasterWebcamNow Free Video Chathttp://www.webcamnow.com/download.htmlReviews:--------Description of product:-----------------------"WebcamNow provides free Internet video broadcasting service (software and hosting) for personal use. Live video can be broadcast from virtually any PC camera or video capture device by simply creating an ID and start the WebcamNow Video Broadcaster. Additionally, the video is accompanied by real-time communication through text and voice chat. Live webcam broadcasts can be viewed through any current browser that supports Java by going to the Videochat start page or the WebcamNow home page"VUNERABILITY=============Local:------View user / password in these registry keys:HKEY_LOCAL_MACHINE\SOFTWARE\WebCamNow\Users\NameHKEY_LOCAL_MACHINE\SOFTWARE\WebCamNow\Users\Passwordthere is no excuse for a plaintext passsword in the windows registry fileperiod.Any computer with multiple users is vunerable to password discovery anddisclosure. hint - hash yer passRemote:-------none( unless remote registry is enabled or a intranet / lan topology [orprevious remote compromise] )Vendor Fix:-----------No fix on 0dayVendor Contact:---------------[email PROTECTED] - Concurrent with this advisoryCredits:--------Credits:--------Donnie WernerExploitlabs "were finding your holes"se pune? e veche si pusa pe toate site-urile, normal ca se pune:)) Quote Link to comment Share on other sites More sharing options...
AMD Posted May 24, 2012 Report Share Posted May 24, 2012 https://www.webcamnow.com/reg/prethankyou?u=_admin_ID Name Reserved _admin_Confirmation sent to sdb2343@freecamdates.comsi parola este: wcn6-first Quote Link to comment Share on other sites More sharing options...
AhEaD Posted May 24, 2012 Report Share Posted May 24, 2012 se pune daca postez eu ? User: MarcelPass: lecramhttps://www.webcamnow.com/reg/prethankyou?u=_admin_ID Name Reserved _admin_Confirmation sent to sdb2343@freecamdates.comsi parola este: wcn6-firstNu e aia parola Quote Link to comment Share on other sites More sharing options...
Zatarra Posted May 24, 2012 Report Share Posted May 24, 2012 Marcel ii contul lui Ahead, nu se pune. ))) Quote Link to comment Share on other sites More sharing options...
AMD Posted May 24, 2012 Report Share Posted May 24, 2012 daca ii dai la "I forgot my password" o sa vezi ca trimite mereu aceeasi parola Quote Link to comment Share on other sites More sharing options...
noVaLue Posted May 24, 2012 Report Share Posted May 24, 2012 nu prea cred :/ mie imi trimite corect Quote Link to comment Share on other sites More sharing options...
secure Posted May 24, 2012 Author Report Share Posted May 24, 2012 Hai ca e foarte simplu Quote Link to comment Share on other sites More sharing options...
noVaLue Posted May 24, 2012 Report Share Posted May 24, 2012 (edited) http://webcamnow.com/wlogin?un=noVaLue&pw=crackm3&t=1337876303779_admin_hooperIncercase-m si asta http://webcamnow.com/api/acctstatus?un=, numai ca nu stiu sa-l parsez, doar daca as avea cont de admin, as putea sa-l prind in TamperDataLe: iar daca te loghezi cu acel user e normal sa vezi sdb2343@freecamdates.com Edited May 24, 2012 by noVaLue Quote Link to comment Share on other sites More sharing options...
secure Posted May 24, 2012 Author Report Share Posted May 24, 2012 DreptulLaReplica primeste 5 shelluri si noValue 5 shelluri pentru ca fiecare dintre ei a gasit primul una din "vulnerabilitati". Va dau la noapte pm cu shellurile. Quote Link to comment Share on other sites More sharing options...
DreptulLaReplica Posted May 24, 2012 Report Share Posted May 24, 2012 DreptulLaReplica primeste 5 shelluri si noValue 5 shelluri pentru ca fiecare dintre ei a gasit primul una din "vulnerabilitati". Va dau la noapte pm cu shellurile.Nu merci, le donez lu noValue, el le merita, si oricum nu as avea ce face cu ele. Quote Link to comment Share on other sites More sharing options...
noVaLue Posted May 24, 2012 Report Share Posted May 24, 2012 Stai sa vezi belea, ma uit in ele 5 min si le donez, daca nu gasesc nimic interesant... Eu am vrut sa scot mai mult din challenge, dar nu s-a putut Quote Link to comment Share on other sites More sharing options...
Guest Kovalski Posted May 24, 2012 Report Share Posted May 24, 2012 (edited) eu ma uitam dupa avioane in sloboz /admin/user_list/index.old/index.bak/users/backup/backup/alte cretinisme.. nu mi-a trecut si nu mi-ar fi trecut niciodata prin cap de swf..felicitarile mele Value. Edited May 24, 2012 by ps-axl Quote Link to comment Share on other sites More sharing options...
