1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How To Break Into (almost) any member's area

Discussion in 'BlackHat Lounge' started by wolvenreign, Jan 11, 2011.

  1. wolvenreign

    wolvenreign Registered Member

    Joined:
    Aug 11, 2010
    Messages:
    83
    Likes Received:
    40
    Hey folks. I used this to break into "Xtreme Traffic Arbitrage's" member site without paying anything, and I thought I'd share.

    1st: Download Google Chrome.

    2nd: Go to the website you want to break into.

    3rd: After the .com of the website url, type in "membersarea". For example, http://xtremetrafficarbitrage.com/blog/ would be changed into http://xtremetrafficarbitrage.com/membersarea.

    4th: Unless the owners of the site are fatally retarded, Chrome will give you a 404. This is the important part, though...Chrome will also give you the ability to search the site for a "members area". Use that option.

    5th: Google will give you links into various sections of the member's area. You're done.

    Enjoy.
     
    • Thanks Thanks x 2
    Last edited: Jan 11, 2011
  2. RobBanks

    RobBanks Junior Member

    Joined:
    May 14, 2010
    Messages:
    165
    Likes Received:
    42
    Location:
    in the mountains
    this doesn't work it just says the link appears to be broken. wouldn't it just be easier to search google for free passwords?
     
  3. wrangler

    wrangler Regular Member

    Joined:
    Jun 14, 2010
    Messages:
    487
    Likes Received:
    599
    Is this the same as putting this query in Google (if so, this would seem easier)?
    site:xtremetrafficarbitrage.com "members area"
     
  4. Chees

    Chees Regular Member

    Joined:
    Apr 16, 2010
    Messages:
    476
    Likes Received:
    151
  5. wolvenreign

    wolvenreign Registered Member

    Joined:
    Aug 11, 2010
    Messages:
    83
    Likes Received:
    40
    Sort of, but the order is reversed. This is what you would put in.

    members area site:xtremetrafficarbitrage.com
     
  6. wrangler

    wrangler Regular Member

    Joined:
    Jun 14, 2010
    Messages:
    487
    Likes Received:
    599
    The order doesn't matter (and works for me, gets me to the page indicated). What's important is to use quotation marks around the "members area" piece.
    You're welcome, by the way.
     
    • Thanks Thanks x 1
  7. JesusBack

    JesusBack Executive VIP Premium Member

    Joined:
    Sep 15, 2010
    Messages:
    1,159
    Likes Received:
    1,284
    Occupation:
    Almost done :D
    Location:
    {calm|cool|collected}
    I was under the impression that "almost" any member area was protected by a password and username ;).
     
    • Thanks Thanks x 1
  8. Chees

    Chees Regular Member

    Joined:
    Apr 16, 2010
    Messages:
    476
    Likes Received:
    151
    OP if you really got into the site why dont you share what you found ? it would be nice for all
     
  9. wrangler

    wrangler Regular Member

    Joined:
    Jun 14, 2010
    Messages:
    487
    Likes Received:
    599
    Never assume anything :) Yeah typically they are, or at least should be... but there's plenty of times, like this, where they aren't.
     
  10. saxgod

    saxgod Regular Member

    Joined:
    Sep 19, 2010
    Messages:
    351
    Likes Received:
    337
    Yeah this only works for website that have been unmodified since 1994 and only use an authentication check on the loginpage. nowadays we have cookies and session systems making it possible to check authentication on EVERY page in the membership section, making this kind of useless.....
     
  11. wrangler

    wrangler Regular Member

    Joined:
    Jun 14, 2010
    Messages:
    487
    Likes Received:
    599
    1994? I wasn;t even born then... but once again - yes the site can and should be secured. My point is, they very often aren't - people are lazy / stupid. So this is just a way to use Google to get to something easily rather than jumping through the hoops. And the point is, this isn't at all uncommon, having sites not secured, which should be.
     
  12. phpfiend

    phpfiend Junior Member

    Joined:
    Apr 12, 2009
    Messages:
    172
    Likes Received:
    102
    Occupation:
    Web Dev and IM
    Home Page:
    Just a note to the OP. If you go posting here of ways to get into members areas that you thoroughly search through the page. Found a link to a pop up page asking for authentication.
     
  13. jerzee

    jerzee Newbie Premium Member

    Joined:
    Jul 31, 2010
    Messages:
    41
    Likes Received:
    7
    Occupation:
    Bar and hotel management
    Location:
    Jersey Shore
    I got to the page to download it but then was asked for the e-mail I used when I purchased the software.
     
    • Thanks Thanks x 1