[Ayuda] Hackear score pagina web

Iniciado por polmp, 10 Agosto 2010, 10:51 AM

0 Miembros y 1 Visitante están viendo este tema.

polmp

Me gustaria saber si se puede hackear el score de super3.cat.Poder se puede porque lo hice pero no se ni cómo.Utilicé el tamper data de Mozilla.

Saludos y gracias,

Polmp

Modificado: Si os sirve de algo os dejo los codigos que se envian al servidor.

<?xml version="1.0"?>
  <!-- Export of tamperdata transacions -->
  <tdRequests>
<tdRequest uri="http%3A//www.super3.cat/flash/xml/data/config.xml"><tdStartTime>10:59:29.471</tdStartTime>
<tdStartTimeMS>1281430769471</tdStartTimeMS>
<tdElapsedTime>0</tdElapsedTime>
<tdTotalElapsedTime>0</tdTotalElapsedTime>
<tdStatus>pending</tdStatus>
<tdStatusText></tdStatusText><tdRequestMethod>GET</tdRequestMethod>
<tdContentSize>unknown</tdContentSize>
<tdMimeType>unknown</tdMimeType>
<tdRequestHeaders>
<tdRequestHeader name="Host">
www.super3.cat</tdRequestHeader>
<tdRequestHeader name="User-Agent">
Mozilla/5.0%20%28Windows%3B%20U%3B%20Windows%20NT%206.0%3B%20es-ES%3B%20rv%3A1.9.2.8%29%20Gecko/20100722%20Firefox/3.6.8%20%28%20.NET%20CLR%203.0.30729%29</tdRequestHeader>
<tdRequestHeader name="Accept">
text/html%2Capplication/xhtml+xml%2Capplication/xml%3Bq%3D0.9%2C*/*%3Bq%3D0.8</tdRequestHeader>
<tdRequestHeader name="Accept-Language">
es-es%2Ces%3Bq%3D0.8%2Cen-us%3Bq%3D0.5%2Cen%3Bq%3D0.3</tdRequestHeader>
<tdRequestHeader name="Accept-Encoding">
gzip%2Cdeflate</tdRequestHeader>
<tdRequestHeader name="Accept-Charset">
ISO-8859-1%2Cutf-8%3Bq%3D0.7%2C*%3Bq%3D0.7</tdRequestHeader>
<tdRequestHeader name="Keep-Alive">
115</tdRequestHeader>
<tdRequestHeader name="Connection">
keep-alive</tdRequestHeader>
<tdRequestHeader name="Cookie">
__utma%3D26837346.1573888360.1281429556.1281429556.1281429556.1%3B%20__utmb%3D26837346.12.10.1281429556%3B%20__utmc%3D26837346%3B%20__utmz%3D26837346.1281429556.1.1.utmcsr%3Dgoogle%7Cutmccn%3D%28organic%29%7Cutmcmd%3Dorganic%7Cutmctr%3Dsuper3</tdRequestHeader>
</tdRequestHeaders><tdPostHeaders></tdPostHeaders>
<tdPostElements>
</tdPostElements>
<tdResponseHeaders></tdResponseHeaders>
</tdRequest>
<tdRequest uri="https%3A//secure.ccrtvi.com/crossdomain.xml"><tdStartTime>10:59:31.973</tdStartTime>
<tdStartTimeMS>1281430771973</tdStartTimeMS>
<tdElapsedTime>0</tdElapsedTime>
<tdTotalElapsedTime>0</tdTotalElapsedTime>
<tdStatus>pending</tdStatus>
<tdStatusText></tdStatusText><tdRequestMethod>GET</tdRequestMethod>
<tdContentSize>unknown</tdContentSize>
<tdMimeType>unknown</tdMimeType>
<tdRequestHeaders>
<tdRequestHeader name="Host">
secure.ccrtvi.com</tdRequestHeader>
<tdRequestHeader name="User-Agent">
Mozilla/5.0%20%28Windows%3B%20U%3B%20Windows%20NT%206.0%3B%20es-ES%3B%20rv%3A1.9.2.8%29%20Gecko/20100722%20Firefox/3.6.8%20%28%20.NET%20CLR%203.0.30729%29</tdRequestHeader>
<tdRequestHeader name="Accept">
text/html%2Capplication/xhtml+xml%2Capplication/xml%3Bq%3D0.9%2C*/*%3Bq%3D0.8</tdRequestHeader>
<tdRequestHeader name="Accept-Language">
es-es%2Ces%3Bq%3D0.8%2Cen-us%3Bq%3D0.5%2Cen%3Bq%3D0.3</tdRequestHeader>
<tdRequestHeader name="Accept-Encoding">
gzip%2Cdeflate</tdRequestHeader>
<tdRequestHeader name="Accept-Charset">
ISO-8859-1%2Cutf-8%3Bq%3D0.7%2C*%3Bq%3D0.7</tdRequestHeader>
<tdRequestHeader name="Keep-Alive">
115</tdRequestHeader>
<tdRequestHeader name="Connection">
keep-alive</tdRequestHeader>
<tdRequestHeader name="Cookie">
_CCRTV_SSO_TICKET_%3DST-11335-UY0ZFeQIum2Nvy4whYsW-cas%3B%20_CCRTV_SSO_SERVICE_%3Dhttp%3A//www.super3.cat/sso/n.jsp%3B%20TGT_SU%3DTGT-11189-kTJ7V6lS4Yfr0XxjxeTSBgKmf2ctSqaGDVeNifqozqPJKnIyYC-cas</tdRequestHeader>
</tdRequestHeaders><tdPostHeaders></tdPostHeaders>
<tdPostElements>
</tdPostElements>
<tdResponseHeaders></tdResponseHeaders>
</tdRequest>
<tdRequest uri="https%3A//secure.ccrtvi.com/su/Register%3FXL_RESPOSTA%3D4600%26hiRegServiceId%3DSP3_REG%26hiServiceId%3DJOC309743325%26hiTarget%3D*.swf%26hiRetrievalXsl%3Dlogin.xsl%26hiRetrieval%3DS%26hiRandom%3D1281430770472%26hiAction%3D62"><tdStartTime>10:59:33.686</tdStartTime>
<tdStartTimeMS>1281430773686</tdStartTimeMS>
<tdElapsedTime>335</tdElapsedTime>
<tdTotalElapsedTime>335</tdTotalElapsedTime>
<tdStatus>200</tdStatus>
<tdStatusText>OK</tdStatusText><tdRequestMethod>GET</tdRequestMethod>
<tdContentSize>141</tdContentSize>
<tdMimeType>text/xml</tdMimeType>
<tdRequestHeaders>
<tdRequestHeader name="Host">
secure.ccrtvi.com</tdRequestHeader>
<tdRequestHeader name="User-Agent">
Mozilla/5.0%20%28Windows%3B%20U%3B%20Windows%20NT%206.0%3B%20es-ES%3B%20rv%3A1.9.2.8%29%20Gecko/20100722%20Firefox/3.6.8%20%28%20.NET%20CLR%203.0.30729%29</tdRequestHeader>
<tdRequestHeader name="Accept">
text/html%2Capplication/xhtml+xml%2Capplication/xml%3Bq%3D0.9%2C*/*%3Bq%3D0.8</tdRequestHeader>
<tdRequestHeader name="Accept-Language">
es-es%2Ces%3Bq%3D0.8%2Cen-us%3Bq%3D0.5%2Cen%3Bq%3D0.3</tdRequestHeader>
<tdRequestHeader name="Accept-Encoding">
gzip%2Cdeflate</tdRequestHeader>
<tdRequestHeader name="Accept-Charset">
ISO-8859-1%2Cutf-8%3Bq%3D0.7%2C*%3Bq%3D0.7</tdRequestHeader>
<tdRequestHeader name="Keep-Alive">
115</tdRequestHeader>
<tdRequestHeader name="Connection">
keep-alive</tdRequestHeader>
<tdRequestHeader name="Cookie">
CHK_COOKIE%3DOK%3B%20JSESSIONID%3DB20446DA99B01C70CA977E9BB01AAC70.app8serv%3B%20_CCRTV_SSO_TICKET_%3DST-11335-UY0ZFeQIum2Nvy4whYsW-cas%3B%20_CCRTV_SSO_SERVICE_%3Dhttp%3A//www.super3.cat/sso/n.jsp%3B%20TGT_SU%3DTGT-11189-kTJ7V6lS4Yfr0XxjxeTSBgKmf2ctSqaGDVeNifqozqPJKnIyYC-cas</tdRequestHeader>
</tdRequestHeaders><tdPostHeaders></tdPostHeaders>
<tdPostElements>
</tdPostElements>
<tdResponseHeaders><tdResponseHeader name="Date">
Tue%2C%2010%20Aug%202010%2008%3A59%3A34%20GMT
</tdResponseHeader>
<tdResponseHeader name="Content-Type">
text/xml%3Bcharset%3DISO-8859-1
</tdResponseHeader>
<tdResponseHeader name="Content-Length">
141
</tdResponseHeader>
<tdResponseHeader name="Keep-Alive">
timeout%3D15%2C%20max%3D100
</tdResponseHeader>
<tdResponseHeader name="Connection">
Keep-Alive
</tdResponseHeader>
</tdResponseHeaders>
</tdRequest>
</tdRequests>



PD: El problema es que yo quiero modificar la pagina web cuando envia los datos config y crossdomain pero solo puedo modificar la cookie.

Debci

Veo cosas interesantes que se podrian hacer por header spoofing...

Saludos

polmp

#2
Cita de: Debci en 11 Agosto 2010, 10:50 AM
Veo cosas interesantes que se podrian hacer por header spoofing...

Saludos

Perdona pero soy muy "noob" en este tema...
No encuentro el significado de header spoofing en español,me podrías ayudar?

Saludos y gracias,

Polmp

Modifico: El programa Modify Headers (complemento para Firefox) podría hacer header spoofing?

Shell Root

Header = Cabecera
Spoofing = Suplantación de Identidad
Por eso no duermo, por si tras mi ventana hay un cuervo. Cuelgo de hilos sueltos sabiendo que hay veneno en el aire.

polmp

Cita de: Shell Root en 11 Agosto 2010, 22:10 PM
Header = Cabecera
Spoofing = Suplantación de Identidad

Perdón por ser tan noob y pesao pero alguien me puede decir algun tuto de como se hace o de algun ejemplo de pagina web.

Saludos y gracias,

Polmp