NOTE: This manual is in its BETA Stage.
Although, I do not support computer crime, but what if you do break into a system and create havoc with it and leave your IP behind on there logs? Well, the administrator of the victim server would trace your IP (from the system logs) to your ISP. Then he would contact your ISP, requesting your contact details, so that the cops can be sent to arrest you. Your ISP, would not even hesitate to look through their logs and database and will give your contact details to the sysadmin. This would put you in a rather unpleasant position. Right?
Now, wouldn't it be great, if you could somehow edit the database maintained by your ISP, so that your contact details do not point to you or in other words are wrong. Well, this manual teaches you how you can do just that. After reading it, you will probably be easily be able to change your phone number, name, contact address etc etc in your ISP's database.
NOTE: This feature or trick has been tested on a system running Netscape Enterprise with Port 8088 open. It may or may no work with other Web Servers.
Please remember that the security loophole described here is actually a feature and not a vulnerability. You see, Port 8088 usually runs the Netscape Server Administration daemon, which allows the server administrator to look after, edit and manage the account details of the various users. Now, this daemon can easily be used (or rather misused) to edit or change your own account details.
Ok, so how do I know whether my ISP is suspectible or not? Well, simply do a Port Scan and see whether the 8088 port is open or not. More often than not, the open 8088 port signifies that the target machine is suspectible to such exploitation.
For More Info on Port 8088 refer to RFC 1700 and related RFC's.
Ok, my ISP is vulnerable. What do I do now? Well, once you know that your ISP is suspectible, then simply launch your Internet Browser and type the following into the Location bar:
http://www.isp.net:8088/
This might seem to be a weird address. Well, it actually isn't. Read on to understand what a URL in the above format, actually means. Now, a typical URL is as follows:
http://www.abc.com/
Now, here your browser by default knows that it has to connect to Port 80 of the remote system. [Actually the browser knows that it has to connect to Port 80 due to the HTTP preceeding the URL. Thus, instead of http:// if we write ftp:// then the browser would connect to Port 21.) So, it always connects to Port 80 of the server on which the page you requested resides. So in effect, the above URL is same as:
http://www.abc.com:80/
Now, say you want to use your browser to connect to some other Port i.e. a port other than Port 80 which is the default port. Then, instead of 80, type in the Port Number to which you want to connect to. For Example, if you want to connect to Port 79 of www.namitamullick.com, then you would type the following in the location bar of your browser:
http://www.namitamullick.com:79/
Get it?
Anyway, getting back to the point. Once you have connected to Port 8088 of the target machine, then you would probably be greeted by the HTTP Based Authentication Screen. The Screen would contain details like the target machine's name and would ask for a Username and Password. It would typically look like the following:
Site: isp.com
Realm: Netscape Administration
Username:
Password:
Now, this screen asks you to enter the administration Username and Password. But you know them no better than you know the surface of Pluto. So What do you do? Well, simply leave the Username and Password Fields blank and click on OK.
This will bring yet another HTTP Based Authentication Screen on the Screen. It again would contain the same information and would even look the same, except for one part: The Realm Field. It would typically look something like the below:
Site: isp.com
Realm: Unknown Prompt
Username:
Password:
Now, earlier the server we had connected to was asking for the Administration Username and Password, but now, the realm has changed to 'Unknown'. So, let us try typing in our Account's Username and Password. When you do type in your Username and Password, you will be taken to the 'Netscape Server Account' Page.
This 'Netscape Server Account' page is basically a page which allows you to change all your contact details, like your Address, Telephone Number, the name at which your account has been purchased, your title etc etc. Basically it allows you to change almost everything that you filled in, in your ISP registeration form. It also allows you to change your Password. (But that is not of much use, right?)
Well, what actually happened above was that, when you leave the Administration Username and Password fields blank and click on OK, then you are thrown into the Unknown sphere, which allows you access to the Netscape Server Account Page, where you can change your account details.
OK, well, that is all. Hope you found this manual useful. Till the next update, goodbye.
0 comments
Post a Comment