How to Hack the WWWboard Message Board 2.0
written by kM 
www.hackersclub.com/km
05/12/97


How to crack the passwd.txt file.
If you happen to get a hold of this file save it to your hard drive.
I'll explain how to crack it.  
The passwd.txt file contains only 1 user id and 1 encrypted password.
For example: (this is mine) km:aeMkCtJZYkUnI
By Default the id and password are
Username: WebAdmin
Password: WebBoard
Hopefully the webmaster would have changed this...
Once you get this download a copy of John the Ripper (available at the HackerZ Hideout)
You will need to edit the passwd.txt file and make it look like a Unix passwd file.  This file
uses the same encryption scheme that is vulnerable to a dictionary attack.
(Q) What do you mean by edit the passwd.txt file?
(A) Make it look like this...
km:aeMkCtJZYkUnI:275:15:James. "Tiger" Gordon: /usr/email/users/jgordon:/bin/csh
Save the text file and kick off John the Ripper or Cracker Jack to hack the password.
Once you get the password go back to the site in which you got the passwd.txt file and
look at the source html code.  If they use the standard settings you will see a call to
wwwboard.pl or .cgi in there.  If this is true 99% of the time they didn't rename the admin
script which is wwwadmin.pl or .cgi  Use this and jump right in and do your deed.  However
I do suggest if you plan on deleting messages that its *YOUR* responsibility.
  I'm just writing about vulnerability I found.
Copyrighted (C) 1997
by kM 
All rights Reserved