Front Page Extensions Vulnerabilities - By Rapture
Here's the easy howto on how to change a webpage that has a "problem" in the Frontpage Extensions Permissions. There have been millions and millions of texts written about it and still there are administrators who seem to have zero understanding when it comes to security issues.
This is good for all the newbie hackers because getting a site changed is really cool for them. And hopefully it will inspire them to learn more.
Now for the info you should know: changing a page this way is so simple, you will not gain much respect with it from experienced hackers. That is also how you will distinguish a real hacker from a fakie: if you say you changed the page, and you tell a person you did it by exploiting the Frontpage Extensions permissions, and the person doesn't have a clue what you're talking about, the person is most certainly not a good hacker.
More: by changing a internet page this way, you leave no trace, except for when you go and see the webpage in your browser; that will leave your IP, and like JP (the person everyone should hate) in one of his hacker profiles: check the logs, the hacker will probably view his work, then you'll have a clue of who could've done it.
And it will leave when a file was edited, removed etc. Just not who.
but: GET /_vti_log/author.log If author.log is there it will need to be cleaned to cover your tracks
Just to be sure: get some hacked accounts.
Testing a site for the problem.
What we need: A Win9x/NT comp with a form of Frontpage installed (comes with Internet Explorer 4.0 and up, Frontpage 98, in some versions of Office 2000, Frontpage 2000 loose)
This will also install something called "web folders"
Open up Windows Explorer, in the left tree directory you'll see a map called Web Folders at the bottom of the list. Open that. Double-click add webfolder. Try any site you want to try. Remember to do it in a: www.something.com form. And don't try sites from free webspace providers or referral services: it will not work.
Just try a load of sites you know off.
Some sites will take AGES to be tried. Be patient. Expect waiting times off up to 5 minutes. If it doesn't work, you will get a message saying some error this and that. That's ok. Just try another site.
If it does work, you get to choose a name for the site. Keep it the same as the link, it will be easier later if you have a whole load of sites. :)
What to do after that.
Once you've added a site to your web folders, open up Frontpage and write a lil: "I'm the L33+35+ D00D in Histury, but I dunno how 2 spael" note, and choose: save as. Go to the web folders. Double click the site in our webfolders.
Now, there are four possibilities:
index.htmnormal icon)
index.asp (Some file icon)
default.htm (normal icon)
default.asp (Some file icon)
Just replace them all with your file. :)
Go and check your work, or get a friend to do it for you.
Then if it turns out you succeeded, cheer, and tell everyone you trust about it to show just how cool you are. After all, you're L33+0, right?
Sometimes they'll say: file is read only, open?
Just open it, and edit it.
Sometimes it'll say: could not overwrite: File://xx/xx/something.htm
Just check the site anyways, chances are it worked.