|
============================ Hacking Angelfire by f1ber 0pt1k (f1ber_0pt1k@hotmail.com) (http://www.uha1.com) ---------------------------- Introduction Earlier in the year, I found an article on the web that eZoOns wrote about hacking Angelfire. The method of social engineering and method to hack Angelfire was insignificant. I offer you what I think is a better article. Remember this is for educational purposes only and I take no responsibility for what you might do with this information. First Things First Well first you have to get the page that you get right after you login to your Angelfire account. This page is called BEDIT.HTML And a couple lines down from the <html> is their password. <font color=teal>Your page <a href="http://www.angelfire.com/ak2/r00t7/index.html"> http://www.angelfire.com/mi/KrazieBread/index.html </a> has been saved.<br>You may have to click Reload or Super-Reload (Shift+Reload) to see your edited page and not your old version when you go to your URL.<br>You can also announce your new page on <a href="http://homepages.whowhere.com/bin/showpage.pl?add">WhoWhere?</a>, <a href="http://newtoo.manifest.com/"><u>What's New Too!</u></a>, or if you really want to get noticed, go to <a href="http://www.submit-it.com/"><u>Submit It!</u></a><br>Tune up your Web Site at the <a href="http://www.angelfire.com/cgi-bin/ct?ad=websitegarage&vp=/index.clicked&ru=http://www.websitegarage.com/whowhere">Web Site Garage</a>.</font> </td></tr></table></center> <form select method="post" action="http://www.angelfire.com/cgi-bin/bedit"> <input type="hidden" name="storage" value="mi"> <input type="hidden" name="hpd" value="r00t"> <input type="hidden" name="password" value="r00t7"> <-------THE PASSWORD!!! Alright so now you know where the password is, finding the username is a synch because it's in their URL. Http://www.angelfire.com/whatever/USERNAME/ Moving in for the Kill Ok first things first 1.) Find some guy that you want to hack and tell him that you found a bug in IE 4.0 and Netscape Communicator that let's you install keyloggers and packet sniffers on their system through a perl script. 2.) Tell the guy you need his bedit.html page because you need some of the info on there, cause if you don't have it the script won't work. 3.) After he sends u the file get the shit you need...Login, and then from the bedit.html page click change e-mail (don't use your real one) one from Hotmail or something. 4.) Whatever you want to do with the page is your choice, but remember..be mature about it and don't do anything you'll regret later..that line sounded stupid. Conclusion Well I hope you've enjoyed this article. Thanx to eZoOns for discovering this vulnerability in the Angelfire system. And greetz to IllumiTIE, r00t sE7EN, Big Cheese, JellyNuts, Optiklenz, and Godshippy.