*SWAT MAGAZINE ISSUE ELEVEN: NOVEMBER 1998*
**********************************************************************
|		      .Hacking tripod web sites.	     	     |
|                       By -=The Firestarter=-	    		     |
-----------------------------------------------------------------------

Some of you will remember that SWAT once had it's web site on tripod.
Well the pages can be hacked very easily. Simply by exploiting a
hole they have provided as an aid to password recovery. Ok if you go
to there password retrival section you will see that it tells you
something along the lines of "if you've changed your e-mail address and
forgotten your password send your info to bollox@tripod.com" or some-
thing along those lines. Well let's first have a look at what you need.
1: User name, that's members.tripod.com/~username
2: There name
3: there e-mail address
4: your new e-mail adress.

Ok so just find a site on tripod, doesn't matter what one. Let's assume
http://members.tripod.com/~test Ok so you know his username is test. 
Now go to there member search and type it in at the apropriate field, 
now hit search. You will be presented with his name and e-mail address
(you will have had if it's there). But what if they don't have there 
name listed? just send them an e-mail with questions regarding there 
site, when (if) they reply you'll have there name, it's likely that 
they used the same one when signing up. Now just e-mail tripod with 
some realistic looking plea for you password. And in a few days it's 
yours. Now I never change the passwords or delete the pages, just 
rename "index.html" to "index.old" and upload something in it's place, 
no harm done. I have also sucesfuly got passwords without the name, I
just told them that I made up most of the details when signing up.