SWAT MAGAZINE ISSUE FOURTEEN: FEBRUARY 1999
============================================
All You Need To Know About Hacking WWW Boards
============================================
Author : Netw0rk Bug
E-Mail : bug@netw0rk.freeserve.co.uk
Date : February 98
============================================




For all you newbies out there this is one of the easiest hacks there 
is for you to do...  Its very simple indeed
I am going to tell you how to hack a WWW BOARD

What is a WWW board you might ask????

Well a wwwboard is a place in the net where people are able to discuss stuff,
kinda like a news group which you can look at with your bog standard web browser.
If you want to see such a nice wwwboard, then go to www.infoseek.com or any other 
search engine and search for the word "wwwboard"
In the most times the wwwboard file is called wwwboard.htm or .html

The basic principle of hacking a WWW board is to first of all find one.
Get the password file and then crack it to enable you to gain access.


Most of the time the password file is in the
same directory where the wwwboard.html file is
located. Just got to your browser and change 

http://www.target.com/wwwboard/wwwboard.html
to
http://www.target.com/wwwboard/password.txt
if you have no result...try to change it into
passwd.txt or only passwd.
You should be able to get the file...


If you look at the file you should see something like..

fosteraaa:GwcgBF4reI8e7   
\       / \          /
username  crypted password


I recommend that you get a few  wwwboard passwords and put
them into one file and crack tham all at once.


I then reccommend that you crack the file using John The Ripper.
Its homepage is:

http://www.false.com/security/john/

I may write a tutorial on using JTR in the near future

f you have cracked the passwords successfully then reconnect to the net.
To use the password you need to find the admin
programm which is usually stored in the cgi-bin
directory. It is usually called: wwwadmin.pl or 
wwwadmin.cgi. You just click on it in your browser
If you are not able to get to it then try another 
WWWboard.


You are now in control of that WWWboard.
Do with it  what ever you wish,
But please don't totally trash it,
You should really report it to the sys admin