Ал                       Ал
                          ом  Бл                       Ал    Ал
           млл лм Бл  ВлАллллпАл ммм  Бл мм млллмАлппплАл  Ал
          лл  А ллБл  Бл  лл  БллппплмБллппАлмммп    АлАллл
          лл А  ллБл  Бл  лл  Бл    АлБл   Алм   АмлпплАл  Ал
           пл ллп  Аллл   пллмАлпллллпБл    АлллпАлммлВАл    Ал
               Outbreak Magazine Issue #9 - Article 8 of 14
           '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'

frontpage98 exploit
===================
by: foned


ok this is the _vti_pvt exploit in front page made pages.

The way this works is microsoft frontpage doesnt CHMOD the _vti_pvt directory
to disallow visitors thus giving you access to stored passwords to the logins 
on the page.

theres two ways you can start.
1) Find a page you want to exploit and go to www.thepage.com/_vti_pvt
(this way will not always work.)
2) Go to a big search engine ( i.e. google, yahoo.) and search for 
"directory of _vti_pvt" service.pwd (or *.pwd or just .pwd) -12k
( "directory of _vti_pvt" service.pwd -12k )

This will search every website that is in the database of the search engine 
and give you the results. (incase you didnt know...) when you get the results 
visit the pages and check any .pwd file there is. it should have 
' login:aslkj52345 <-- password (encrypted) usually standard des i have encounterd 
md5 but i think those were fakes if i remember right. take that little thing 
login:aslkj52345 and run it threw John the Ripper and see if anything cracks. 
if so you should have ftp access to the site to change just about anything.

Well anyway now you can be an ejeet hax0r and impress your friends with your new 
found knowledge. Dont complain that it doesnt work because its kind of an old 
exploit. its from frontpage 98 and not too many people use that any more. dont get 
me wrong you can still find some but it might take some work and im not too sure 
its worth it.

-foned-  -=- foned@spasm.org -=-