What would one do to potentially fuck up another forum?

meta

Say one wanted to fuck up a certain forum on the internet called Zok...oh wait maybe I should keep that secret for now. But anyway what is a good way to do this?

Dfg

The best was is NOT to do it. The last thing we need now is a war between two forums. Right now focus on contributing and making this place better. You don't need to worry about Zoklet anymore.

Unknown

meta wrote: »

Say one wanted to fuck up a certain forum on the internet called Zok...oh wait maybe I should keep that secret for now. But anyway what is a good way to do this?

Leave it to it's own devices. That place is a dying shitpile, &T.i is where it's at.

KundaLini

You will get this place shut down, this thread, possibly being against the TOS of this host, could actually work against everything anyone wants for this forum.

Anonymous

If you were to potentially 'fuck up' said nonexisting forum, you'd want to get on the Admin account and delete everything and then attempt to lock him out of his own account. (Said unexisting Forum Admin would likely have his email password as his password on the Forum so you could lock him out of that as well.)

After you do this-- You just sit back and watch the flames start.

Numberjumbo

I'm sure any admins of the nonexistant site back it up daily.

v0x

Yea, and the nonexistent admins definitely know how to secure their forum and recover it if anything happens. And attacking this nonexistent forum would be a very bad idea. And this is NS&H, so it's really a bad idea.

For any other forum that is not located at a certain address, there's quite a few ways to get in and wreck havok. First of all we have the forum script itself. It may be vulnerable; many are. Next there's the forum addons. There are tons of these that have vulns. Then think of other scripts on the website; for example, any type of upload script, or any script that allows users to login. If there's no user scripts that you can exploit, try a backend script like cPanel. It may be vulnerable. If there's nothing there, try the HTTP server itself. It may be an outdated version of Apache or IIS that you can compromise. And if that fails, attack the server itself. Hopefully it's running an old, vulnerable daemon of some sort. Anyway, if you've compromised the server, you're pretty much fine. Just use one of many local root exploits and you've owned it. If the process you compromised was running under root/Administrator, then the owner is a complete retard and you're already done. However, if you just compromised a script on the site, you still have a lot of work to do. Since it's a forum, you'll probably have gotten in either by uploading a shell somehow or by an SQL injection. In the former case, you just have to backconnect to your box (or spawn a bindshell is possible), connect, and run a local exploit to get root. If it's via SQLI, things will be more tricky. If the site doesn't have any way to upload a shell, you're kinda screwed. Though many scripts do have upload functionality or an addon that will grant you upload functionality (i.e., Joomla has a file manager addon that you can use to upload a shell), the one that you just compromised might not. You can still get in, and get root, but it'll be very hard. There are ways to upload a shell via SQLI, or input commands via SQLI, but I'm not going to reprint them here. Inputting commands is rarely possible, and there's lots of things that can go wrong with uploading a shell via SQLI. If you do get to this point though, post a new thread about it and I'll answer.

Pacino

DID SOMEONE SAY WAR??

Pandoras Assassin

DOS attack.
Get a forkbomb to there server.