kestas.kuliukas.com

A video of what hacking is; a basic attack on some forum software

What is this?

This is a video I made three years ago in 2007 of an attack against the Perl forum software YaBB 2.1 for a layperson, extending an existing software problem, which lets you become forum admin, with another software problem I found, to be able to execute your own Perl code as the server's www account.

I didn't publish this at the time because, as I demonstrate in the video, the vulnerability was very widespread, and this is absolutely not intended as a "how-to" video.

I even briefly thought about writing a worm which would attack a YaBB 2.1 forum, fix the bugs, then search for other YaBB forums to attack and fix, and eventually disabling itself. This is a legal and ethical gray area though, so I played it safe and waited.


Why share it?

Although "hacking" is a very diverse area it's hugely misunderstood (largely thanks to Hollywood), and this video can hopefully give a glimpse of what it's really "about":


Disclaimers


Download

Download YaBBattack.wmv


See also

Webkit; another article I wrote on web-server security, aimed at a more advanced audience and PHP rather than Perl, with a focus on maintaining your position on the server after the initial attack.