superzanti

You can do that?

Yeah, he runs his own apartments, I haven't actually talked to him yet. It's like a 40 person complex. I think the security is managed through someone else.

Well I just figured out what I was hacking. And I surrendered. It was www.singledigits.net

Wow, that was an awesome reply! Thank you so much. I just wanted to make some updates in case anyone has more ideas http://i.imgur.com/dPanE.png

Do you have any suggestions to point me in the right direction right now?

Before I start, I should mention that this isn't illegal, I was challenged by a good friend of mine because I've been asking him to teach me how to hack. Anyway, here was the challenge: You will connect to a network and be presented with a login page. Upon login your mac address will be recorded and you will have 1 hour of internet access. You're bandwidth will also be capped at 5Mb/s. Your goal is to hack the system to let you stay logged in for longer, and drop the bandwidth cap. Now, I've determined that the router is located at: 10.71.0.1 but typing that in didn't bring me to any router login page. I watched wire-shark for a while while some other people connected, and typed in a few of the IP addresses I saw. Based on what what was there, i'm about 90% sure that this system contains an: HP MSM7xx and it seems to be a wireless access point controller. Then I did some port scans to see if I could find some kind of login page. here are the open ports: 53 81 444 1194 5432 8081 8082 8091 8092 8093 8094 Now, if I go to each of these ports in my browser (10.71.0.1:port) This is what shows up on each 53: N/A webpage not available 81: changes to 10.71.0.1:81/index.asp and displays: "ASP Error IncludeAsp("login_error_message.asp");" 444: N/A No data received 1194: displays: "Access Error: Site or Page Not Found Cannot open URL" 5432: N/A No data received 8081: displays the main login page (the one where you click a button and it gives you an hour of access) 8082: N/A No data received 8091: displays: "-ERR POP3 Please log through your browser first." 8092: displays: "Please log through your browser first." 8093: displays: "421 Service not available. Please log first through HTTP." 8094: displays: "Error Page! Due to the nature of the content, the website you are trying to view is unreachable through this network." Hmm, I checked exploitdb and it didn't give me any results, but it pushed me in a little bit of the right direction, because I started wondering if I even had the right router, or if there might have been some kind of tunnel set up. So, I went through the open ports and started researching them. This is something I typed up real quick: 53 - DNS service 81 - No common found 444 - SNPP 1194 - OpenVPN 5432 - postgres service 8081 - blackice/sunproxy admin 8082 - blackice alerts 8091 - jamlink 8092 - No common found 8093 - No common found 8094 - No common found I then checked a few of them that would be easy to check. For example, I wanted to confirm blackice was running on port 8081 and 8082. So in wireshark, and monitoring 10.71.0.1, I did a search for blackice and got several hits. So I think this confirms that blackice is being used. I didn't find any hits for jamlink or sunproxy. I did get one for postgres pointing to postgres.heroku.com. This is what the scan returned. Looks like I was right about the postgres. As for the others... I'm not to sure. Nmap scan report for wireless.colubris.com (10.71.0.1) Host is up (0.0018s latency). Not shown: 990 closed ports PORT STATE SERVICE VERSION 22/tcp filtered ssh 53/tcp open domain 80/tcp filtered http 81/tcp open tcpwrapped 443/tcp filtered https 444/tcp open tcpwrapped 5432/tcp open postgresql PostgreSQL DB 8.2.6 - 8.2.15 8081/tcp open tcpwrapped 8082/tcp open tcpwrapped 8093/tcp open unknown Okay, so I have no idea what I did, but I ran the scan and got this: [*] Nmap: Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-08-19 17:43 Mountain Daylight Time [*] Nmap: Nmap scan report for wireless.colubris.com (10.71.0.1) [*] Nmap: Host is up (0.0023s latency). [*] Nmap: Not shown: 990 closed ports [*] Nmap: PORT STATE SERVICE [*] Nmap: 22/tcp filtered ssh [*] Nmap: 53/tcp open domain [*] Nmap: 80/tcp filtered http [*] Nmap: 81/tcp open hosts2-ns [*] Nmap: 443/tcp filtered https [*] Nmap: 444/tcp open snpp [*] Nmap: 5432/tcp open postgresql [*] Nmap: 8081/tcp open blackice-icecap [*] Nmap: 8082/tcp open blackice-alerts [*] Nmap: 8093/tcp open unknown [*] Nmap: MAC Address: 00:25:61:91:80:EF (ProCurve Networking by HP) [*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 1.57 seconds Completely lost my leads. I have no idea what I'm doing now. Any thoughts?