Waraxe IT Security Portal
Login or Register
November 24, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 59
Members: 0
Total: 59
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpNuke -> PhpNuke cookies manual crafting HowTo Goto page 1, 2Next
Post new topicReply to topic View previous topic :: View next topic
PhpNuke cookies manual crafting HowTo
PostPosted: Tue May 25, 2004 10:24 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




PhpNuke cookies manual crafting HowTo

Step-by-step tutorial by waraxe


Well, let's start with some preparation work.

    1. Get target password's md5 hash - in this tutorial it's 098f4bcd4621d373caae4e832628b4f6

    2. You need to know target's "aid" - means "author's id". I assume, that "aid" can be gathered
    by same way, as md5 hash - thrugh sql injections or xss cookietheft. In current tutorial
    admin has "aid" - "mranderson".

    3. You must have a properly working and configured Mozilla browser.

Now, let's move further. I assume, you already know where Mozilla's cookies are located. I have WindowsXP Home Edition and logged-in with username "nobody", so cookie file is located in folder:

C:\Documents and Settings\nobody\Application Data\Mozilla\Profiles\[some subfolders]\cookies.txt

Cookie file manual editing is dangerous, so beware. I suggest to make the backup first.

Next, I assume that you already have an account on target server. Go to login page, enter your username and password and log in.
Don't log out! And close Mozilla browser!! It's is very important!!!!!!!

Open "cookies.txt" and try to find cookie, which belongs to target server and named something like
"user". So, you can see long textline similar to this:

www.target.com FALSE / FALSE 1114433252 user NTgwOndhcmF4ZTozOTc5Yzf0MjQzZmFkY2MwpjBkYjk2YjdmZGQ0Y2FhMzoxMDo6MDowOjA6MDo6NDA5Ng%3D%3D

Ok, its time for the actual handwork - go to online base64 encoder at url:

http://base64-encoder-online.waraxe.us/base64/base64-encoder.php

and enter to query box actual "aid" and md5 hash, joined together with ":" (colon).
Example:

mranderson:098f4bcd4621d373caae4e832628b4f6

Now click "Encode" and you will see base64encoded string, in case of our example:

bXJhbmRlcnNvbjowOThmNGJjZDQ2MjFkMzczY2FhZTRlODMyNjI4YjRmNg==

If there are some "=" chars in the end, replace them with "%3D", so we will get this:

bXJhbmRlcnNvbjowOThmNGJjZDQ2MjFkMzczY2FhZTRlODMyNjI4YjRmNg%3D%3D


And next look up once again to Mozilla's cookie file - u saw this before -

www.target.com FALSE / FALSE 1114433252 user NTgwOndhcmF4ZTozOTc5Yzf0MjQzZmFkY2MwpjBkYjk2YjdmZGQ0Y2FhMzoxMDo6MDowOjA6MDo6NDA5Ng%3D%3D

So, replace "user" with "admin" and previous base64encoded string with the new one you just encoded.
Final result in our example will be something like this:

www.target.com FALSE / FALSE 1114433252 admin bXJhbmRlcnNvbjowOThmNGJjZDQ2MjFkMzczY2FhZTRlODMyNjI4YjRmNg%3D%3D

Thats all - save cookiefile changes, fire up Mozilla and see for yourself - mission is complete!

Any feedback is welcome!
View user's profile Send private message Send e-mail Visit poster's website
cc
PostPosted: Wed May 26, 2004 2:49 pm Reply with quote
SteX
Advanced user
Advanced user
Joined: May 18, 2004
Posts: 181
Location: Serbia




Tutorial is Great..I am trying to do this for months ,but never works..
A never replace "=" with "%3D" ..
Keep working waraxe..
P.S :Where did you learn all this stuffs..?? Smile

_________________

We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
-------------------------------------------------------
View user's profile Send private message
PostPosted: Wed May 26, 2004 3:27 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Well, im kinda dedicated self-learner. As long as i remember myself,
im always interested in any new knowledge and experience. My area
of interests does not end with IT, it includes many more stuff - like chemistry,
astronomy, cosmology, gene engineering, molecular nanotechnology and
many-many more sciences/technologies...
View user's profile Send private message Send e-mail Visit poster's website
Re: cc
PostPosted: Sat May 29, 2004 1:14 am Reply with quote
5y573m f41lur3
Regular user
Regular user
Joined: May 25, 2004
Posts: 9




SteX wrote:
Tutorial is Great..I am trying to do this for months ,but never works..
A never replace "=" with "%3D" ..
Keep working waraxe..
P.S :Where did you learn all this stuffs..?? Smile


You gotta keep always learning and learning... And by thirsty for knowledge... You gotta learn programming and how things works....
View user's profile Send private message
PostPosted: Sun May 30, 2004 11:30 pm Reply with quote
Shradnag
Beginner
Beginner
Joined: May 28, 2004
Posts: 2
Location: Earth




It seems like many people who visit this site are not native speekers of English.
View user's profile Send private message
PostPosted: Fri Jun 04, 2004 3:12 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Are you sure, that phpnuke version, you use, is not somehow patched against this sploiting? Coz many people reported about successfull tests of my tutorial. But ~10% tests fail. I dont now why, coz for me its working any time...
View user's profile Send private message Send e-mail Visit poster's website
Don?t work...
PostPosted: Thu Jun 24, 2004 3:58 pm Reply with quote
SpnFury
Beginner
Beginner
Joined: Jun 24, 2004
Posts: 1




Hi waraxe, i tryed to modify a cookie created with php-nuke, but don?t works... When i go to preferences menu of mozilla and i go to cookies the cookie of the site hasnt modified... why? plz help
View user's profile Send private message
PostPosted: Fri Jun 25, 2004 9:18 am Reply with quote
terrible one
Regular user
Regular user
Joined: Jun 25, 2004
Posts: 10




is it possible to download that program u put the code into? or the source codes?
View user's profile Send private message
PostPosted: Tue Jun 29, 2004 5:35 pm Reply with quote
Jeruvy
Regular user
Regular user
Joined: Jun 17, 2004
Posts: 6




I wonder if this may be the reason...

if (!defined('ADMIN_PAGES')) { header('Location: ../../'); exit; }

J.
View user's profile Send private message
PostPosted: Fri Jul 23, 2004 2:04 pm Reply with quote
maxhak2000
Beginner
Beginner
Joined: Jul 23, 2004
Posts: 1




thanks a lot....
but which version of Mozilla should i use,for this?
View user's profile Send private message
a
PostPosted: Fri Jul 23, 2004 8:56 pm Reply with quote
SteX
Advanced user
Advanced user
Joined: May 18, 2004
Posts: 181
Location: Serbia




I use Mozilla Firefox 0.8 .. Laughing

_________________

We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
-------------------------------------------------------
View user's profile Send private message
PostPosted: Fri Aug 27, 2004 1:26 am Reply with quote
Dark Dragon
Regular user
Regular user
Joined: Aug 26, 2004
Posts: 11




err, is the persons aid the same as the persons user name??


*Feals like a n00B*

_________________
Coding Support Central
View user's profile Send private message
a question plz
PostPosted: Sun Aug 29, 2004 3:21 am Reply with quote
Egy_Lover
Beginner
Beginner
Joined: Aug 29, 2004
Posts: 2




thanks alot waraxe.... Very Happy

but i have a problem with that, the aid is not in English and my browser can't read it! that's my problem....

how can i copy and paste it to be encoded??

_________________
I will make you smile again.
View user's profile Send private message
PostPosted: Sun Sep 19, 2004 8:49 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




In phpbb and phpnuke there are mainly 2 choices to obtain md5 hashes.
1 - XSS - victim must click on specific link or tricked somehow to trigger
cross site scripting conditions and to steal cookie with md5 hash inside.
There can be possibilities to script injection to forum posts/U2U messages
and other places.
2 - SQL Injection - you can get arbitrary md5 hash directly from database,
if you are lucky to find phpbb/phpnuke installation with not patched sql injection holes and IF union functionality is enabled (mysql version >= 4.x).
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Thu Dec 08, 2005 1:35 pm Reply with quote
IGNOR3
Regular user
Regular user
Joined: Nov 05, 2005
Posts: 6




It didn't work for me... do you have another way??

Specialy for PHP-NUKE 7.8
View user's profile Send private message
PhpNuke cookies manual crafting HowTo
www.waraxe.us Forum Index -> PhpNuke
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 2
Goto page 1, 2Next
Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.046 Seconds