Waraxe IT Security Portal

ilrb2 · Regular user

mostly for the purpose of education though i would like to crack one pass. so i have passwordspro, access to the ftp and cpanel, and i would like access to the admin's account (mostly the admincp). i've tried searching but i'm afraid i don't know much about this stuff. so say i have a site, www.example.net, which is a vbull site. what would i do step by step? so far, i went to www.example.net/admincp.php and clicked on "view page source." i searched and found this:

waraxe · Site admin

You have access to target's ftp? Can you upload arbitrary php scripts? Can you download files from target webroot? Then download config file, get mysql credentials, write simple mysql dumping script and fetch user table with all the pasword hashes and salts.
And how about phpmyadmin? Is it present? If so, then obtain mysql credentials and then use phpmyadmin.

ilrb2 · Regular user

yeah, i have access to ftp and cpanel. but could you maybe explain all this a little better? which scripts would i upload and where? and what's "downloading files from target webroot," is it downloading ftp files? and this part "Then download config file, get mysql credentials, write simple mysql dumping script and fetch user table with all the pasword hashes and salts." makes no sense to me, sorry. you wouldn't happen to have links to anything that might explain these things better?

waraxe · Site admin

OK, use ftp, search for file "config.php" and download it. This file contains database name, mysql username and password. When you have this info, let me know and i will show you next step.

ilrb2 · Regular user

i think it's:

dbname: skatespo_skatespot
username: skatespo_patrick
pass: patrick

does that look right? i don't know if it's the myslq user/pass cause it says $config['MasterServer']['username'] = 'skatespo_patrick'

waraxe · Site admin

Good. Now try to locate phpmyadmin. Log in to Cpanel and look for phpmyadmin link. Click it. Next you will need username and password ... which you allready have Smile

If you will get inside phpmyadmin, be very careful. One careless click can destroy entire database!

ilrb2 · Regular user

well, i could've just gone directly there. well, i'm in it, what now?

waraxe · Site admin

Don't you know phpmyadmin basics? Select needed database (left-upper corner), then in left you will see table names. Look for users table. Click it. Next you can browse user rows and copy-paste needed info (username,hash,salt). Or better choice is "Export", so you can have all userdata at once.

ilrb2 · Regular user

i really don't, i never needed to use it as an admin. i can't find a user table or user rows. could it be named something different?

i did click on users and find "password" in a list. when i view it, i get a two columns, one says "rows" and usually has the number 1 and the other says "password" and has what i think is a hash. stuff like this: 00b49815e3d1bcf7f0237926d2bf7b8b.

is this it? it doesn't say the usernames or salts though.

EDIT: nvm, i think i found it all. what kind of hash would it be? it says "+#r" but i don't know what to put for type of hash.

anyway, i'm gonna have passwordspro run but i guess i'll also ask for someone on here to try. thanks for the help.

tooth · Beginner

If your trying to crack the pass it going to be here in the red color

INSERT INTO `user` VALUES(1, 6, '', 0, 'admin', 'df6e986e01d8bef78787wb3731ed47',

After you export the user table.. or however u decided to get the data from it

ilrb2 · Regular user

well, i just copy/pasted to passwordspro. what do you mean by "insert into user values?"

nick · Beginner

I find it funny how this is Newbies corner, yet none of the questions/answers seem to answer my basic question of the first step in this elaborate process.

How would I get the password/password hash. I don't have FTP access to the server, and my privileges are that of a normal user. There's got to be some way that I can do this remotely without having to jack the site FTP or something. I don't mind researching a bit. I just need some pointers in the right direction. So far all of the knowledge base I've found has pertained to what to do with the password and methods of cracking the MD5 hash, so I'm a little lost on what to search for. Phishing is a possibility, though I'd rather not have to resort to that, since it's chance of working is minimal due to the targets being likely more proficient in computing than I am.

ZiPo · Advanced user

Well for start i would examine that web site.

Try to find as much as you can for that site, applications that are running there, components/modules/plugins installed for that application. Any javascript. Search for forms, queries. Try to find a little bit about members that are responsible for running the site. Basicly any info that you can get will put you one step closer to your goal. Then google as much info as you can about stuff you finded. Try to search about vulnerabilities for the specific application/module...whatever. Most importantly try to understand specific vulnerability. It will be hard in the begining...hell it will be hard later too, but hacking is a game of patience, persistance and sometimes really good nerves Wink

I hope that this is what you was looking for. if you wanted to know on how to hack specific site, nobody will help you there, well maybe they will, but then as specific questions and you just may get the answers.

P.S. Sorry for my English, it's not my native language, but i hope you understand what i wanted to say.

Good luck and Have Fun Smile

nick · Beginner

Yeah, it's a start.

More specifically, is there a way to intercept log-in information without altering files on the actual server? This is the latest version of vBulletin if it helps.