|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 77
Members: 0
Total: 77
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Is the forum I'm trying to hack vulerable ? |
|
Posted: Tue Jun 09, 2009 11:34 am |
|
|
Paulaxe |
Regular user |
|
|
Joined: Jun 08, 2009 |
Posts: 20 |
|
|
|
|
|
|
|
I'm a noobe at this and I've been trying to hack a specific forum, I tried first with a PERL hack for IPB 2.1.7 which didn't work and I later found out because the forum I was hacking was no longer vulnerable to that.
Since then I tried the PHP 2.3.5 vulnerability but it appears that it's not vulerable though I was getting a lot of error messages when trying with PHP so I'm not sure if I can say 100% that the forum is not vulnerable.
Would someone more used to this be able to check for me if it's vulnerable or not ?
The forum is www.****.com
Thanks in advance anyone who is willing to try this
[[ edited by waraxe - don't post sensitive information! ]] |
|
|
|
|
Posted: Tue Jun 09, 2009 2:18 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
Posted: Tue Jun 09, 2009 4:54 pm |
|
|
Paulaxe |
Regular user |
|
|
Joined: Jun 08, 2009 |
Posts: 20 |
|
|
|
|
|
|
|
Thanks Waraxe, it's working a treat picking up hashes and salts no probs. Youre the man |
|
|
|
|
Posted: Wed Jun 10, 2009 8:48 am |
|
|
Paulaxe |
Regular user |
|
|
Joined: Jun 08, 2009 |
Posts: 20 |
|
|
|
|
|
|
|
I have around 200 hash's and salt's from the IPB and I'm now running them through PasswordPro using the
MD5(MD5($SALT).MD5($PASS))
equation but after 24 hours Passwordpro hasn't hacked one yet on another thread on the forum where I posted the first 10 or so hash's to see if someone could crack them I was getting the correct answers in a matter of minutes
I'm using the brute force attack with the standard Passwordpro 2.5.1.1 download.
What do I need to do to speed things up ? I'm guessing that I need another kind of attack or I should be downloading dictionaries or something |
|
|
|
|
Posted: Wed Jun 10, 2009 9:41 am |
|
|
ZiPo |
Advanced user |
|
|
Joined: Jul 08, 2008 |
Posts: 86 |
|
|
|
|
|
|
|
First try dictionary, then experiment with other options. Dictionary is the fastest way You can download some dictionary for passwordpro from their web site, but you can also generate your own dictionary with PasswordPro from txt files. |
|
|
|
|
Posted: Wed Jun 10, 2009 10:31 am |
|
|
Paulaxe |
Regular user |
|
|
Joined: Jun 08, 2009 |
Posts: 20 |
|
|
|
|
|
|
|
ZiPo wrote: | First try dictionary, then experiment with other options. Dictionary is the fastest way You can download some dictionary for passwordpro from their web site, but you can also generate your own dictionary with PasswordPro from txt files. |
Thanks ZiPo |
|
|
|
|
Posted: Fri Jun 12, 2009 7:51 am |
|
|
Paulaxe |
Regular user |
|
|
Joined: Jun 08, 2009 |
Posts: 20 |
|
|
|
|
|
|
|
The exploit worked on one of the forums I was trying to get into but 3 others I'm trying have been patched.
Are there any other methods available for hacking patched forums or are they unhackable ?
TIA |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|