 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
PhpNuke cookies manual crafting HowTo |
 |
 Posted: Tue May 25, 2004 10:24 pm |
 |
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
 |
|
 |
|
PhpNuke cookies manual crafting HowTo
Step-by-step tutorial by waraxe
Well, let's start with some preparation work.
1. Get target password's md5 hash - in this tutorial it's 098f4bcd4621d373caae4e832628b4f6
2. You need to know target's "aid" - means "author's id". I assume, that "aid" can be gathered
by same way, as md5 hash - thrugh sql injections or xss cookietheft. In current tutorial
admin has "aid" - "mranderson".
3. You must have a properly working and configured Mozilla browser.
Now, let's move further. I assume, you already know where Mozilla's cookies are located. I have WindowsXP Home Edition and logged-in with username "nobody", so cookie file is located in folder:
C:\Documents and Settings\nobody\Application Data\Mozilla\Profiles\[some subfolders]\cookies.txt
Cookie file manual editing is dangerous, so beware. I suggest to make the backup first.
Next, I assume that you already have an account on target server. Go to login page, enter your username and password and log in.
Don't log out! And close Mozilla browser!! It's is very important!!!!!!!
Open "cookies.txt" and try to find cookie, which belongs to target server and named something like
"user". So, you can see long textline similar to this:
www.target.com FALSE / FALSE 1114433252 user NTgwOndhcmF4ZTozOTc5Yzf0MjQzZmFkY2MwpjBkYjk2YjdmZGQ0Y2FhMzoxMDo6MDowOjA6MDo6NDA5Ng%3D%3D
Ok, its time for the actual handwork - go to online base64 encoder at url:
http://base64-encoder-online.waraxe.us/base64/base64-encoder.php
and enter to query box actual "aid" and md5 hash, joined together with ":" (colon).
Example:
mranderson:098f4bcd4621d373caae4e832628b4f6
Now click "Encode" and you will see base64encoded string, in case of our example:
bXJhbmRlcnNvbjowOThmNGJjZDQ2MjFkMzczY2FhZTRlODMyNjI4YjRmNg==
If there are some "=" chars in the end, replace them with "%3D", so we will get this:
bXJhbmRlcnNvbjowOThmNGJjZDQ2MjFkMzczY2FhZTRlODMyNjI4YjRmNg%3D%3D
And next look up once again to Mozilla's cookie file - u saw this before -
www.target.com FALSE / FALSE 1114433252 user NTgwOndhcmF4ZTozOTc5Yzf0MjQzZmFkY2MwpjBkYjk2YjdmZGQ0Y2FhMzoxMDo6MDowOjA6MDo6NDA5Ng%3D%3D
So, replace "user" with "admin" and previous base64encoded string with the new one you just encoded.
Final result in our example will be something like this:
www.target.com FALSE / FALSE 1114433252 admin bXJhbmRlcnNvbjowOThmNGJjZDQ2MjFkMzczY2FhZTRlODMyNjI4YjRmNg%3D%3D
Thats all - save cookiefile changes, fire up Mozilla and see for yourself - mission is complete!
Any feedback is welcome! |
|
|
|
|
|
|
cc |
|
| Posted: Wed May 26, 2004 2:49 pm |
|
|
| SteX |
| Advanced user |
 |
|
| Joined: May 18, 2004 |
| Posts: 181 |
| Location: Serbia |
|
|
|
|
|
|
Tutorial is Great..I am trying to do this for months ,but never works..
A never replace "=" with "%3D" ..
Keep working waraxe..
P.S :Where did you learn all this stuffs..??  |
|
_________________
We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
------------------------------------------------------- |
|
|
|
| Posted: Wed May 26, 2004 3:27 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
Well, im kinda dedicated self-learner. As long as i remember myself,
im always interested in any new knowledge and experience. My area
of interests does not end with IT, it includes many more stuff - like chemistry,
astronomy, cosmology, gene engineering, molecular nanotechnology and
many-many more sciences/technologies... |
|
|
|
|
|
Re: cc |
|
| Posted: Sat May 29, 2004 1:14 am |
|
|
| 5y573m f41lur3 |
| Regular user |
 |
|
| Joined: May 25, 2004 |
| Posts: 9 |
|
|
|
|
|
|
|
| SteX wrote: | Tutorial is Great..I am trying to do this for months ,but never works..
A never replace "=" with "%3D" ..
Keep working waraxe..
P.S :Where did you learn all this stuffs..?? |
You gotta keep always learning and learning... And by thirsty for knowledge... You gotta learn programming and how things works.... |
|
|
|
|
| Posted: Sun May 30, 2004 11:30 pm |
|
|
| Shradnag |
| Beginner |
|
|
| Joined: May 28, 2004 |
| Posts: 2 |
| Location: Earth |
|
|
|
|
|
|
| It seems like many people who visit this site are not native speekers of English. |
|
|
|
|
| Posted: Fri Jun 04, 2004 3:12 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| Are you sure, that phpnuke version, you use, is not somehow patched against this sploiting? Coz many people reported about successfull tests of my tutorial. But ~10% tests fail. I dont now why, coz for me its working any time... |
|
|
|
|
|
Don?t work... |
|
| Posted: Thu Jun 24, 2004 3:58 pm |
|
|
| SpnFury |
| Beginner |
|
|
| Joined: Jun 24, 2004 |
| Posts: 1 |
|
|
|
|
|
|
|
| Hi waraxe, i tryed to modify a cookie created with php-nuke, but don?t works... When i go to preferences menu of mozilla and i go to cookies the cookie of the site hasnt modified... why? plz help |
|
|
|
|
| Posted: Fri Jun 25, 2004 9:18 am |
|
|
| terrible one |
| Regular user |
|
|
| Joined: Jun 25, 2004 |
| Posts: 10 |
|
|
|
|
|
|
|
| is it possible to download that program u put the code into? or the source codes? |
|
|
|
|
| Posted: Tue Jun 29, 2004 5:35 pm |
|
|
| Jeruvy |
| Regular user |
|
|
| Joined: Jun 17, 2004 |
| Posts: 6 |
|
|
|
|
|
|
|
I wonder if this may be the reason...
if (!defined('ADMIN_PAGES')) { header('Location: ../../'); exit; }
J. |
|
|
|
|
| Posted: Fri Jul 23, 2004 2:04 pm |
|
|
| maxhak2000 |
| Beginner |
|
|
| Joined: Jul 23, 2004 |
| Posts: 1 |
|
|
|
|
|
|
|
thanks a lot....
but which version of Mozilla should i use,for this? |
|
|
|
|
|
a |
|
| Posted: Fri Jul 23, 2004 8:56 pm |
|
|
| SteX |
| Advanced user |
|
|
| Joined: May 18, 2004 |
| Posts: 181 |
| Location: Serbia |
|
|
|
|
|
|
I use Mozilla Firefox 0.8 ..  |
|
_________________
We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
------------------------------------------------------- |
|
|
|
| Posted: Fri Aug 27, 2004 1:26 am |
|
|
| Dark Dragon |
| Regular user |
 |
|
| Joined: Aug 26, 2004 |
| Posts: 11 |
|
|
|
|
|
|
|
err, is the persons aid the same as the persons user name??
*Feals like a n00B* |
|
|
|
|
|
a question plz |
|
| Posted: Sun Aug 29, 2004 3:21 am |
|
|
| Egy_Lover |
| Beginner |
|
|
| Joined: Aug 29, 2004 |
| Posts: 2 |
|
|
|
|
|
|
|
thanks alot waraxe.... 
but i have a problem with that, the aid is not in English and my browser can't read it! that's my problem....
how can i copy and paste it to be encoded?? |
|
_________________
I will make you smile again. |
|
|
|
| Posted: Sun Sep 19, 2004 8:49 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
In phpbb and phpnuke there are mainly 2 choices to obtain md5 hashes.
1 - XSS - victim must click on specific link or tricked somehow to trigger
cross site scripting conditions and to steal cookie with md5 hash inside.
There can be possibilities to script injection to forum posts/U2U messages
and other places.
2 - SQL Injection - you can get arbitrary md5 hash directly from database,
if you are lucky to find phpbb/phpnuke installation with not patched sql injection holes and IF union functionality is enabled (mysql version >= 4.x). |
|
|
|
|
| Posted: Thu Dec 08, 2005 1:35 pm |
|
|
| IGNOR3 |
| Regular user |
 |
|
| Joined: Nov 05, 2005 |
| Posts: 6 |
|
|
|
|
|
|
|
It didn't work for me... do you have another way??
Specialy for PHP-NUKE 7.8 |
|
|
|
|
www.waraxe.us Forum Index -> PhpNuke
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 2
Goto page 1, 2Next
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 149
Members: 0
Total: 149
