 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
version phpbb? |
 |
 Posted: Sun Aug 03, 2008 6:04 pm |
 |
|
| Harold |
| Regular user |
 |
|
| Joined: Aug 03, 2008 |
| Posts: 17 |
|
|
|
 |
|
 |
|
If I want to hack a forum, how do i know which version it is? Even better: Is there a complete tutorial sopmewhere/on this forum?
If you want I can give u the link to the forums.
Thanks and greetz
Harold |
|
|
|
|
|
Re: version phpbb? |
|
| Posted: Sun Aug 03, 2008 7:11 pm |
|
|
| x3roconf_ |
| Advanced user |
|
|
| Joined: May 01, 2008 |
| Posts: 101 |
|
|
|
|
|
|
|
| Harold wrote: | If I want to hack a forum, how do i know which version it is? Even better: Is there a complete tutorial sopmewhere/on this forum?
If you want I can give u the link to the forums.
Thanks and greetz
Harold |
Check /forum_path/docs/CHANGELOG.html to get version number.  |
|
|
|
|
| Posted: Sun Aug 03, 2008 7:56 pm |
|
|
| Harold |
| Regular user |
|
|
| Joined: Aug 03, 2008 |
| Posts: 17 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Sun Aug 03, 2008 8:14 pm |
|
|
| lenny |
| Valuable expert |
 |
|
| Joined: May 15, 2008 |
| Posts: 275 |
|
|
|
|
|
|
|
| In that case it is rather difficult to get the version number short of actually asking the admin |
|
|
|
|
| Posted: Sun Aug 03, 2008 8:17 pm |
|
|
| oniric |
| Advanced user |
|
|
| Joined: Jul 24, 2008 |
| Posts: 65 |
|
|
|
|
|
|
|
| Maybe with some sort of fingerprinting automated software but I don't know if one exists for phpBB2. |
|
|
|
|
| Posted: Sun Aug 03, 2008 8:57 pm |
|
|
| Harold |
| Regular user |
|
|
| Joined: Aug 03, 2008 |
| Posts: 17 |
|
|
|
|
|
|
|
| Or i'll just try exploits for all versions. But I totally don't understand anything from this, so is there a tutorlial somewhere? |
|
|
|
|
| Posted: Mon Aug 04, 2008 10:23 am |
|
|
| lenny |
| Valuable expert |
|
|
| Joined: May 15, 2008 |
| Posts: 275 |
|
|
|
|
|
|
|
No, but its relatively easy - Just don't make a habit of it, and don't do it for the sake of it. That would be a script kiddie, which are severley disliked in the security community.
Anyway, what you have to do is search and research exploits for the specific version of the software you are targeting (in this case phpBB). Once you have an explot, it may come in several formats/languages. Find the format of the exploit (should be relatively easy, look for givaways), for example perl. Download and install perl (or whatever language processor is required) , and execute the exploit using "perl <path to exploit". To put it simply, download it and execute it. |
|
|
|
|
|
|
|
|
| Posted: Tue Aug 05, 2008 12:51 pm |
|
|
| Harold |
| Regular user |
|
|
| Joined: Aug 03, 2008 |
| Posts: 17 |
|
|
|
|
|
|
|
Ok, I want to try exploits for all Phpbb versions now, but if I activate an exploit in cmd (exploit is .pl, is in the bin map of perl) it asks wich program. How do I set the .pl to perl? So I can activate the exploit in dos?
btw can you see if www.ninyou.nl/forum really is phpbb2?
Thanks! |
|
|
|
|
| Posted: Tue Aug 05, 2008 1:01 pm |
|
|
| oniric |
| Advanced user |
|
|
| Joined: Jul 24, 2008 |
| Posts: 65 |
|
|
|
|
|
|
|
| Mmm, just looked better at it, filenames and dirnames stuff too, and.. I don't think it's phpbb ^^ Maybe WBB |
|
|
|
|
| Posted: Tue Aug 05, 2008 2:02 pm |
|
|
| Harold |
| Regular user |
|
|
| Joined: Aug 03, 2008 |
| Posts: 17 |
|
|
|
|
|
|
|
| Yes! I just found it, it is WBB indeed. Does that work with versions and expoloits too? |
|
|
|
|
| Posted: Tue Aug 05, 2008 2:10 pm |
|
|
| oniric |
| Advanced user |
|
|
| Joined: Jul 24, 2008 |
| Posts: 65 |
|
|
|
|
|
|
|
| Search milw0rm.com for spoits. |
|
|
|
|
| Posted: Tue Aug 05, 2008 2:14 pm |
|
|
| Harold |
| Regular user |
|
|
| Joined: Aug 03, 2008 |
| Posts: 17 |
|
|
|
|
|
|
|
| I serached for WBB and found 4. Which one is for admin rights? And if you have the good one with what do I use it? (Perl PHP etc) |
|
|
|
|
| Posted: Tue Aug 05, 2008 2:19 pm |
|
|
| oniric |
| Advanced user |
|
|
| Joined: Jul 24, 2008 |
| Posts: 65 |
|
|
|
|
|
|
|
If you searched for "WBB" one is a video about a XSS vuln, and the other are not related to WBB ( two are plugins for it ).
If you search "woltlab burning board" there are many interesting results. I would stay on the SQL ones  |
|
|
|
|
| Posted: Tue Aug 05, 2008 2:30 pm |
|
|
| Harold |
| Regular user |
|
|
| Joined: Aug 03, 2008 |
| Posts: 17 |
|
|
|
|
|
|
|
| oniric wrote: | If you searched for "WBB" one is a video about a XSS vuln, and the other are not related to WBB ( two are plugins for it ).
If you search "woltlab burning board" there are many interesting results. I would stay on the SQL ones |
Yes, I see the list now. So, which one is an admin hack?
And what is an SQL injection? |
|
|
|
|
| Posted: Tue Aug 05, 2008 2:35 pm |
|
|
| oniric |
| Advanced user |
|
|
| Joined: Jul 24, 2008 |
| Posts: 65 |
|
|
|
|
|
|
|
| The ones marked with SQL. Don't use the first " Woltlab Burning Board Addon JGS-Treffen SQL Injection Vulnerability " and the "Woltlab Burning Board 2.x Datenbank MOD (fileid) Remote SQL Injection" one because they are developed for WBB addons. And try to download a version of WBB to find out where version information are hidden ( maybe you can tell if it's version 2.x or 3.x looking at differences in the directory structure between the two versions ). Don't be lazy ^_^ |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 3
Goto page 1, 2, 3Next
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 88
Members: 0
Total: 88
