 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 Posted: Mon Sep 22, 2008 1:51 pm |
 |
|
| T0x1Cw4St3 |
| Regular user |
 |
|
| Joined: Aug 15, 2008 |
| Posts: 17 |
|
|
|
 |
|
 |
|
| waraxe wrote: | | T0x1Cw4St3 wrote: | Everytime i'm getting this:
Invalid response, target URL not valid? Exiting ...
With every IPB 2.3.5 board i find. |
Most of the IPB installations are allready patched. So first thing to do is to try this:
| Code: |
http://www.***.com/forums/index.php?act=xmlout&do=check-display-name&name=%2527
|
If you will see "IPS driver error", then exploit should work. If you get "not found" or something like that, then specific target is allready pacthed  |
Thanks a bunch 
1 more question: how do i need to enter the URL in the exploit like, http:// or without, and i found some forums with a url like this: forums.xxxxx.xxx/index.php |
|
|
|
|
| Posted: Mon Sep 22, 2008 3:04 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
| Posted: Mon Sep 22, 2008 3:23 pm |
|
|
| martin1 |
| Regular user |
|
|
| Joined: Sep 21, 2008 |
| Posts: 17 |
|
|
|
|
|
|
|
What if the forum index is on a subdomain ? I think thats what he means.  |
|
|
|
|
| Posted: Mon Sep 22, 2008 3:31 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| martin1 wrote: | | What if the forum index is on a subdomain ? I think thats what he means. |
OK, i got it now ...
It does not matter, as far as URL is pointing to IPB index page (homepage, main page, ...) |
|
|
|
|
| Posted: Mon Sep 22, 2008 3:53 pm |
|
|
| martin1 |
| Regular user |
|
|
| Joined: Sep 21, 2008 |
| Posts: 17 |
|
|
|
|
|
|
|
it there anyway to make it do more than one target ID ?  |
|
|
|
|
| Posted: Mon Sep 22, 2008 6:18 pm |
|
|
| pexli |
| Valuable expert |
 |
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
| martin1 wrote: | | it there anyway to make it do more than one target ID ? |
You mai change tirget id from Xploit
$id = 1;// ID of the target user, default value "1" is admin's ID |
|
|
|
|
| Posted: Mon Sep 22, 2008 6:36 pm |
|
|
| martin1 |
| Regular user |
|
|
| Joined: Sep 21, 2008 |
| Posts: 17 |
|
|
|
|
|
|
|
No thats not what i mean.  |
|
|
|
|
| Posted: Mon Sep 22, 2008 6:57 pm |
|
|
| Poison |
| Advanced user |
|
|
| Joined: Jul 30, 2008 |
| Posts: 126 |
|
|
|
|
|
|
|
grrr, i have reinstalled php now and done everything suggested now im getting this error;  |
|
|
|
|
| Posted: Mon Sep 22, 2008 7:13 pm |
|
|
| Chedda |
| Active user |
|
|
| Joined: May 26, 2008 |
| Posts: 27 |
|
|
|
|
|
|
|
| koko wrote: | | martin1 wrote: | | it there anyway to make it do more than one target ID ? |
You mai change tirget id from Xploit
$id = 1;// ID of the target user, default value "1" is admin's ID |
He means can you check multiple ID's at one time instead of doing one at a time. For example it would scan all the IDs 1-100 if you told it so.
I'm sure if you know how to program you could figure it out unfortunately I am not and can't help sorry.
As for poison I would recommend just re downloading OCI.dll and placing it your php folder. I use a webserver so I haven't had this problem. |
|
|
|
|
| Posted: Mon Sep 22, 2008 7:33 pm |
|
|
| martin1 |
| Regular user |
|
|
| Joined: Sep 21, 2008 |
| Posts: 17 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Mon Sep 22, 2008 8:12 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| martin1 wrote: | | it there anyway to make it do more than one target ID ? |
Gimme some time, i will publish next version soon, with multi ID mode and with optional username fetching. |
|
|
|
|
| Posted: Mon Sep 22, 2008 8:12 pm |
|
|
| Poison |
| Advanced user |
|
|
| Joined: Jul 30, 2008 |
| Posts: 126 |
|
|
|
|
|
|
|
| Thank you waraxe for this great exploit, now to crack them -,- |
|
|
|
|
| Posted: Mon Sep 22, 2008 8:15 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
Yes, cracking ... salted hashes are not easy to crack. What i'm missing, is IPB and Vbulletin hashes support in insidepro's Extreme GPU Bruteforcer:
http://www.insidepro.com/eng/egb.shtml
I have that program, but it's not very useful till it supports more salted hashes algos |
|
|
|
|
| Posted: Mon Sep 22, 2008 8:25 pm |
|
|
| martin1 |
| Regular user |
|
|
| Joined: Sep 21, 2008 |
| Posts: 17 |
|
|
|
|
|
|
|
Yeah isnt as easy to crack the salted ones  |
|
|
|
|
 |
hello |
 |
| Posted: Mon Sep 22, 2008 11:13 pm |
|
|
| XXxxImmortalxxXX |
| Beginner |
|
|
| Joined: Sep 23, 2008 |
| Posts: 1 |
|
|
|
|
|
|
|
hello thanks for hte exploit as i am running 2.3.5 i tryed ur script and it didnt hack my account is there some way we can do a chat session and i let u try to do the attack on my site and see if u gain access to it? add me on msn
scyther777@live.com
if u dont midn |
|
|
|
|
www.waraxe.us Forum Index -> Invision Power Board
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 2 of 5
Goto page Previous1, 2, 3, 4, 5Next
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 67
Members: 0
Total: 67
.
