|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 81
Members: 0
Total: 81
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Noob's question about an exploit |
|
Posted: Tue Feb 03, 2009 12:56 am |
|
|
Thyrfing |
Beginner |
|
|
Joined: Jan 27, 2009 |
Posts: 3 |
Location: SGC, underneath NORAD |
|
|
|
|
|
|
I have a question which you may categorize as a noob one but you also have been noobs back in time so I hope you will answer my question.
I found and used a perl exploit for bb 2.0.22. It's called SQLInjection exploit. So, I ran it, entered what I was asked to enter (url, dir, ID) and when I hit enter in a few seconds I can see this "Exploit finished!". OK, finished but did WHAT? I mean where can I find the results of what has this exploit done? Any text file somewhere or... idk... I logged in the forum with the user I entered in the exploit but this acc doesn't have admin rights so there must be something else which the exploit does. After it's finished cmd goes back to the dir where I saved the exploit. So, the BIG question is - where the h*ll are the results and how can I see them? |
|
|
|
|
|
Re: Noob's question about an exploit |
|
Posted: Tue Feb 03, 2009 2:28 am |
|
|
tehhunter |
Valuable expert |
|
|
Joined: Nov 19, 2008 |
Posts: 261 |
|
|
|
|
|
|
|
Thyrfing wrote: | I have a question which you may categorize as a noob one but you also have been noobs back in time so I hope you will answer my question.
I found and used a perl exploit for bb 2.0.22. It's called SQLInjection exploit. So, I ran it, entered what I was asked to enter (url, dir, ID) and when I hit enter in a few seconds I can see this "Exploit finished!". OK, finished but did WHAT? I mean where can I find the results of what has this exploit done? Any text file somewhere or... idk... I logged in the forum with the user I entered in the exploit but this acc doesn't have admin rights so there must be something else which the exploit does. After it's finished cmd goes back to the dir where I saved the exploit. So, the BIG question is - where the h*ll are the results and how can I see them? | Odds are this is an exploit to give you the admin's hashed password/(salt?). Look in the directory of the perl exploit and see if theres any additional files.
On another note, be sure to not just use scripts but also to try hacking to improve your fundamentals. Far too often these days you see people thinking they are really good hackers because they can use other people's scripts. That's no fun. |
|
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|