|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 111
Members: 0
Total: 111
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
Posted: Sun Aug 30, 2009 10:55 pm |
|
|
gibbocool |
Advanced user |
|
|
Joined: Jan 22, 2008 |
Posts: 208 |
|
|
|
|
|
|
|
nuker wrote: | Please help with this! isnt there a exploit that allows you to find out the location of the admin directory or something?? |
Nope. If the admin is really paranoid he might delete the admin CP whenever he's not using it, and then when he does need it he just uploads via FTP.
I think your best chance now is to use social engineering to get him to tell you what he has done with the ACP. |
|
|
|
|
|
|
|
|
Posted: Mon Aug 31, 2009 1:59 am |
|
|
nuker |
Active user |
|
|
Joined: Aug 16, 2009 |
Posts: 39 |
|
|
|
|
|
|
|
Well, he has enough reasons to be paranoid, because i had hacked his site once and i deleted all his posts, forums and members hehe. But i dont think he needs to delete the admin directory if its enough just by changing its name. Im almost sure there must be exist something that scans and lists all directories of a website. Otherwise, what damage can i do to a board if i just have the password of an administrator?? |
|
|
|
|
Posted: Tue Sep 01, 2009 7:11 am |
|
|
gibbocool |
Advanced user |
|
|
Joined: Jan 22, 2008 |
Posts: 208 |
|
|
|
|
|
|
|
You should install invision on your own server and then play around with moving the ACP and seeing if you can still find a link to it or something. You can also play around with other things that an admin can do without needing to log into ACP. |
|
|
|
|
|
|
|
|
Posted: Tue Sep 01, 2009 8:42 am |
|
|
nuker |
Active user |
|
|
Joined: Aug 16, 2009 |
Posts: 39 |
|
|
|
|
|
|
|
Hi,
i have IPB myself and know it almost very well. Unfortunately it doesnt seem like there is a way to find out the link of the admin directory if it has been renamed, other than being able to see the content of the ini.php file in the root directory that contains that information. But that file is not accessible via web. It would be great if there as a exploit or something that allowed you to get it some way.
Without logging in the ACP, there is not so much you can do, other than deleting posts one by one or suspending users, but it would take forever for you to cause a visible damage to the board doing it that way. |
|
|
|
|
|
www.waraxe.us Forum Index -> Invision Power Board
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 2 of 2
Goto page Previous1, 2
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|