Waraxe IT Security Portal
Login or Register
November 23, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 87
Members: 0
Total: 87
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Invision Power Board -> Uploading a shell with Administrator acc? Goto page Previous1, 2, 3Next
Post new topicReply to topic View previous topic :: View next topic
PostPosted: Thu Oct 22, 2009 12:52 pm Reply with quote
pexli
Valuable expert
Valuable expert
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




First of all you need to learn how to build something and then how to break.If you don't have basic knowledge how this work you can't break it.You don't know what is server,how works,what is UNIX,basic unix command ..etc.Before you start reading books try to learn how to use google.
View user's profile Send private message
PostPosted: Sat Oct 24, 2009 8:41 pm Reply with quote
nuker
Active user
Active user
Joined: Aug 16, 2009
Posts: 39




Of course i have basic knowledge and more than that you piece of shit, but as i told you, in no book of apache, unix, linux, sql, etc. you are going to find how to hack an IPB and if all people here knew how to then this forum wouldnt need to exist.

You asshole.
View user's profile Send private message
PostPosted: Sat Oct 24, 2009 8:45 pm Reply with quote
pexli
Valuable expert
Valuable expert
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




With stupid question like this:

Quote:
okay, so for example i can download config_global.php using the shell? i understand this tutorial to execute the php code and upload the shell, but after that whats next? where do you access the shell from?


..you don't have any basic knowledge dude.Go to kindergarden to learn how read books.
View user's profile Send private message
PostPosted: Sun Oct 25, 2009 3:55 am Reply with quote
nuker
Active user
Active user
Joined: Aug 16, 2009
Posts: 39




We are talking about HACKING IPB, you moron!! i guess its not the same as if i use shell with my own server for which i have all credentials. Is it? Did you learn that in kindergarten? you should have learned instead how to write and read proper English, you cocksucker. If you are not here to help people then leave the forum. Go eat shit and get drown in somebody's feces instead. Thats what you are full of anyway hahaha
View user's profile Send private message
PostPosted: Sun Oct 25, 2009 2:58 pm Reply with quote
pexli
Valuable expert
Valuable expert
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




Stupid kids what can i say.Smile
View user's profile Send private message
PostPosted: Sun Oct 25, 2009 3:26 pm Reply with quote
CrayVr
Beginner
Beginner
Joined: Oct 25, 2009
Posts: 3




pexli wrote:
Stupid kids what can i say.Smile


You are the LEAST helpfull person in this forum.
I have never seen a topic where you actually help someone.
Look at Waraxe, he is all calm and cool, the opposite of you.
View user's profile Send private message
PostPosted: Mon Oct 26, 2009 5:13 pm Reply with quote
nuker
Active user
Active user
Joined: Aug 16, 2009
Posts: 39




You are right, CrayVr. This pexli asshole has nothing to do in a forum like this that is meant to help people. Pexli, go jerk off somewhere else, and remember to keep eating my shit, you brainless cunt.
View user's profile Send private message
PostPosted: Tue Oct 27, 2009 5:17 am Reply with quote
RG007145
Active user
Active user
Joined: May 04, 2008
Posts: 27




Calm down, folkses, you'll learn at your own pace.

I see nuker as someone who's trying to learn and is not just a skiddie.

As for help, PM me anytime. I don't usually read those, but now I will.
View user's profile Send private message
PostPosted: Tue Oct 27, 2009 7:44 am Reply with quote
pexli
Valuable expert
Valuable expert
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




You don't trust me.OK.Ask in PM or here waraxe how many books is read before start doing this.Smile
View user's profile Send private message
PostPosted: Tue Oct 27, 2009 10:32 am Reply with quote
nuker
Active user
Active user
Joined: Aug 16, 2009
Posts: 39




Ohh yeah, undeniable. If you read all the books of the world sooner or later you are going to find the answer you are looking for... You remind me of the english teacher whom you ask "how do you say this in english, teacher?" and he always replied: Go search it on the dictionary". Oh yeah, thats great help! of course the word is on the dictionary but what the hell then is he teacher for?

Thanks for your offer RG007145, i dont want to be obnoxious but i think i will ask you a couple of questions by PM.
View user's profile Send private message
PostPosted: Tue Oct 27, 2009 3:53 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Code:

maybe its a dull question, but once you have uploaded the shell then you can have access to all the files in the forum folder like if it was FTP? how you do it?
okay, so for example i can download config_global.php using the shell? i understand this tutorial to execute the php code and upload the shell, but after that whats next? where do you access the shell from?
forums like this are for making things easier. Im not spending years reading books just to find something i could learn in 2 seconds if somebody kind enough tells me. Besides i dont think i can find on any book how to hack an IPB...
Of course i have basic knowledge and more than that you piece of shit, but as i told you, in no book of apache, unix, linux, sql, etc. you are going to find how to hack an IPB and if all people here knew how to then this forum wouldnt need to exist.
We are talking about HACKING IPB, you moron!! i guess its not the same as if i use shell with my own server for which i have all credentials. Is it?



Some thoughts:

1. you have php code execution level access in some target server?
Now you must ask yourself - what I want to accomplish here?
1.1 you can easily fetch all IPB database, including hashes, private messages, etc. You can deface forum, inject javascipt/iframes, all that just by manipulating sql database. Of course, you better have some sql knowledge.
1.2 you can read, write, unlink, rename files and directories on webserver. This can give you countless more ways to leverage your presence in target server.
But Unix- and WinNT-based servers are using filesystems with built-in ACL subsystem. So what you actually can do or cannot to in target server's filesystem is different from case to case. Without linux/winnt experience you have hard times to figure out, why you cant' read some file or create new directory for example.
Even worse - php itself can make things harder: open_basedir and other php settings can interfere with filesystem interaction. So you need good php knowledge in order to maximize your presence on target server and exploit older php version vulnerabilities.
1.3 you can get operating system shell access via php. Again, php itself can make things harder with "disable_functions" or "safe_mode". And you must have good linux and WinNT knowledge in order to get maximum from shell access

2. you are saying:
"Of course i have basic knowledge and more than that you piece of shit, but as i told you, in no book of apache, unix, linux, sql, etc. you are going to find how to hack an IPB and if all people here knew how to then this forum wouldnt need to exist."
You used some public exploit to get inside IPB website, right? So that was IPB hacking.
Now you are allready inside and you want make next steps - this is not IPB hacking anymore. Knowledge you need here, can be indeed found from various books and whitepapers. And - there are even books, which are talking excatly about hacking (gray hat hacking books).

3. you are saying:
"i guess its not the same as if i use shell with my own server for which i have all credentials. Is it?"
This is what I always suggest for beginners: install LAMP or WAMP to your home PC, then install IPB and try all kind of hacks and tricks @ localhost. If you think, that I'm talking rubbish, then consider the fact, that all my advisories (sec vuln findings) are based on research, done in vitro, @ localhost.

So - take a deep breath, relax, don't curse here and don't overreact.
Ask smart questions and you will get useful answers. Just show some will to learn new things and be openminded.
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Tue Oct 27, 2009 4:13 pm Reply with quote
x3roconf_
Advanced user
Advanced user
Joined: May 01, 2008
Posts: 101




well said waraxe Smile
View user's profile Send private message
PostPosted: Tue Oct 27, 2009 7:49 pm Reply with quote
RG007145
Active user
Active user
Joined: May 04, 2008
Posts: 27




Even though waraxe put some time into replying, he didn't touch every topic out there. This is why you should read up.

For example:
1) Whether you can write files depends on the permissions of the server. Sometimes even the cache folder is not chmodded to 777. (not writeable by www-data) (not writeable by you).

2) Sometimes it is possible to just upload a root vulnerability exploit, compile, and run it all from PHP.

3) You can get a reverse shell using netcat very easily using a PHP shell.

4) If you want perpetual, hard to detect access to the database, you can make a new user and grant it all privileges on '%' (assuming you are root), then access the server using say a localhost phpmyadmin install.

And yeah, definitely set up a local server to find and/or test exploits, because you can't always afford the risk of detection while testing on your actual target.
View user's profile Send private message
PostPosted: Tue Oct 27, 2009 7:57 pm Reply with quote
pexli
Valuable expert
Valuable expert
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




waraxe ну и я ето имел введу.Хорошо написал.Спасибо. Very Happy
View user's profile Send private message
PostPosted: Wed Oct 28, 2009 12:49 am Reply with quote
nuker
Active user
Active user
Joined: Aug 16, 2009
Posts: 39




hi,

thanks for taking the time of replying. Im so happy that even waraxe himself came here to help. I really appeciate it.

First, im going to explain what i have and what i want to accomplish. I have root admin access to an IPB. I can access the ACP and do whatever i want there. However, i dont have anything else, no ftp access, no cpanel access, anything but IPB admin access and i know i can just go to the sql too box section and empty all tables so the forum gets all fucked up. However, if i just do that, the owner just needs to restore a backup, everything goes back to normal but he changes the passwords to secure the forum or even worse, renames the ACP making me unable to acces it again so its pointless.

So what i want to do is install a script in their server that allows me either uploading and downloading all the files within the forum directory or log the passwords so even if its changed i can always get it easily. All this using the admin access i currently have. I believe its possible, right? so i followed the instructions here and i got until this point


Save changes. Then go to help section:

http://localhost/ipb.3.0.0.rc2/index.php?app=core&module=help

... and php code will be executed

my question is, what happens after the php is executed and whats next? i havent tried myself because i dont want to risk being detected and i dont have a test forum yet where to test it.

After that, i just wonder if its possible to accomplish what i explained above.

Thank you.
View user's profile Send private message
Uploading a shell with Administrator acc?
www.waraxe.us Forum Index -> Invision Power Board
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 2 of 3
Goto page Previous1, 2, 3Next
Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.045 Seconds