 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 Posted: Thu Oct 22, 2009 12:52 pm |
 |
|
| pexli |
| Valuable expert |
 |
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
 |
|
 |
|
| First of all you need to learn how to build something and then how to break.If you don't have basic knowledge how this work you can't break it.You don't know what is server,how works,what is UNIX,basic unix command ..etc.Before you start reading books try to learn how to use google. |
|
|
|
|
| Posted: Sat Oct 24, 2009 8:41 pm |
|
|
| nuker |
| Active user |
 |
|
| Joined: Aug 16, 2009 |
| Posts: 39 |
|
|
|
|
|
|
|
Of course i have basic knowledge and more than that you piece of shit, but as i told you, in no book of apache, unix, linux, sql, etc. you are going to find how to hack an IPB and if all people here knew how to then this forum wouldnt need to exist.
You asshole. |
|
|
|
|
| Posted: Sat Oct 24, 2009 8:45 pm |
|
|
| pexli |
| Valuable expert |
|
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
With stupid question like this:
| Quote: | | okay, so for example i can download config_global.php using the shell? i understand this tutorial to execute the php code and upload the shell, but after that whats next? where do you access the shell from? |
..you don't have any basic knowledge dude.Go to kindergarden to learn how read books. |
|
|
|
|
| Posted: Sun Oct 25, 2009 3:55 am |
|
|
| nuker |
| Active user |
|
|
| Joined: Aug 16, 2009 |
| Posts: 39 |
|
|
|
|
|
|
|
| We are talking about HACKING IPB, you moron!! i guess its not the same as if i use shell with my own server for which i have all credentials. Is it? Did you learn that in kindergarten? you should have learned instead how to write and read proper English, you cocksucker. If you are not here to help people then leave the forum. Go eat shit and get drown in somebody's feces instead. Thats what you are full of anyway hahaha |
|
|
|
|
| Posted: Sun Oct 25, 2009 2:58 pm |
|
|
| pexli |
| Valuable expert |
|
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
Stupid kids what can i say. |
|
|
|
|
| Posted: Sun Oct 25, 2009 3:26 pm |
|
|
| CrayVr |
| Beginner |
|
|
| Joined: Oct 25, 2009 |
| Posts: 3 |
|
|
|
|
|
|
|
| pexli wrote: | | Stupid kids what can i say. |
You are the LEAST helpfull person in this forum.
I have never seen a topic where you actually help someone.
Look at Waraxe, he is all calm and cool, the opposite of you. |
|
|
|
|
| Posted: Mon Oct 26, 2009 5:13 pm |
|
|
| nuker |
| Active user |
|
|
| Joined: Aug 16, 2009 |
| Posts: 39 |
|
|
|
|
|
|
|
| You are right, CrayVr. This pexli asshole has nothing to do in a forum like this that is meant to help people. Pexli, go jerk off somewhere else, and remember to keep eating my shit, you brainless cunt. |
|
|
|
|
| Posted: Tue Oct 27, 2009 5:17 am |
|
|
| RG007145 |
| Active user |
|
|
| Joined: May 04, 2008 |
| Posts: 27 |
|
|
|
|
|
|
|
Calm down, folkses, you'll learn at your own pace.
I see nuker as someone who's trying to learn and is not just a skiddie.
As for help, PM me anytime. I don't usually read those, but now I will. |
|
|
|
|
| Posted: Tue Oct 27, 2009 7:44 am |
|
|
| pexli |
| Valuable expert |
|
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
| You don't trust me.OK.Ask in PM or here waraxe how many books is read before start doing this. |
|
|
|
|
| Posted: Tue Oct 27, 2009 10:32 am |
|
|
| nuker |
| Active user |
|
|
| Joined: Aug 16, 2009 |
| Posts: 39 |
|
|
|
|
|
|
|
Ohh yeah, undeniable. If you read all the books of the world sooner or later you are going to find the answer you are looking for... You remind me of the english teacher whom you ask "how do you say this in english, teacher?" and he always replied: Go search it on the dictionary". Oh yeah, thats great help! of course the word is on the dictionary but what the hell then is he teacher for?
Thanks for your offer RG007145, i dont want to be obnoxious but i think i will ask you a couple of questions by PM. |
|
|
|
|
|
 |
|
 |
| Posted: Tue Oct 27, 2009 3:53 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| Code: |
maybe its a dull question, but once you have uploaded the shell then you can have access to all the files in the forum folder like if it was FTP? how you do it?
okay, so for example i can download config_global.php using the shell? i understand this tutorial to execute the php code and upload the shell, but after that whats next? where do you access the shell from?
forums like this are for making things easier. Im not spending years reading books just to find something i could learn in 2 seconds if somebody kind enough tells me. Besides i dont think i can find on any book how to hack an IPB...
Of course i have basic knowledge and more than that you piece of shit, but as i told you, in no book of apache, unix, linux, sql, etc. you are going to find how to hack an IPB and if all people here knew how to then this forum wouldnt need to exist.
We are talking about HACKING IPB, you moron!! i guess its not the same as if i use shell with my own server for which i have all credentials. Is it?
|
Some thoughts:
1. you have php code execution level access in some target server?
Now you must ask yourself - what I want to accomplish here?
1.1 you can easily fetch all IPB database, including hashes, private messages, etc. You can deface forum, inject javascipt/iframes, all that just by manipulating sql database. Of course, you better have some sql knowledge.
1.2 you can read, write, unlink, rename files and directories on webserver. This can give you countless more ways to leverage your presence in target server.
But Unix- and WinNT-based servers are using filesystems with built-in ACL subsystem. So what you actually can do or cannot to in target server's filesystem is different from case to case. Without linux/winnt experience you have hard times to figure out, why you cant' read some file or create new directory for example.
Even worse - php itself can make things harder: open_basedir and other php settings can interfere with filesystem interaction. So you need good php knowledge in order to maximize your presence on target server and exploit older php version vulnerabilities.
1.3 you can get operating system shell access via php. Again, php itself can make things harder with "disable_functions" or "safe_mode". And you must have good linux and WinNT knowledge in order to get maximum from shell access
2. you are saying:
"Of course i have basic knowledge and more than that you piece of shit, but as i told you, in no book of apache, unix, linux, sql, etc. you are going to find how to hack an IPB and if all people here knew how to then this forum wouldnt need to exist."
You used some public exploit to get inside IPB website, right? So that was IPB hacking.
Now you are allready inside and you want make next steps - this is not IPB hacking anymore. Knowledge you need here, can be indeed found from various books and whitepapers. And - there are even books, which are talking excatly about hacking (gray hat hacking books).
3. you are saying:
"i guess its not the same as if i use shell with my own server for which i have all credentials. Is it?"
This is what I always suggest for beginners: install LAMP or WAMP to your home PC, then install IPB and try all kind of hacks and tricks @ localhost. If you think, that I'm talking rubbish, then consider the fact, that all my advisories (sec vuln findings) are based on research, done in vitro, @ localhost.
So - take a deep breath, relax, don't curse here and don't overreact.
Ask smart questions and you will get useful answers. Just show some will to learn new things and be openminded. |
|
|
|
|
|
|
|
|
| Posted: Tue Oct 27, 2009 4:13 pm |
|
|
| x3roconf_ |
| Advanced user |
|
|
| Joined: May 01, 2008 |
| Posts: 101 |
|
|
|
|
|
|
|
| well said waraxe |
|
|
|
|
|
|
|
|
| Posted: Tue Oct 27, 2009 7:49 pm |
|
|
| RG007145 |
| Active user |
|
|
| Joined: May 04, 2008 |
| Posts: 27 |
|
|
|
|
|
|
|
Even though waraxe put some time into replying, he didn't touch every topic out there. This is why you should read up.
For example:
1) Whether you can write files depends on the permissions of the server. Sometimes even the cache folder is not chmodded to 777. (not writeable by www-data) (not writeable by you).
2) Sometimes it is possible to just upload a root vulnerability exploit, compile, and run it all from PHP.
3) You can get a reverse shell using netcat very easily using a PHP shell.
4) If you want perpetual, hard to detect access to the database, you can make a new user and grant it all privileges on '%' (assuming you are root), then access the server using say a localhost phpmyadmin install.
And yeah, definitely set up a local server to find and/or test exploits, because you can't always afford the risk of detection while testing on your actual target. |
|
|
|
|
|
|
|
|
| Posted: Tue Oct 27, 2009 7:57 pm |
|
|
| pexli |
| Valuable expert |
|
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
waraxe ну и я ето имел введу.Хорошо написал.Спасибо.  |
|
|
|
|
|
|
|
|
| Posted: Wed Oct 28, 2009 12:49 am |
|
|
| nuker |
| Active user |
|
|
| Joined: Aug 16, 2009 |
| Posts: 39 |
|
|
|
|
|
|
|
hi,
thanks for taking the time of replying. Im so happy that even waraxe himself came here to help. I really appeciate it.
First, im going to explain what i have and what i want to accomplish. I have root admin access to an IPB. I can access the ACP and do whatever i want there. However, i dont have anything else, no ftp access, no cpanel access, anything but IPB admin access and i know i can just go to the sql too box section and empty all tables so the forum gets all fucked up. However, if i just do that, the owner just needs to restore a backup, everything goes back to normal but he changes the passwords to secure the forum or even worse, renames the ACP making me unable to acces it again so its pointless.
So what i want to do is install a script in their server that allows me either uploading and downloading all the files within the forum directory or log the passwords so even if its changed i can always get it easily. All this using the admin access i currently have. I believe its possible, right? so i followed the instructions here and i got until this point
Save changes. Then go to help section:
http://localhost/ipb.3.0.0.rc2/index.php?app=core&module=help
... and php code will be executed
my question is, what happens after the php is executed and whats next? i havent tried myself because i dont want to risk being detected and i dont have a test forum yet where to test it.
After that, i just wonder if its possible to accomplish what i explained above.
Thank you. |
|
|
|
|
|
www.waraxe.us Forum Index -> Invision Power Board
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 2 of 3
Goto page Previous1, 2, 3Next
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 55
Members: 0
Total: 55
