Waraxe IT Security Portal

jearthree · Regular user

Are there any working exploits for phpBB 2.0.14 which allow you to gain admin access to the site?

Thanks for your replies!

shai-tan · Valuable expert

You will have to wait 3 days for the new bbcode exploit.

jearthree · Regular user

Ah cool, I wasn't sure what was possible with that, thanks for your help! Smile

lone_wolf · Regular user

Five days counting from may the seventh - tommorow is the day

shai-tan · Valuable expert

Seems to be many script kiddies lurking around.......

lone_wolf · Regular user

Kiddie yourself. Never heard for your exploits

shai-tan · Valuable expert

Wait are you calling me a script kiddie?
Well you are wrong.

First off I have only ever used exploits twice online. (grudges)
And secondly I dont use real life sploits. I work out proof of concepts and mod them to the way I need.

I do my testing localy.
And I hardly even test exploits localy any more.

lone_wolf · Regular user

And why for the god sake do you need to modify exploits of some bug for some BB? And test them localy?! Don't sound logical to me...

Sounds to me you're just another script kiddie who thinks by making new scripts for other peoples exploits he's real hacker like them Laughing

shai-tan · Valuable expert

You can think that if you like but its not the truth.
The Hacker is some who makes scripts and is good at it. A lot of people get mixed up between Hacking and Exploiting.

Modifying proof of concepts is a way of learning how to write secure code because to make an exploit you first need to look at the source and determin where the hole is and how you can use it to your advantage. Thus making you learn from other people's mistakes also teaching you to review your own code and see where you may have gone wrong.

So in a way it is teaching you how to be a hacker. Hacker = someone who writes secure scripts and is good at it. Wink

lone_wolf · Regular user

Ok, I'll agree with you on that and that's exactly the reason why am here - to watch & LEARN. Not script kiddie

You know, you're funny guy Shai Very Happy

shai-tan · Valuable expert

Well I wasnt calling you guys script kiddies directly I was just stating there are heaps around. Do you use Ares or Warez P2Ps? They are full of script kiddies who want to know how to "hack". And there are sites way worse than this with posts being made about exploits all the time.

waraxe · Site admin

Cmn people, relax all, take some prozac, couple of beers or coffee and just let's calm down Very Happy

Why blame each other, why fight with each other, let's just share information and let's improve our skills through this. You know, no one is perfect, if someone is thinking that "i know all about this topic i ever wanted", then he's allready stagnating, he is allready about staing behind newcomers. Everyone should learn through all the life, every hacker or hacker-wannabe starts form being scriptkiddie, then will try to modify scripts, then will make scripts and find holes by himself and finally, some of them will be real gurus, discovering whole new areas in IT security and insecurity. In this forum is subsection "Newbies corner" - it is exactly meant for total beginners and n00b scrptkidd0s.

Peace Cool

lone_wolf · Regular user

>Do you use Ares or Warez P2Ps?

never heard of it. i read only bugtraq mailing list and infos on personal sites of authors of original exploits

i found this site when waraxe released his exploit for sql injection bug in privmsg last year

lone_wolf · Regular user

shai-tan · Valuable expert

Thats how I found this site too same advisory too. He had done it wrong on purpose. Only 25 Characters of the users MD5 came out of it.

Warez and Ares are P2Ps they have chat rooms on them for heaps of different subjects there are tonnes of "hacking" ones on it.