Waraxe IT Security Portal
Login or Register
November 18, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 53
Members: 0
Total: 53
Full disclosure
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
4 vulnerabilities in ibmsecurity
32 vulnerabilities in IBM Security Verify Access
xlibre Xnest security advisory & bugfix releases
APPLE-SA-10-29-2024-1 Safari 18.1
SEC Consult SA-20241030-0 :: Query Filter Injection in Ping Identity PingIDM (formerly known as ForgeRock Identity Management) (CVE-2024-23600)
SEC Consult SA-20241023-0 :: Authenticated Remote Code Execution in Multiple Xerox printers (CVE-2024-6333)
APPLE-SA-10-28-2024-8 visionOS 2.1
APPLE-SA-10-28-2024-7 tvOS 18.1
APPLE-SA-10-28-2024-6 watchOS 11.1
APPLE-SA-10-28-2024-5 macOS Ventura 13.7.1
APPLE-SA-10-28-2024-4 macOS Sonoma 14.7.1
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> phpBB 2.0.16 XSS Remote Cookie Disclosure Exploit Goto page Previous1, 2, 3, 4, 5, 6, 7, 8Next
Post new topicReply to topic View previous topic :: View next topic
PostPosted: Fri Jul 22, 2005 3:10 pm Reply with quote
howitzer
Regular user
Regular user
Joined: Jun 25, 2005
Posts: 23




I cant crack 2004074e32f9875eb0e496eccb2d368d this one painfull md5 hash for days Evil or Very Mad

Stroke try man for god sakes Sad
10x
View user's profile Send private message
PostPosted: Fri Jul 22, 2005 3:54 pm Reply with quote
str0ke
Beginner
Beginner
Joined: Jul 07, 2005
Posts: 4




Well I run a free online md5 cracker.

http://www.milw0rm.com/md5/

I use multiple different techniques + rainbow tables to get the final outcome. Just look at the listings and you will see if both of your md5's were found or not.

/str0ke
View user's profile Send private message Visit poster's website
PostPosted: Fri Jul 22, 2005 3:58 pm Reply with quote
Twist
Regular user
Regular user
Joined: Jul 22, 2005
Posts: 6




thanks str0ke.. Cool
View user's profile Send private message
PostPosted: Fri Jul 22, 2005 9:17 pm Reply with quote
dnegel666
Beginner
Beginner
Joined: Jul 19, 2005
Posts: 3




Sorry for you :

2004074e32f9875eb0e496eccb2d368d -notfound- completed

on www.milw0rm.com/md5/...
View user's profile Send private message
PostPosted: Sun Jul 24, 2005 10:02 pm Reply with quote
insect
Beginner
Beginner
Joined: Jul 25, 2005
Posts: 2




Hi. I have a cookie but i can't found any user id. Please help.

Cookie: ForumSetCookie=smackdown; phpbb_smackdown_data=a:2:{s:11:\"autologinid\";s:32:\"c245bf330e68f4abe4fabe8f95fe1926\";s:6:\"userid\";i:21;}; phpbb_smackdown_sid=b8eb4725bb7fd5a1c5440381dc246bf9; phpbb_smackdown_t=a:24:{i:48;i:1122207129;i:49;i:1122206051;i:197;i:1122207076;i:9;i:1122206828;i:16;i:1122206797;i:131;i:1122206715;i:51;i:1122206775;i:50;i:1122206946;i:108;i:1122206998;i:212;i:1122208405;i:275;i:1122208438;i:306;i:1122208506;i:92;i:1122208538;i:99;i:1122208619;i:84;i:1122208648;i:226;i:1122208703;i:271;i:1122208754;i:262;i:1122208815;i:45;i:1122208860;i:257;i:1122209241;i:119;i:1122209950;i:68;i:1122210020;i:242;i:1122210117;i:137;i:1122212880;}
View user's profile Send private message
PostPosted: Sun Jul 24, 2005 10:12 pm Reply with quote
kizkur
Regular user
Regular user
Joined: Dec 04, 2004
Posts: 11




insect wrote:
Hi. I have a cookie but i can't found any user id. Please help.

Cookie: ForumSetCookie=smackdown; phpbb_smackdown_data=a:2:{s:11:\"autologinid\";s:32:\"c245bf330e68f4abe4fabe8f95fe1926\";s:6:\"userid\";i:21;}; phpbb_smackdown_sid=b8eb4725bb7fd5a1c5440381dc246bf9; phpbb_smackdown_t=a:24:{i:48;i:1122207129;i:49;i:1122206051;i:197;i:1122207076;i:9;i:1122206828;i:16;i:1122206797;i:131;i:1122206715;i:51;i:1122206775;i:50;i:1122206946;i:108;i:1122206998;i:212;i:1122208405;i:275;i:1122208438;i:306;i:1122208506;i:92;i:1122208538;i:99;i:1122208619;i:84;i:1122208648;i:226;i:1122208703;i:271;i:1122208754;i:262;i:1122208815;i:45;i:1122208860;i:257;i:1122209241;i:119;i:1122209950;i:68;i:1122210020;i:242;i:1122210117;i:137;i:1122212880;}


the user id is 21
View user's profile Send private message
PostPosted: Mon Jul 25, 2005 1:09 am Reply with quote
howitzer
Regular user
Regular user
Joined: Jun 25, 2005
Posts: 23




insect wrote:
Hi. I have a cookie but i can't found any user id. Please help.

Cookie: ForumSetCookie=smackdown; phpbb_smackdown_data=a:2:{s:11:\"autologinid\";s:32:\"c245bf330e68f4abe4fabe8f95fe1926\";s:6:\"userid\";i:21;}; phpbb_smackdown_sid=b8eb4725bb7fd5a1c5440381dc246bf9; phpbb_smackdown_t=a:24:{i:48;i:1122207129;i:49;i:1122206051;i:197;i:1122207076;i:9;i:1122206828;i:16;i:1122206797;i:131;i:1122206715;i:51;i:1122206775;i:50;i:1122206946;i:108;i:1122206998;i:212;i:1122208405;i:275;i:1122208438;i:306;i:1122208506;i:92;i:1122208538;i:99;i:1122208619;i:84;i:1122208648;i:226;i:1122208703;i:271;i:1122208754;i:262;i:1122208815;i:45;i:1122208860;i:257;i:1122209241;i:119;i:1122209950;i:68;i:1122210020;i:242;i:1122210117;i:137;i:1122212880;}


Ok the important part is
a:2:{s:11:"autologinid";s:32:"c245bf330e68f4abe4fabe8f95fe1926";s:6:"userid";i:21;}

you can use cookie poison to get thru ...
were :
c245bf330e68f4abe4fabe8f95fe1926 -- md5 hash
21 --- user id


good luck
View user's profile Send private message
PostPosted: Mon Jul 25, 2005 9:38 am Reply with quote
insect
Beginner
Beginner
Joined: Jul 25, 2005
Posts: 2




Thx ^_^
View user's profile Send private message
PostPosted: Tue Jul 26, 2005 6:22 pm Reply with quote
Twist
Regular user
Regular user
Joined: Jul 22, 2005
Posts: 6




the user ID has nothing to do with there username so how do i know which cookie belongs to who? becoz i have cracke dlots of md5 hashes from these cookies but i dont know whos username they go to... Crying or Very sad
View user's profile Send private message
PostPosted: Wed Jul 27, 2005 4:52 am Reply with quote
diegocure15
Active user
Active user
Joined: Sep 22, 2004
Posts: 27




subzero wrote:
i think you using mozilla ?? others than IE ?

i have no problem to see my own hash and im sure verbatism dont have problem too Wink

about the hash pass.

found an online site that do cracking for u.
http://sarcaprj.wayreth.eu.org/



i have sent a hash to that page to crack, but how or where do i look for it? Question

Quote:
hash: f744e541a2daf66852b0be780afad38a
View user's profile Send private message
PostPosted: Thu Jul 28, 2005 11:05 am Reply with quote
Armageddon85
Regular user
Regular user
Joined: Jul 28, 2005
Posts: 7




I perfectly understand the second part to this exploit - thanks to the video... but now i dont understand the first.

does the script go on a file in your website with chmod at 777?

if so does anyone know webhosting service for free that has that ability.

all the ones i have signed up for have a "quick and easy" file management system.
View user's profile Send private message
PostPosted: Thu Jul 28, 2005 2:50 pm Reply with quote
diegocure15
Active user
Active user
Joined: Sep 22, 2004
Posts: 27




Armageddon85 wrote:
I perfectly understand the second part to this exploit - thanks to the video... but now i dont understand the first.

does the script go on a file in your website with chmod at 777?

if so does anyone know webhosting service for free that has that ability.

all the ones i have signed up for have a "quick and easy" file management system.


www.lycos.com and just have to upload the cookie script normally and the create a file with chmod on the same path and give it 777 mod.
View user's profile Send private message
PostPosted: Fri Jul 29, 2005 2:57 am Reply with quote
Armageddon85
Regular user
Regular user
Joined: Jul 28, 2005
Posts: 7




ok I hate to be the newb but is there anywhere there is a tutorial for this specific situtation - and I your going to say google ... but ive been doing that all day - I just dont understand how to use webhosting to editfiles from an outside source
View user's profile Send private message
PostPosted: Fri Jul 29, 2005 3:34 am Reply with quote
700G
Active user
Active user
Joined: Mar 25, 2005
Posts: 33




Did you see the video in this thread?
View user's profile Send private message
PostPosted: Fri Jul 29, 2005 3:48 am Reply with quote
Armageddon85
Regular user
Regular user
Joined: Jul 28, 2005
Posts: 7




Yes I know exactly how to do that part of the exploit but I need to know more specifically how to get the actual cookie to another file. where you enter your site in the code on the post. and what to do there
View user's profile Send private message
phpBB 2.0.16 XSS Remote Cookie Disclosure Exploit
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 5 of 8
Goto page Previous1, 2, 3, 4, 5, 6, 7, 8Next
Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.039 Seconds