|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 73
Members: 0
Total: 73
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
IPB 2.XX |
|
Posted: Wed Jan 25, 2006 3:14 pm |
|
|
robin1200 |
Regular user |
|
|
Joined: Sep 13, 2005 |
Posts: 19 |
|
|
|
|
|
|
|
I have been using an exploit where I can get the Admin Root Hash, I tried to crack it by going to plaintext website, which it came out "not found" results...Is there any other way to try to log in as admin using just the hash md5?
I also tried to the cookie editor where I can succsesfully log in as any member, however, when using the Admin hash the forum just kicks me out ( I know i have the correct hash)
any ideas?
Robin |
|
|
|
|
Posted: Wed Jan 25, 2006 8:53 pm |
|
|
fulvioo |
Regular user |
|
|
Joined: May 04, 2005 |
Posts: 13 |
|
|
|
|
|
|
|
You cant crack them because ipb2.0 and higher versions use salts as the following formula:
md5(md5(password) . md5(salt))
Anyway, if you have the salt and hash, post it so Ill try in a wordlist I got. |
|
|
|
|
Posted: Wed Jan 25, 2006 8:58 pm |
|
|
robin1200 |
Regular user |
|
|
Joined: Sep 13, 2005 |
Posts: 19 |
|
|
|
|
|
|
|
here's the hash
2ea62c3aa255322125fe49992db9dee0
thanks |
|
|
|
|
Posted: Thu Jan 26, 2006 12:05 am |
|
|
fulvioo |
Regular user |
|
|
Joined: May 04, 2005 |
Posts: 13 |
|
|
|
|
|
|
|
Without the salt, cant do it |
|
|
|
|
Posted: Thu Jan 26, 2006 5:43 pm |
|
|
robin1200 |
Regular user |
|
|
Joined: Sep 13, 2005 |
Posts: 19 |
|
|
|
|
|
|
|
This is all I get when I run the exploit...
[~] PATH : /xxx/
[~] MEMBER ID : 1
[~] TARGET : 1 - IPB 2.*
[~] SEARCHING PASSWORD ... [ DONE ]
MEMBER ID : 1
MEMBER_LOGIN_KEY : 2ea62c3aa255322125fe49992db9dee0
the funny thing is that I can log in as ANY user, exept the Root Admin
weired right? |
|
|
|
|
Posted: Sun Feb 26, 2006 10:39 pm |
|
|
prodek |
Beginner |
|
|
Joined: Nov 22, 2005 |
Posts: 2 |
|
|
|
|
|
|
|
you must replace your cookies with that hash and user id.
but you can't use acp. |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|