Waraxe IT Security Portal
Login or Register
November 24, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 59
Members: 0
Total: 59
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> How to use gathered md5 hash? Step-by-step tutorial 4 n00bs Goto page Previous1, 2, 3, 4, 5Next
Post new topicReply to topic View previous topic :: View next topic
PostPosted: Sun May 22, 2005 3:41 pm Reply with quote
mercato
Beginner
Beginner
Joined: May 22, 2005
Posts: 3




This exploit does not work on later versions of phpBB.

One thing you also need to do is edit the value in the cookie for the length of the userid. Admin is usually id number 2, so the length is 1.

If your userid is 1111, then the length will be 4 etc....

This does seem to wotrk on versions prior to 2.0.12 from what I can tell.
View user's profile Send private message
PostPosted: Sat Jun 25, 2005 3:33 pm Reply with quote
howitzer
Regular user
Regular user
Joined: Jun 25, 2005
Posts: 23




Hello i was wondering how u guys know the admin md5 hash password... i supouse that u have their cookie or what ?
How do u get their hash ?

10x forward
View user's profile Send private message
PostPosted: Sat Jun 25, 2005 11:14 pm Reply with quote
oxygenne
Advanced user
Advanced user
Joined: Apr 13, 2005
Posts: 52




You can get admin hash using some sort of sql injection or XSS.I was wondering if anyone have a clue how should i prepare cookie for the latest WordPress bug.I managed to get the user and pass hash which is MD5 encrypted
View user's profile Send private message
PostPosted: Sat Jun 25, 2005 11:49 pm Reply with quote
howitzer
Regular user
Regular user
Joined: Jun 25, 2005
Posts: 23




10x oxygenne , but there is no SQL Injection for phpbb 2.0.15 yet Confused or there is Question
View user's profile Send private message
PostPosted: Sun Jun 26, 2005 12:05 am Reply with quote
oxygenne
Advanced user
Advanced user
Joined: Apr 13, 2005
Posts: 52




yes but i thing there is a XSS in that version
View user's profile Send private message
PostPosted: Fri Jul 22, 2005 3:18 am Reply with quote
kidron
Beginner
Beginner
Joined: Jul 22, 2005
Posts: 4




is phpbb 2.0.7 and 2.0.15(.16 and 1.7) still vulnerable to cookie stilling?

because, when i look to my cookies.txt it doesn't look like this:

Code:
www.target.com FALSE / FALSE 1114433252 phpbb2mysql_data
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A32%3A%2219dd1947a95454ccaf223a731c32db0c%22%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%224%22%3B%7D
View user's profile Send private message
PostPosted: Fri Oct 14, 2005 8:49 am Reply with quote
raydog2k
Regular user
Regular user
Joined: Oct 14, 2005
Posts: 8




can some1 plz tell me how to change the cookie info gathered from using exploit for 2.0.12 and got this

Cookie: user=MTMyOnAycDo2ZjRjNWM1ZjUzYzJiMWQ2OWU0NDllMjdiYzQ1ZDQ3YjoxMDo6MDowOjA6MDo6NDA5Ng==; phpbb2mysql_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";s:3:\"132\";}; admin=cDJwOjBlMmM4OGRmMWU4YWZhZGI5ZTZhYjUzNThhNGM0ZGU5Og==; phpbb2mysql_sid=ee3589a62be690e2946448c626aba523; phpbb2mysql_t=a:1:{i:406;i:1129266078;}
View user's profile Send private message
PostPosted: Wed Oct 19, 2005 5:57 am Reply with quote
raydog2k
Regular user
Regular user
Joined: Oct 14, 2005
Posts: 8




i've figured it out but this cookie stuff doesnt seem to work....
View user's profile Send private message
Re: How to use gathered md5 hash? Step-by-step tutorial 4 n0
PostPosted: Sun Feb 26, 2006 1:15 pm Reply with quote
ianmac
Regular user
Regular user
Joined: Feb 26, 2006
Posts: 6




waraxe wrote:
OK, first of all, we need some preparation work.

    1. Get target password's md5 hash - in this tutorial it's 098f4bcd4621d373caae4e832628b4f6



How do I get the MD5 hash?
View user's profile Send private message
PostPosted: Thu Mar 23, 2006 1:14 am Reply with quote
sljyro
Advanced user
Advanced user
Joined: Mar 23, 2006
Posts: 53




hi all, new here. ive been following many threads here, so i thought i should join up.

i have got the md5 hash, user id, and everything else. changed the phpbb2mysql_data cookie succesfully (so i hope, looked easy). but everytime i try it, it just logs me out and doesnt log me in as the target.

ive tried with mozilla, firefox, opera, and all the same outcome.

could there be something i missed?

any help appreciated,

SL jyro
View user's profile Send private message
PostPosted: Wed Apr 05, 2006 7:54 am Reply with quote
Aryan-Husky
Active user
Active user
Joined: Apr 03, 2006
Posts: 37




I have tried this on a phpBB version 2.0.15 using Firefox and it doesn't seem to work? Can anybody else shed more light on this?

Could you maybe have to use a specific version of Firefox or Mozilla?

I am using version 1.5.0.1 of Firefox.
View user's profile Send private message
PostPosted: Wed Apr 19, 2006 9:06 pm Reply with quote
SicKn3sS
Regular user
Regular user
Joined: Apr 16, 2006
Posts: 14




I dont think this works anymore, i tried it exactly how you said it on my account and it wont work. I just wanna log in with the admin panel isnt there a way to do it with live http headers?
View user's profile Send private message
PostPosted: Tue Apr 25, 2006 11:44 pm Reply with quote
lazarus
Beginner
Beginner
Joined: Apr 23, 2006
Posts: 3




I have a big problem.

I tried to use the exploit with the picture (for phpbb 2.0.1Cool - the exploit works just fine and puts the cookie string into my log.txt file.

BUT:

I dont get the hash with the pass!

Here is what I got:

http://www.sitenameblabla.org/posting.php Cookie: as_phpbb2mysql_data=a:2:{s:6:\"userid\";s:3:\"353\";s:11:\"autologinid\";s:0:\"\";}; as_phpbb2mysql_sid=591bca2dcds72c9db708c5bbse245bc7


As you can see all I get is "sid" - no hash after "autologinid" - does it mean that the site is secured or I'm just so stupid that I'm missing something?
View user's profile Send private message
PostPosted: Wed Apr 26, 2006 10:14 pm Reply with quote
sljyro
Advanced user
Advanced user
Joined: Mar 23, 2006
Posts: 53




that might mean that the target user does not have autologin enabled for their account. so that is why the md5 hash isnt stored in their cookie.
View user's profile Send private message
little off-topic
PostPosted: Mon May 01, 2006 2:00 am Reply with quote
blamara
Beginner
Beginner
Joined: May 01, 2006
Posts: 1




I was serching something usefull ho to replace cookies in some browser and part of that task is completed tanks to this tutorial.

Also have noticed that MD5 hash is same length like PHPSESSID maybe it has something to do with it.

The problem I have is next:

I have found exploit to collect users data:
url: ... index.php?session=0b89193aca12
cookie: ... PHPSESSID=28118779305cbba8473fd7ca19dd068c ...

also have stumbled to cookies like this one:
FRQSTR=18909969x113247:1:1440|18909969|18909969|18909969|18909969;

still trying to figure it out what it is, but it must be something. I will use exploit to send me targets client, to see is this value connected to targets client.
---

Now what I want is to enter target url returned to me with session data sent to me, not sure will it work I will try later using this tutorial.

But I was thinking something in my back days I made proxy server to exploit cookies bug on some server, where my cookies were dinamically changed when access denied to switch to next user. I am thinking to use same technique, but I wonder is there on net some usefull tool like proxy where you can add filter for url and to change request dinamically ???

Any ideas ???
Or to write again my own tool,
it's borring to write tool when there must be one on web q=)

_________________
lol
View user's profile Send private message
How to use gathered md5 hash? Step-by-step tutorial 4 n00bs
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 4 of 5
Goto page Previous1, 2, 3, 4, 5Next
Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.048 Seconds