 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 50
 Members: 0
 Total: 50
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Getting Passwords off of own forum. |
|
 Posted: Sat May 27, 2006 6:56 pm |
 |
|
| eagle132 |
| Beginner |
 |
|
| Joined: May 27, 2006 |
| Posts: 3 |
|
|
|
 |
|
 |
|
Hi, I have been browsing through the forums and reading a bit over the last couple days, but I am still quite confused.
I want to set up my own phpbb forum and then be able to get the passwords of the users. I am assuming it would be easier to do this than to find vulnerablities in other's forums, as I will have control over the forum.
So, my questions are:
1. Which version of phpbb should I install in order to do this in the easiest possible way?
2. How should I go about doing this?
I have read some threads on XXS and stuff like that so please dont just direct me to one of those. I would really appreciate someone just posting the information I have requested.
Sorry for the hassle and thanks to anyone who helps. |
|
|
|
|
|
|
|
|
| Posted: Sat May 27, 2006 7:29 pm |
|
|
| Chb |
| Valuable expert |
 |
|
| Joined: Jul 23, 2005 |
| Posts: 206 |
| Location: Germany |
|
|
|
|
|
|
Lolmao.
Learn PHP, especially $_POST-variables and mail(). After that I'm sure you know, what to do. |
|
|
|
|
|
|
|
|
| Posted: Sat May 27, 2006 10:22 pm |
|
|
| eagle132 |
| Beginner |
|
|
| Joined: May 27, 2006 |
| Posts: 3 |
|
|
|
|
|
|
|
I dont want to know how to edit all the phpbb code so that I can just view the passwords in the admincp...
I just want to know which is the best version to use to apply one of the methods here and what method that would be. I know that many threads asking this have gone unaswered, but I cant find out where to get other people's cookies and then use the md5 to get their password. I have checked out my cookie and used the md5 to get my own password, so I know how that works, but I dont know where to get teh cookie.
So, what is the best version to install so that I can steal people's cookies? What kind of code do I need to use to access their cookies? Where do I put this code?
Sorry for asking so much, but I have indeed searched a bit and just cant figure it out. |
|
|
|
|
|
|
|
|
| Posted: Sun May 28, 2006 12:22 pm |
|
|
| sljyro |
| Advanced user |
 |
|
| Joined: Mar 23, 2006 |
| Posts: 53 |
|
|
|
|
|
|
|
set up any phpBB forum version, and once you have the users registered, do a full backup of your database.
open the database file, search for the user name, and you will see a md5 hash for each user.
hope this helps. |
|
|
|
|
| Posted: Sun May 28, 2006 5:11 pm |
|
|
| eagle132 |
| Beginner |
|
|
| Joined: May 27, 2006 |
| Posts: 3 |
|
|
|
|
|
|
|
Sounds like just the info I was looking for.  I will test it out today and let you know if it works for me.
Thanks a bunch.  |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
