|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 62
Members: 0
Total: 62
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Php nuke 7.1.0 |
|
Posted: Sun Nov 18, 2007 12:06 am |
|
|
lordorion |
Regular user |
|
|
Joined: Nov 16, 2007 |
Posts: 6 |
|
|
|
|
|
|
|
So I was messing around with waraxe's exploit found here:
http://www.waraxe.us/?modname=sa&id=003.
I ran the script and it gave me an output:
Code: | pos --> 1char --> 0 --> 46
pos --> 1char --> 1 --> 46
pos --> 1char --> 2 --> 48
pos --> 1char --> 3 --> 68
pos --> 1char --> 4 --> 56
pos --> 1char --> 5 --> 45
pos --> 1char --> 6 --> 46
pos --> 1char --> 7 --> 76
pos --> 1char --> 8 --> 42
pos --> 1char --> 9 --> 83
pos --> 1char --> a --> 94
pos --> 1char --> b --> 45
pos --> 1char --> c --> 45
pos --> 1char --> d --> 46
pos --> 1char --> e --> 43
pos --> 1char --> f --> 50
pos --> 2char --> 0 --> 43
pos --> 2char --> 1 --> 44
pos --> 2char --> 2 --> 55
pos --> 2char --> 3 --> 46
pos --> 2char --> 4 --> 43
...
[truncated by waraxe]
...
----- Final md5hash --> f----- |
I know what I'm supposed to be looking for, but I'm having a bit of trouble understanding what this info means. Anyone wanna point me in the right direction? |
|
|
|
|
|
|
|
|
Posted: Sun Nov 18, 2007 1:15 am |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
From output:
Code: |
pos --> 1char --> 0 --> 46
pos --> 1char --> 1 --> 46
pos --> 1char --> 2 --> 48
pos --> 1char --> 3 --> 68
pos --> 1char --> 4 --> 56
pos --> 1char --> 5 --> 45
pos --> 1char --> 6 --> 46
pos --> 1char --> 7 --> 76
pos --> 1char --> 8 --> 42
pos --> 1char --> 9 --> 83
pos --> 1char --> a --> 94
pos --> 1char --> b --> 45
pos --> 1char --> c --> 45
pos --> 1char --> d --> 46
pos --> 1char --> e --> 43
pos --> 1char --> f --> 50
|
As you can see, 16 probes against first hex char in md5 hash gave similar response times. So there is two options:
1. Make "$md5times = 260000;" bigger, for example:
$md5times = 900000;
2. Probably this is patched nuke version. Or sql table prefix differs from default "nuke_". And don't forget, that this exploit comes from feb 2004! It's hard to find working target three and half years after exploit comes public |
|
|
|
|
|
www.waraxe.us Forum Index -> PhpNuke
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|