|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
admin rights, harsh reality? |
|
Posted: Tue Nov 01, 2005 3:51 am |
|
|
Thuleman |
Beginner |
|
|
Joined: Nov 01, 2005 |
Posts: 4 |
|
|
|
|
|
|
|
Folks,
I am in somewhat of a pickle. I created a msg board in 04/2004. I retired from the game the board is for in 11/2004 and gave admin rights and billing for the hosting accout to a fellow player. He was running the board just fine till he went MIA around 05/2005.
He is still paying for the web hosting, as the site remains online. But he has not checked his PM since 05/2005 (outbox). Attempts to contact him through the hosting company have failed as they say they can't do anything because the account is his and his contact info is no one's business.
I have full control over the domain name, so I could simply point it elsewhere and the users would follow to a new board, most of them anyway. The problem is that the board has a good history, some 4300 users (of course only a 10th of them check the boards daily). 260k posts. I don't want to lose all that stuff by starting a new board with a different host.
I have patched phpBB to 2.0.12 or .13 myself back in the day. I have also made sure that the footers read 2.0.10 even though it was patched above that. I did delete the /docs and pretty much did everything to secure the board as good as possible.
I tried the LiveHeaders exploit (adjusted the values for the current admin who's user #79), and it didn't work. I know that the current admin patched to at least .15 if not higher.
Is there anything I can realistically do to get admin access? I obviously have a user account, I also have a mod account, I don't have admin access myself anymore (kinda obvious too).
I did check the hosting and mysql db pws and they have been changed (as I would have expected), the current admin is no idiot, it's just that he is MIA.
Is my only option to exploit the DB access, download the DB and just start over elsewhere?
Edit: Please do not PM me asking which site it is or offer to do try and gain admin yourself. No offense, but I'd rather have the anarchy on the boards and the posts are all still there, than some 3rd party logging in and deleting the whole thing. Hope you understand, but every one of those 4300 reg users is important to me and they don't deserve to be shafted just cause one guy went MIA. |
|
|
|
|
|
|
|
|
Posted: Tue Nov 01, 2005 4:56 am |
|
|
shai-tan |
Valuable expert |
|
|
Joined: Feb 22, 2005 |
Posts: 477 |
|
|
|
|
|
|
|
np about the asking of the url. No one does that here unless they are approached with a url.
What version was it when you left it?
Was it updated in the time the new admin owned it?
Shai-tan |
|
_________________ Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
Posted: Tue Nov 01, 2005 5:18 am |
|
|
Thuleman |
Beginner |
|
|
Joined: Nov 01, 2005 |
Posts: 4 |
|
|
|
|
|
|
|
I would assume it was updated to something hihger than 2.0.15 because the Database Authentication Details Exploit only returns:
Code: | [+] Connecting OK
[+] Sending exploit OK
[+] Database Host:
[+] Database Name:
[+] Username:
[+] Password: |
It's kind of wierd, because it doesn't say FAILED, but it also doesn't display values for the blank variables.
I do actually know the DB host, the DB name, and the username, I just don't know the DB pw.
So backing up the database seems out of the question as well. |
|
|
|
|
Posted: Tue Nov 01, 2005 5:24 am |
|
|
shai-tan |
Valuable expert |
|
|
Joined: Feb 22, 2005 |
Posts: 477 |
|
|
|
|
|
|
|
Yes a lot of remote exploits come up with nulls or nothings. Not sure really what you can do but wait for new exploits. Or you could ask some of the other users if they have his email addy. |
|
_________________ Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
Posted: Tue Nov 01, 2005 5:34 am |
|
|
Thuleman |
Beginner |
|
|
Joined: Nov 01, 2005 |
Posts: 4 |
|
|
|
|
|
|
|
I have his email that he is registered at Paypal with, but no response and no bounce either (not a free email, but one from a real ISP). Guess I could call that ISP and try with some social engineering, but I also don't want the ISP to call the FIBI on me. LOL
The cookie grabber doesn't do anything for me since the admin never logs in anymore.
May give it a couple more weeks and perhaps do start over from scratch elsewhere. |
|
|
|
|
Posted: Tue Nov 01, 2005 5:40 am |
|
|
shai-tan |
Valuable expert |
|
|
Joined: Feb 22, 2005 |
Posts: 477 |
|
|
|
|
|
|
|
Yeah thats your best bet cause its more legal todo to. lolz.
Hope all goes well. Tell me how you get on.
Shai-tan |
|
_________________ Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
|
|
|
|
Posted: Wed Nov 02, 2005 1:33 am |
|
|
Thuleman |
Beginner |
|
|
Joined: Nov 01, 2005 |
Posts: 4 |
|
|
|
|
|
|
|
Social engineering 4tw!
Ok, so I knew the admins real name. Peoplefinder was worthless. I searched through the board for post he had made and that had the word 'work' in them. I found his old place of employment (national chain). I started calling their stores in the state of NJ (knew that the admin lives there). The first couple were bust, the thrid one said the guy used to work there but was transfered to a different store. Got number for new store. It's was his day off. Talked the lady on the phone into giving me his cell phone number.
Called the admin!!! Wheee!!! Got it all sorted out, he will transfer admin rights to me tonight. He had too much real life shit going on to even worry about msg boards and games anymore. |
|
|
|
|
|
|
|
|
Posted: Wed Nov 02, 2005 2:13 am |
|
|
shai-tan |
Valuable expert |
|
|
Joined: Feb 22, 2005 |
Posts: 477 |
|
|
|
|
|
|
|
Good stuff man. You did it the legal way to so its much better than trying to explain that you cracked his site. Well good luck on the site and I hope you do well.
Shai-tan |
|
_________________ Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
|
|
Powered by phpBB � 2001-2008 phpBB Group
|
|
|
|
|