Waraxe IT Security Portal
Login or Register
November 23, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 121
Members: 0
Total: 121
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> [Help] How these codes work !!! Goto page 1, 2Next
Post new topicReply to topic View previous topic :: View next topic
[Help] How these codes work !!!
PostPosted: Sat Apr 15, 2006 9:14 pm Reply with quote
dinho
Regular user
Regular user
Joined: Apr 15, 2006
Posts: 16




Hello
I'm new to this forum and actualy new to hacks ...
Well I've been lookin' at the topics on this forum (hacking phpbb) and i saw a lot of Codes some of them about MySql injections and some about cookies ... etc well they are so helpfull but my problem is I don't know where to put these codes i mean should i upload them to my server ... etc ??

for example I want to get access admin for a forum on version 2.18 or under , What should I do ?

Step by Step if you wanted to help please.

thanks a lot Wink
View user's profile Send private message
PostPosted: Sat Apr 15, 2006 9:39 pm Reply with quote
Indiction
Regular user
Regular user
Joined: Apr 12, 2006
Posts: 11




lol.

So basically when you submit a form, thats where an SQL injection goes. If index.php accepts an unsanatized arguement sid, then you type in

http://victim.haxme.com/directory/index.php?sid=UNION%20(injection_goes_here)
View user's profile Send private message
PostPosted: Sat Apr 15, 2006 10:38 pm Reply with quote
dinho
Regular user
Regular user
Joined: Apr 15, 2006
Posts: 16




Thanks for the replay man Wink

Okay lets say I wanted to use this Code ( i'm about to attack a forum of 2.0.5 version ) which thats what this code for ...

http://www.milw0rm.com/id.php?id=44

How am i going to use it ??

Thanks in advance.
View user's profile Send private message
PostPosted: Sun Apr 16, 2006 7:52 pm Reply with quote
Chb
Valuable expert
Valuable expert
Joined: Jul 23, 2005
Posts: 206
Location: Germany




dinho wrote:
Thanks for the replay man Wink

Okay lets say I wanted to use this Code ( i'm about to attack a forum of 2.0.5 version ) which thats what this code for ...

http://www.milw0rm.com/id.php?id=44

How am i going to use it ??

Thanks in advance.


As you can see in the first line of that script it is for the perl interpreter. So it's a perl scri?pt. Wink This means you should use perl to run that script on your computer. If you're linux user there should be perl already. If you're windowzer you can use ActivePerl.

Cu,
Chb

_________________
www.der-chb.de
View user's profile Send private message Visit poster's website ICQ Number
PostPosted: Sun Apr 16, 2006 10:16 pm Reply with quote
dinho
Regular user
Regular user
Joined: Apr 15, 2006
Posts: 16




Chb wrote:
dinho wrote:
Thanks for the replay man Wink

Okay lets say I wanted to use this Code ( i'm about to attack a forum of 2.0.5 version ) which thats what this code for ...

http://www.milw0rm.com/id.php?id=44

How am i going to use it ??

Thanks in advance.


As you can see in the first line of that script it is for the perl interpreter. So it's a perl scri?pt. Wink This means you should use perl to run that script on your computer. If you're linux user there should be perl already. If you're windowzer you can use ActivePerl.

Cu,
Chb


Thanks a lot man Wink
Do you know where I can download ActivePerl !!!
ciao
View user's profile Send private message
PostPosted: Sun Apr 16, 2006 10:59 pm Reply with quote
sljyro
Advanced user
Advanced user
Joined: Mar 23, 2006
Posts: 53




http://www.activestate.com/Products/ActivePerl/?mp=1
View user's profile Send private message
PostPosted: Mon Apr 17, 2006 12:12 am Reply with quote
dinho
Regular user
Regular user
Joined: Apr 15, 2006
Posts: 16




sljyro wrote:
http://www.activestate.com/Products/ActivePerl/?mp=1


Thanks a lot man
but when i downloaded the folder there's many files on it Confused I mean i don't know which one should i use Embarassed
View user's profile Send private message
PostPosted: Mon Apr 17, 2006 12:25 am Reply with quote
sljyro
Advanced user
Advanced user
Joined: Mar 23, 2006
Posts: 53




you dont have to use any.

go to your command prompt and set path to Perl, if you installed it in default directory (C:\Perl) it should be this:

Code:
c:\path %PATH;C:\Perl\bin


to check if its done correctly

Code:
c:\ECHO %PATH%


now all you do is test the example file under the Perl\eg\ directory

Code:
c:\..\..> perl example.pl



im new at this too, i think that's right.
View user's profile Send private message
PostPosted: Mon Apr 17, 2006 1:40 am Reply with quote
Indiction
Regular user
Regular user
Joined: Apr 12, 2006
Posts: 11




Download the Windows MSI installer and run it.
View user's profile Send private message
PostPosted: Mon Apr 17, 2006 12:47 pm Reply with quote
dinho
Regular user
Regular user
Joined: Apr 15, 2006
Posts: 16




Thanks a lot guyz ...

What should i type in the CMD windows !!!
i tryed to open the script but it says something like " No such file or derictory " !!!!
help plz

thanks guyz Wink
View user's profile Send private message
PostPosted: Mon Apr 17, 2006 5:53 pm Reply with quote
sljyro
Advanced user
Advanced user
Joined: Mar 23, 2006
Posts: 53




make sure you are typing under the right directory, to change a directory type
Code:
C:\cd [directoryname]


to go up a level you type
Code:
cd..
View user's profile Send private message
PostPosted: Mon Apr 17, 2006 6:25 pm Reply with quote
dinho
Regular user
Regular user
Joined: Apr 15, 2006
Posts: 16




sljyro wrote:
make sure you are typing under the right directory, to change a directory type
Code:
C:\cd [directoryname]


to go up a level you type
Code:
cd..


okay brov
done and am about to finish hacking my first forum Laughing
Well BIG THANKS TO THIS FORUM Wink
Ciao
View user's profile Send private message
PostPosted: Mon Apr 17, 2006 7:39 pm Reply with quote
Aryan-Husky
Active user
Active user
Joined: Apr 03, 2006
Posts: 37




Hi could somebody help me to use this script

http://www.milw0rm.com/exploits/1080

in ActivePerl?

Thanks, im not sure what to do after I launch the script, any help would be much appreciated.
View user's profile Send private message
PostPosted: Mon Apr 17, 2006 10:33 pm Reply with quote
sljyro
Advanced user
Advanced user
Joined: Mar 23, 2006
Posts: 53




im not sure if this is what you were looking for, if not, sorry! Very Happy

the script gives an example:

Code:

Example 1 (with cookiestring);

phpbbSecured.pl 192.168.168.123 /PHPBB/ 8 \"phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D; phpbb2mysql_sid=10dae92b780914332896df43808c4e09\"

Example 2 (without cookiestring);
phpbbSecured.pl 192.168.168.123 /PHPBB/ 20


there are four arguments

Code:

$serv = $ARGV[0];
$dir = $ARGV[1];
$threadid = $ARGV[2];
$cookie = $ARGV[3];


firs one is the server IP(eg. XXX.XXX.XXX.XXX) , second one is the forum directory(eg. /phpBB/ or /forum/), third is the thread ID, and fourth is the cookie which is optional.

you run it like
Code:
perl scriptname.pl arg1 arg2 arg3 arg4


then execute! hope this helps
View user's profile Send private message
PostPosted: Tue Apr 18, 2006 6:27 am Reply with quote
Aryan-Husky
Active user
Active user
Joined: Apr 03, 2006
Posts: 37




Hi sljyro,

Yes that worked fine except it says it is failing to connect. My target forum is 2.0.15, I know this because I was a Moderator on this board and the Admin doesn't know how to update it.

I tried entering the url as http://www.target.com www.target.com and target.com all keep failing, any ideas?

Thanks again for he help.
View user's profile Send private message
[Help] How these codes work !!!
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 2
Goto page 1, 2Next
Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.046 Seconds