Waraxe IT Security Portal
Login or Register
November 24, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 39
Members: 0
Total: 39
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Newbies corner -> cracking a vbulletin password
Post new topicReply to topic View previous topic :: View next topic
cracking a vbulletin password
PostPosted: Mon May 26, 2008 6:06 pm Reply with quote
ilrb2
Regular user
Regular user
Joined: May 26, 2008
Posts: 11




mostly for the purpose of education though i would like to crack one pass. so i have passwordspro, access to the ftp and cpanel, and i would like access to the admin's account (mostly the admincp). i've tried searching but i'm afraid i don't know much about this stuff. so say i have a site, www.example.net, which is a vbull site. what would i do step by step? so far, i went to www.example.net/admincp.php and clicked on "view page source." i searched and found this:

Code:
//-->
</script>
<form action="../login.php?do=login" method="post" name="loginform" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">

<input type="hidden" name="url" value="/admincp/" />
<input type="hidden" name="s" value="09145cae798cb2cbf2e92e6626bb744e" />
<input type="hidden" name="logintype" value="cplogin" />
<input type="hidden" name="do" value="login" />
<input type="hidden" name="vb_login_md5password" value="" />
<input type="hidden" name="vb_login_md5password_utf" value="" />
<p> ;;</p><p> ;;</p>


however, i don't know if 09145cae798cb2cbf2e92e6626bb744e is the right hash since the above doesn't contain the user name. say the user name is admin, how would i obtain the hash and salt for passwordspro? or is there a better way to crack all this? please tell me what i'm doing wrong and what to do next. thanks in advanced.
View user's profile Send private message
PostPosted: Mon May 26, 2008 6:11 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




You have access to target's ftp? Can you upload arbitrary php scripts? Can you download files from target webroot? Then download config file, get mysql credentials, write simple mysql dumping script and fetch user table with all the pasword hashes and salts.
And how about phpmyadmin? Is it present? If so, then obtain mysql credentials and then use phpmyadmin.
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Mon May 26, 2008 6:24 pm Reply with quote
ilrb2
Regular user
Regular user
Joined: May 26, 2008
Posts: 11




yeah, i have access to ftp and cpanel. but could you maybe explain all this a little better? which scripts would i upload and where? and what's "downloading files from target webroot," is it downloading ftp files? and this part "Then download config file, get mysql credentials, write simple mysql dumping script and fetch user table with all the pasword hashes and salts." makes no sense to me, sorry. you wouldn't happen to have links to anything that might explain these things better?
View user's profile Send private message
PostPosted: Mon May 26, 2008 6:28 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




OK, use ftp, search for file "config.php" and download it. This file contains database name, mysql username and password. When you have this info, let me know and i will show you next step.
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Mon May 26, 2008 7:07 pm Reply with quote
ilrb2
Regular user
Regular user
Joined: May 26, 2008
Posts: 11




i think it's:

dbname: skatespo_skatespot
username: skatespo_patrick
pass: patrick

does that look right? i don't know if it's the myslq user/pass cause it says $config['MasterServer']['username'] = 'skatespo_patrick'
View user's profile Send private message
PostPosted: Mon May 26, 2008 8:05 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Good. Now try to locate phpmyadmin. Log in to Cpanel and look for phpmyadmin link. Click it. Next you will need username and password ... which you allready have Smile
If you will get inside phpmyadmin, be very careful. One careless click can destroy entire database!
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Mon May 26, 2008 8:47 pm Reply with quote
ilrb2
Regular user
Regular user
Joined: May 26, 2008
Posts: 11




well, i could've just gone directly there. well, i'm in it, what now?
View user's profile Send private message
PostPosted: Mon May 26, 2008 9:07 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Don't you know phpmyadmin basics? Select needed database (left-upper corner), then in left you will see table names. Look for users table. Click it. Next you can browse user rows and copy-paste needed info (username,hash,salt). Or better choice is "Export", so you can have all userdata at once.
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Tue May 27, 2008 1:10 am Reply with quote
ilrb2
Regular user
Regular user
Joined: May 26, 2008
Posts: 11




i really don't, i never needed to use it as an admin. i can't find a user table or user rows. could it be named something different?

i did click on users and find "password" in a list. when i view it, i get a two columns, one says "rows" and usually has the number 1 and the other says "password" and has what i think is a hash. stuff like this: 00b49815e3d1bcf7f0237926d2bf7b8b.

is this it? it doesn't say the usernames or salts though.

EDIT: nvm, i think i found it all. what kind of hash would it be? it says "+#r" but i don't know what to put for type of hash.

anyway, i'm gonna have passwordspro run but i guess i'll also ask for someone on here to try. thanks for the help.
View user's profile Send private message
PostPosted: Thu May 29, 2008 1:22 am Reply with quote
tooth
Beginner
Beginner
Joined: May 29, 2008
Posts: 3




If your trying to crack the pass it going to be here in the red color

INSERT INTO `user` VALUES(1, 6, '', 0, 'admin', 'df6e986e01d8bef78787wb3731ed47',

After you export the user table.. or however u decided to get the data from it
View user's profile Send private message
PostPosted: Fri May 30, 2008 1:12 am Reply with quote
ilrb2
Regular user
Regular user
Joined: May 26, 2008
Posts: 11




well, i just copy/pasted to passwordspro. what do you mean by "insert into user values?"
View user's profile Send private message
PostPosted: Wed Aug 13, 2008 3:37 am Reply with quote
nick
Beginner
Beginner
Joined: Aug 13, 2008
Posts: 2




I find it funny how this is Newbies corner, yet none of the questions/answers seem to answer my basic question of the first step in this elaborate process.

How would I get the password/password hash. I don't have FTP access to the server, and my privileges are that of a normal user. There's got to be some way that I can do this remotely without having to jack the site FTP or something. I don't mind researching a bit. I just need some pointers in the right direction. So far all of the knowledge base I've found has pertained to what to do with the password and methods of cracking the MD5 hash, so I'm a little lost on what to search for. Phishing is a possibility, though I'd rather not have to resort to that, since it's chance of working is minimal due to the targets being likely more proficient in computing than I am.
View user's profile Send private message
PostPosted: Wed Aug 13, 2008 9:40 am Reply with quote
ZiPo
Advanced user
Advanced user
Joined: Jul 08, 2008
Posts: 86




Well for start i would examine that web site.

Try to find as much as you can for that site, applications that are running there, components/modules/plugins installed for that application. Any javascript. Search for forms, queries. Try to find a little bit about members that are responsible for running the site. Basicly any info that you can get will put you one step closer to your goal. Then google as much info as you can about stuff you finded. Try to search about vulnerabilities for the specific application/module...whatever. Most importantly try to understand specific vulnerability. It will be hard in the begining...hell it will be hard later too, but hacking is a game of patience, persistance and sometimes really good nerves Wink

I hope that this is what you was looking for. if you wanted to know on how to hack specific site, nobody will help you there, well maybe they will, but then as specific questions and you just may get the answers.

P.S. Sorry for my English, it's not my native language, but i hope you understand what i wanted to say.

Good luck and Have Fun Smile
View user's profile Send private message
PostPosted: Wed Aug 13, 2008 6:35 pm Reply with quote
nick
Beginner
Beginner
Joined: Aug 13, 2008
Posts: 2




Yeah, it's a start.

More specifically, is there a way to intercept log-in information without altering files on the actual server? This is the latest version of vBulletin if it helps.
View user's profile Send private message
cracking a vbulletin password
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.039 Seconds