Waraxe IT Security Portal
Login or Register
November 24, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 46
Members: 0
Total: 46
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Newbies corner -> version phpbb? Goto page 1, 2, 3Next
Post new topicReply to topic View previous topic :: View next topic
version phpbb?
PostPosted: Sun Aug 03, 2008 6:04 pm Reply with quote
Harold
Regular user
Regular user
Joined: Aug 03, 2008
Posts: 17




If I want to hack a forum, how do i know which version it is? Even better: Is there a complete tutorial sopmewhere/on this forum?

If you want I can give u the link to the forums.

Thanks and greetz

Harold
View user's profile Send private message
Re: version phpbb?
PostPosted: Sun Aug 03, 2008 7:11 pm Reply with quote
x3roconf_
Advanced user
Advanced user
Joined: May 01, 2008
Posts: 101




Harold wrote:
If I want to hack a forum, how do i know which version it is? Even better: Is there a complete tutorial sopmewhere/on this forum?

If you want I can give u the link to the forums.

Thanks and greetz

Harold


Check /forum_path/docs/CHANGELOG.html to get version number. Smile
View user's profile Send private message
PostPosted: Sun Aug 03, 2008 7:56 pm Reply with quote
Harold
Regular user
Regular user
Joined: Aug 03, 2008
Posts: 17




That would be www.ninyou.nl/forum/docs/CHANGELOG.html

Page cannot be found.
View user's profile Send private message
PostPosted: Sun Aug 03, 2008 8:14 pm Reply with quote
lenny
Valuable expert
Valuable expert
Joined: May 15, 2008
Posts: 275




In that case it is rather difficult to get the version number short of actually asking the admin Smile
View user's profile Send private message
PostPosted: Sun Aug 03, 2008 8:17 pm Reply with quote
oniric
Advanced user
Advanced user
Joined: Jul 24, 2008
Posts: 65




Maybe with some sort of fingerprinting automated software but I don't know if one exists for phpBB2.
View user's profile Send private message
PostPosted: Sun Aug 03, 2008 8:57 pm Reply with quote
Harold
Regular user
Regular user
Joined: Aug 03, 2008
Posts: 17




Or i'll just try exploits for all versions. But I totally don't understand anything from this, so is there a tutorlial somewhere?
View user's profile Send private message
PostPosted: Mon Aug 04, 2008 10:23 am Reply with quote
lenny
Valuable expert
Valuable expert
Joined: May 15, 2008
Posts: 275




No, but its relatively easy - Just don't make a habit of it, and don't do it for the sake of it. That would be a script kiddie, which are severley disliked in the security community.

Anyway, what you have to do is search and research exploits for the specific version of the software you are targeting (in this case phpBB). Once you have an explot, it may come in several formats/languages. Find the format of the exploit (should be relatively easy, look for givaways), for example perl. Download and install perl (or whatever language processor is required) , and execute the exploit using "perl <path to exploit". To put it simply, download it and execute it.
View user's profile Send private message
PostPosted: Tue Aug 05, 2008 12:51 pm Reply with quote
Harold
Regular user
Regular user
Joined: Aug 03, 2008
Posts: 17




Ok, I want to try exploits for all Phpbb versions now, but if I activate an exploit in cmd (exploit is .pl, is in the bin map of perl) it asks wich program. How do I set the .pl to perl? So I can activate the exploit in dos?

btw can you see if www.ninyou.nl/forum really is phpbb2?

Thanks!
View user's profile Send private message
PostPosted: Tue Aug 05, 2008 1:01 pm Reply with quote
oniric
Advanced user
Advanced user
Joined: Jul 24, 2008
Posts: 65




Mmm, just looked better at it, filenames and dirnames stuff too, and.. I don't think it's phpbb ^^ Maybe WBB
View user's profile Send private message
PostPosted: Tue Aug 05, 2008 2:02 pm Reply with quote
Harold
Regular user
Regular user
Joined: Aug 03, 2008
Posts: 17




Yes! I just found it, it is WBB indeed. Does that work with versions and expoloits too?
View user's profile Send private message
PostPosted: Tue Aug 05, 2008 2:10 pm Reply with quote
oniric
Advanced user
Advanced user
Joined: Jul 24, 2008
Posts: 65




Search milw0rm.com for spoits.
View user's profile Send private message
PostPosted: Tue Aug 05, 2008 2:14 pm Reply with quote
Harold
Regular user
Regular user
Joined: Aug 03, 2008
Posts: 17




I serached for WBB and found 4. Which one is for admin rights? And if you have the good one with what do I use it? (Perl PHP etc)
View user's profile Send private message
PostPosted: Tue Aug 05, 2008 2:19 pm Reply with quote
oniric
Advanced user
Advanced user
Joined: Jul 24, 2008
Posts: 65




If you searched for "WBB" one is a video about a XSS vuln, and the other are not related to WBB ( two are plugins for it ).

If you search "woltlab burning board" there are many interesting results. I would stay on the SQL ones Wink
View user's profile Send private message
PostPosted: Tue Aug 05, 2008 2:30 pm Reply with quote
Harold
Regular user
Regular user
Joined: Aug 03, 2008
Posts: 17




oniric wrote:
If you searched for "WBB" one is a video about a XSS vuln, and the other are not related to WBB ( two are plugins for it ).

If you search "woltlab burning board" there are many interesting results. I would stay on the SQL ones Wink


Yes, I see the list now. So, which one is an admin hack?

And what is an SQL injection?
View user's profile Send private message
PostPosted: Tue Aug 05, 2008 2:35 pm Reply with quote
oniric
Advanced user
Advanced user
Joined: Jul 24, 2008
Posts: 65




The ones marked with SQL. Don't use the first " Woltlab Burning Board Addon JGS-Treffen SQL Injection Vulnerability " and the "Woltlab Burning Board 2.x Datenbank MOD (fileid) Remote SQL Injection" one because they are developed for WBB addons. And try to download a version of WBB to find out where version information are hidden ( maybe you can tell if it's version 2.x or 3.x looking at differences in the directory structure between the two versions ). Don't be lazy ^_^
View user's profile Send private message
version phpbb?
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 3
Goto page 1, 2, 3Next
Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.038 Seconds