 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
|
| maybe, but you have to give more info |
|
|
|
|
it's an L2 server aight?
anyways, as already said, if you have the mysql root's password you should find a way to run SQL code on it, because with root privs you can load_file() and select into out ... |
|
|
|
|
if you are root and can only use select statements, you're done.
use select load_file('/complete/path/to/file') to read a file, or select 'data' into outfile '/path/to/file' to write some dat ... |
|
|
|
|
| I m sorry to say this is really script kiddish |
|
|
|
|
lol, of course there could be other vulnerabilities...
What tou mean? |
|
|
|
|
| admin:a4fb40dbb9eed3f878da94d8596bf67b:r-s |
|
|
|
|
Probably the script is outputting just the first line; try hexing the string:
hex(load_file('/etc/passwd'))
anyways, reading the passwd file nowadays will just give you an idea of what users can l ... |
|
|
|
|
| I think it is md5() unix, a really though one (to bruteforce) |
|
|
|
|
no the best way was the one waraxe told, infact I was just doing it before reading his post.
1. Install IonCube
2. create a php script that includes the coded one and prints out the variables.
... |
|
|
|
|
| mmh, I don't wanna forget it, it's got root's password in it I think. |
|
|
|
|
How do you decode php files encoded with ioncube?
Shall I reverse engeneer the dlls that comes with it? is it worth it? |
|
|
|
|
See if you can crack this one, thanks!
e314878ab5801f307684fdd3d925de8f:ans1I |
|
|
|
|
| Yes, I do like so: whenever I find a password, I write it down both in a combolist user:pass and in a wordlist (just the pass). This works greatly. |
|
|
| Page 1 of 4 |
Goto page 1, 2, 3, 4Next
All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 227
Members: 0
Total: 227
