Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
August 26, 2019
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 254
Members: 0
Total: 254
PacketStorm News
Currently there is a problem with headlines from this site
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpNuke -> PhpNuke cookies manual crafting HowTo Goto page 1, 2  Next
Post new topic  Reply to topic View previous topic :: View next topic 
PhpNuke cookies manual crafting HowTo
PostPosted: Tue May 25, 2004 10:24 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




PhpNuke cookies manual crafting HowTo

Step-by-step tutorial by waraxe


Well, let's start with some preparation work.

    1. Get target password's md5 hash - in this tutorial it's 098f4bcd4621d373caae4e832628b4f6

    2. You need to know target's "aid" - means "author's id". I assume, that "aid" can be gathered
    by same way, as md5 hash - thrugh sql injections or xss cookietheft. In current tutorial
    admin has "aid" - "mranderson".

    3. You must have a properly working and configured Mozilla browser.

Now, let's move further. I assume, you already know where Mozilla's cookies are located. I have WindowsXP Home Edition and logged-in with username "nobody", so cookie file is located in folder:

C:\Documents and Settings\nobody\Application Data\Mozilla\Profiles\[some subfolders]\cookies.txt

Cookie file manual editing is dangerous, so beware. I suggest to make the backup first.

Next, I assume that you already have an account on target server. Go to login page, enter your username and password and log in.
Don't log out! And close Mozilla browser!! It's is very important!!!!!!!

Open "cookies.txt" and try to find cookie, which belongs to target server and named something like
"user". So, you can see long textline similar to this:

www.target.com FALSE / FALSE 1114433252 user NTgwOndhcmF4ZTozOTc5Yzf0MjQzZmFkY2MwpjBkYjk2YjdmZGQ0Y2FhMzoxMDo6MDowOjA6MDo6NDA5Ng%3D%3D

Ok, its time for the actual handwork - go to online base64 encoder at url:

http://base64-encoder-online.waraxe.us/base64/base64-encoder.php

and enter to query box actual "aid" and md5 hash, joined together with ":" (colon).
Example:

mranderson:098f4bcd4621d373caae4e832628b4f6

Now click "Encode" and you will see base64encoded string, in case of our example:

bXJhbmRlcnNvbjowOThmNGJjZDQ2MjFkMzczY2FhZTRlODMyNjI4YjRmNg==

If there are some "=" chars in the end, replace them with "%3D", so we will get this:

bXJhbmRlcnNvbjowOThmNGJjZDQ2MjFkMzczY2FhZTRlODMyNjI4YjRmNg%3D%3D


And next look up once again to Mozilla's cookie file - u saw this before -

www.target.com FALSE / FALSE 1114433252 user NTgwOndhcmF4ZTozOTc5Yzf0MjQzZmFkY2MwpjBkYjk2YjdmZGQ0Y2FhMzoxMDo6MDowOjA6MDo6NDA5Ng%3D%3D

So, replace "user" with "admin" and previous base64encoded string with the new one you just encoded.
Final result in our example will be something like this:

www.target.com FALSE / FALSE 1114433252 admin bXJhbmRlcnNvbjowOThmNGJjZDQ2MjFkMzczY2FhZTRlODMyNjI4YjRmNg%3D%3D

Thats all - save cookiefile changes, fire up Mozilla and see for yourself - mission is complete!

Any feedback is welcome!
View user's profile Send private message Send e-mail Visit poster's website
cc
PostPosted: Wed May 26, 2004 2:49 pm Reply with quote
SteX
Advanced user
Advanced user
 
Joined: May 18, 2004
Posts: 181
Location: Serbia




Tutorial is Great..I am trying to do this for months ,but never works..
A never replace "=" with "%3D" ..
Keep working waraxe..
P.S :Where did you learn all this stuffs..?? Smile

_________________

We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
-------------------------------------------------------
View user's profile Send private message
PostPosted: Wed May 26, 2004 3:27 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Well, im kinda dedicated self-learner. As long as i remember myself,
im always interested in any new knowledge and experience. My area
of interests does not end with IT, it includes many more stuff - like chemistry,
astronomy, cosmology, gene engineering, molecular nanotechnology and
many-many more sciences/technologies...
View user's profile Send private message Send e-mail Visit poster's website
Re: cc
PostPosted: Sat May 29, 2004 1:14 am Reply with quote
5y573m f41lur3
Regular user
Regular user
 
Joined: May 25, 2004
Posts: 9




SteX wrote:
Tutorial is Great..I am trying to do this for months ,but never works..
A never replace "=" with "%3D" ..
Keep working waraxe..
P.S :Where did you learn all this stuffs..?? Smile


You gotta keep always learning and learning... And by thirsty for knowledge... You gotta learn programming and how things works....
View user's profile Send private message
PostPosted: Sun May 30, 2004 11:30 pm Reply with quote
Shradnag
Beginner
Beginner
 
Joined: May 28, 2004
Posts: 2
Location: Earth




It seems like many people who visit this site are not native speekers of English.
View user's profile Send private message
PostPosted: Fri Jun 04, 2004 3:12 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Are you sure, that phpnuke version, you use, is not somehow patched against this sploiting? Coz many people reported about successfull tests of my tutorial. But ~10% tests fail. I dont now why, coz for me its working any time...
View user's profile Send private message Send e-mail Visit poster's website
Don?t work...
PostPosted: Thu Jun 24, 2004 3:58 pm Reply with quote
SpnFury
Beginner
Beginner
 
Joined: Jun 24, 2004
Posts: 1




Hi waraxe, i tryed to modify a cookie created with php-nuke, but don?t works... When i go to preferences menu of mozilla and i go to cookies the cookie of the site hasnt modified... why? plz help
View user's profile Send private message
PostPosted: Fri Jun 25, 2004 9:18 am Reply with quote
terrible one
Regular user
Regular user
 
Joined: Jun 25, 2004
Posts: 10




is it possible to download that program u put the code into? or the source codes?
View user's profile Send private message
PostPosted: Tue Jun 29, 2004 5:35 pm Reply with quote
Jeruvy
Regular user
Regular user
 
Joined: Jun 17, 2004
Posts: 6




I wonder if this may be the reason...

if (!defined('ADMIN_PAGES')) { header('Location: ../../'); exit; }

J.
View user's profile Send private message
PostPosted: Fri Jul 23, 2004 2:04 pm Reply with quote
maxhak2000
Beginner
Beginner
 
Joined: Jul 23, 2004
Posts: 1




thanks a lot....
but which version of Mozilla should i use,for this?
View user's profile Send private message
a
PostPosted: Fri Jul 23, 2004 8:56 pm Reply with quote
SteX
Advanced user
Advanced user
 
Joined: May 18, 2004
Posts: 181
Location: Serbia




I use Mozilla Firefox 0.8 .. Laughing

_________________

We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
-------------------------------------------------------
View user's profile Send private message
PostPosted: Fri Aug 27, 2004 1:26 am Reply with quote
Dark Dragon
Regular user
Regular user
 
Joined: Aug 26, 2004
Posts: 11




err, is the persons aid the same as the persons user name??


*Feals like a n00B*

_________________
Coding Support Central
View user's profile Send private message
a question plz
PostPosted: Sun Aug 29, 2004 3:21 am Reply with quote
Egy_Lover
Beginner
Beginner
 
Joined: Aug 29, 2004
Posts: 2




thanks alot waraxe.... Very Happy

but i have a problem with that, the aid is not in English and my browser can't read it! that's my problem....

how can i copy and paste it to be encoded??

_________________
I will make you smile again.
View user's profile Send private message
PostPosted: Sun Sep 19, 2004 8:49 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




In phpbb and phpnuke there are mainly 2 choices to obtain md5 hashes.
1 - XSS - victim must click on specific link or tricked somehow to trigger
cross site scripting conditions and to steal cookie with md5 hash inside.
There can be possibilities to script injection to forum posts/U2U messages
and other places.
2 - SQL Injection - you can get arbitrary md5 hash directly from database,
if you are lucky to find phpbb/phpnuke installation with not patched sql injection holes and IF union functionality is enabled (mysql version >= 4.x).
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Thu Dec 08, 2005 1:35 pm Reply with quote
IGNOR3
Regular user
Regular user
 
Joined: Nov 05, 2005
Posts: 6




It didn't work for me... do you have another way??

Specialy for PHP-NUKE 7.8
View user's profile Send private message
PhpNuke cookies manual crafting HowTo
  www.waraxe.us Forum Index -> PhpNuke
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 2  
Goto page 1, 2  Next
  
  
 Post new topic  Reply to topic  




Powered by phpBB 2001-2008 phpBB Group






Error messages
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2013 Janek Vind "waraxe"
Page Generation: 0.096 Seconds