Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
November 18, 2019
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 361
Members: 0
Total: 361
PacketStorm News
Currently there is a problem with headlines from this site
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Invision Power Board -> IPB <= 2.3.5 sql injection hash/salt fetching exploit Goto page Previous  1, 2, 3, 4, 5  Next
Post new topic  Reply to topic View previous topic :: View next topic 
Re: hello
PostPosted: Tue Sep 23, 2008 12:57 am Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




XXxxImmortalxxXX wrote:
hello thanks for hte exploit as i am running 2.3.5 i tryed ur script and it didnt hack my account is there some way we can do a chat session and i let u try to do the attack on my site and see if u gain access to it? add me on msn

scyther777@live.com

if u dont midn


Code:

User ID: 1
Hash: 766ee790c52c18c10718d82e7bd830d4
Salt: &_]p"


Rolling Eyes
View user's profile Send private message Send e-mail Visit poster's website
Re: hello
PostPosted: Tue Sep 23, 2008 1:25 am Reply with quote
Irakirashia
Beginner
Beginner
 
Joined: Sep 22, 2008
Posts: 2




waraxe wrote:
XXxxImmortalxxXX wrote:
hello thanks for hte exploit as i am running 2.3.5 i tryed ur script and it didnt hack my account is there some way we can do a chat session and i let u try to do the attack on my site and see if u gain access to it? add me on msn

scyther777@live.com

if u dont midn


Code:

User ID: 1
Hash: 766ee790c52c18c10718d82e7bd830d4
Salt: &_]p"


Rolling Eyes


Inmortal, anyways, you don't "hack" with this. You still have to decript the hash, separate the salt from the hashed password, and decrypt it again ;x

Good luck on doing that without the apropiate software. What I did was dumping the whole database of my target, so I can have the md5's & salts saved in case they fix the vulnerability. And then...with time and good tools just crack the hashes ;x
View user's profile Send private message
PostPosted: Tue Sep 23, 2008 4:21 am Reply with quote
Toxicated
Regular user
Regular user
 
Joined: Sep 22, 2008
Posts: 9




Good job Axe Smile Thanks a lot for this. Now for the cracking part...
View user's profile Send private message
PostPosted: Tue Sep 23, 2008 2:18 pm Reply with quote
mehu
Regular user
Regular user
 
Joined: Sep 23, 2008
Posts: 12




I have to say, this is a brilliant script. Really well done waraxe! Smile
View user's profile Send private message
PostPosted: Tue Sep 23, 2008 2:35 pm Reply with quote
new2world
Beginner
Beginner
 
Joined: Sep 23, 2008
Posts: 1




i am having this error i am new to this hacking world soo please guide me i have already found a forum by testing the url u gave me but when it tried to run exploit i am this error

C:\php\php4>php.exe -q hack1.php
PHP Warning: dl() [<a href='function.dl'>function.dl</a>]: Unable to load dynam
ic library './php_curl.dll' - The specified procedure could not be found.
in C:\php\php4\hack1.php on line 44
Curl extension not loaded!
Fatal exit ...


i am using windows xp system
so can any one help me please waiting for reply
bye
View user's profile Send private message
PostPosted: Tue Sep 23, 2008 8:48 pm Reply with quote
stereoa
Beginner
Beginner
 
Joined: Sep 23, 2008
Posts: 4




Ughh. I am trying to insert a for loop around the main part of the script, but it can't reference the global variables or I get T_SCRIPT errors. Help all us PHP noobs.
View user's profile Send private message
PostPosted: Tue Sep 23, 2008 8:49 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




new2world wrote:
i am having this error i am new to this hacking world soo please guide me i have already found a forum by testing the url u gave me but when it tried to run exploit i am this error

C:\php\php4>php.exe -q hack1.php
PHP Warning: dl() [<a href='function.dl'>function.dl</a>]: Unable to load dynam
ic library './php_curl.dll' - The specified procedure could not be found.
in C:\php\php4\hack1.php on line 44
Curl extension not loaded!
Fatal exit ...


i am using windows xp system
so can any one help me please waiting for reply
bye


You have to edit php.ini file (it's usually located in windows folder).

Code:


; Directory in which the loadable extensions (modules) reside.

extension_dir = "./ext"



Code:

extension=php_curl.dll


Let me know about results ...
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Tue Sep 23, 2008 8:51 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




stereoa wrote:
Ughh. I am trying to insert a for loop around the main part of the script, but it can't reference the global variables or I get T_SCRIPT errors. Help all us PHP noobs.


Your intentions? Multi ID mode? This will be implemented in exploit's next version, very soon Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Tue Sep 23, 2008 9:07 pm Reply with quote
martin1
Regular user
Regular user
 
Joined: Sep 21, 2008
Posts: 17




nice one waraxe cant wait for it Twisted Evil
View user's profile Send private message
PostPosted: Wed Sep 24, 2008 12:11 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Here is the new version, with multi ID's support:

http://www.waraxe.us/ftopict-3340.html

Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Mon Sep 29, 2008 4:35 pm Reply with quote
mehu
Regular user
Regular user
 
Joined: Sep 23, 2008
Posts: 12




Is it possible to fetch the users login name rather than memberid that will get me their display name. I'm asking because I have a admin pw cracked, but the admin's display name seems to differ from his login name.
View user's profile Send private message
PostPosted: Mon Sep 29, 2008 10:07 pm Reply with quote
SnIpEr
Active user
Active user
 
Joined: Sep 25, 2008
Posts: 37




Meh, I feel like an idiot for asking, but here's my question.

How do I run the script? Here's what I've done so far in editing the .php file (the exploit):

$url = 'http://thenameoftheforum.com/Forums/index.php?act=idx';
$id = 1;// ID of the target user, default value "1" is admin's ID
$prefix = 'ibf_';// IPB table prefix, default is "ibf_"
# Proxy settings
# Be sure to use proxy Smile
//$proxy_ip_port = '127.0.0.1:8118';
//$proxy_user_password = 'someuser:somepassword';
$outfile = './ipblog.txt';// Log file

Is that right, or do I have to edit it further (I added "thenameoftheforum.com", obviously)

The other thing is, what's the command to run this thing? I named the file IPB.php, and I put it in this folder path:

C:\PHP\IPB.php

Do I run that from the PHP Command prompt I get when I press php.exe, or a command prompt in Windows?

I feel so n00b, please help ) :
View user's profile Send private message
PostPosted: Tue Sep 30, 2008 10:07 am Reply with quote
raveenbi
Beginner
Beginner
 
Joined: Sep 30, 2008
Posts: 1




i am a newbie please clarify following..

!) if the target forum is in Linux/Unix is this work?
2) where i can add target forum url in this script.
3)where i can see the outputs.

Sorry if i am asking stupid questions.Thanks in advance.
View user's profile Send private message
PostPosted: Sun Oct 05, 2008 6:37 am Reply with quote
BaH
Regular user
Regular user
 
Joined: Oct 05, 2008
Posts: 7
Location: stPeterburg




Hallo!! Thank`s for xploid!! plz help!!
corrected php.ini and added php_curl.dll!
Code:
C:\Documents and Settings\bombo>c:\php\php.exe c:\ipb.php
PHP Warning:  PHP Startup: curl: Unable to initialize module
Module compiled with module API=20001222, debug=0, thread-safety=1
PHP    compiled with module API=20060613, debug=0, thread-safety=1
These options need to match
 in Unknown on line 0
PHP Warning:  dl(): curl: Unable to initialize module
Module compiled with module API=20001222, debug=0, thread-safety=1
PHP    compiled with module API=20060613, debug=0, thread-safety=1
These options need to match
 in C:\ipb.php on line 44
Curl extension not loaded!
 Fatal exit ...
As it can be repaired?
View user's profile Send private message ICQ Number
PostPosted: Sun Oct 05, 2008 6:58 am Reply with quote
BaH
Regular user
Regular user
 
Joined: Oct 05, 2008
Posts: 7
Location: stPeterburg




2sniper:
1)write the site name :
vasyalol.com or forum.vasyalol.com orr vasyalol.com /forum/ !!!
2)Use cmd.exe in the start-up menu there it is necessary to specify a way to php.exe and youxploid.php!!
SoRRy on my English i`m Russian @_@!
View user's profile Send private message ICQ Number
IPB <= 2.3.5 sql injection hash/salt fetching exploit
  www.waraxe.us Forum Index -> Invision Power Board
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 3 of 5  
Goto page Previous  1, 2, 3, 4, 5  Next
  
  
 Post new topic  Reply to topic  




Powered by phpBB 2001-2008 phpBB Group






All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2013 Janek Vind "waraxe"
Page Generation: 0.087 Seconds