 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
Re: hello |
 |
 Posted: Tue Sep 23, 2008 12:57 am |
 |
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
 |
|
 |
|
| XXxxImmortalxxXX wrote: | hello thanks for hte exploit as i am running 2.3.5 i tryed ur script and it didnt hack my account is there some way we can do a chat session and i let u try to do the attack on my site and see if u gain access to it? add me on msn
scyther777@live.com
if u dont midn |
| Code: |
User ID: 1
Hash: 766ee790c52c18c10718d82e7bd830d4
Salt: &_]p"
|
 |
|
|
|
|
|
Re: hello |
|
| Posted: Tue Sep 23, 2008 1:25 am |
|
|
| Irakirashia |
| Beginner |
 |
|
| Joined: Sep 22, 2008 |
| Posts: 2 |
|
|
|
|
|
|
|
| waraxe wrote: | | XXxxImmortalxxXX wrote: | hello thanks for hte exploit as i am running 2.3.5 i tryed ur script and it didnt hack my account is there some way we can do a chat session and i let u try to do the attack on my site and see if u gain access to it? add me on msn
scyther777@live.com
if u dont midn |
| Code: |
User ID: 1
Hash: 766ee790c52c18c10718d82e7bd830d4
Salt: &_]p"
|
|
Inmortal, anyways, you don't "hack" with this. You still have to decript the hash, separate the salt from the hashed password, and decrypt it again ;x
Good luck on doing that without the apropiate software. What I did was dumping the whole database of my target, so I can have the md5's & salts saved in case they fix the vulnerability. And then...with time and good tools just crack the hashes ;x |
|
|
|
|
|
|
|
|
| Posted: Tue Sep 23, 2008 4:21 am |
|
|
| Toxicated |
| Regular user |
|
|
| Joined: Sep 22, 2008 |
| Posts: 9 |
|
|
|
|
|
|
|
Good job Axe  Thanks a lot for this. Now for the cracking part... |
|
|
|
|
| Posted: Tue Sep 23, 2008 2:18 pm |
|
|
| mehu |
| Regular user |
|
|
| Joined: Sep 23, 2008 |
| Posts: 12 |
|
|
|
|
|
|
|
| I have to say, this is a brilliant script. Really well done waraxe! |
|
|
|
|
| Posted: Tue Sep 23, 2008 2:35 pm |
|
|
| new2world |
| Beginner |
|
|
| Joined: Sep 23, 2008 |
| Posts: 1 |
|
|
|
|
|
|
|
i am having this error i am new to this hacking world soo please guide me i have already found a forum by testing the url u gave me but when it tried to run exploit i am this error
C:\php\php4>php.exe -q hack1.php
PHP Warning: dl() [<a href='function.dl'>function.dl</a>]: Unable to load dynam
ic library './php_curl.dll' - The specified procedure could not be found.
in C:\php\php4\hack1.php on line 44
Curl extension not loaded!
Fatal exit ...
i am using windows xp system
so can any one help me please waiting for reply
bye |
|
|
|
|
| Posted: Tue Sep 23, 2008 8:48 pm |
|
|
| stereoa |
| Beginner |
|
|
| Joined: Sep 23, 2008 |
| Posts: 4 |
|
|
|
|
|
|
|
| Ughh. I am trying to insert a for loop around the main part of the script, but it can't reference the global variables or I get T_SCRIPT errors. Help all us PHP noobs. |
|
|
|
|
|
|
|
|
| Posted: Tue Sep 23, 2008 8:49 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| new2world wrote: | i am having this error i am new to this hacking world soo please guide me i have already found a forum by testing the url u gave me but when it tried to run exploit i am this error
C:\php\php4>php.exe -q hack1.php
PHP Warning: dl() [<a href='function.dl'>function.dl</a>]: Unable to load dynam
ic library './php_curl.dll' - The specified procedure could not be found.
in C:\php\php4\hack1.php on line 44
Curl extension not loaded!
Fatal exit ...
i am using windows xp system
so can any one help me please waiting for reply
bye |
You have to edit php.ini file (it's usually located in windows folder).
| Code: |
; Directory in which the loadable extensions (modules) reside.
extension_dir = "./ext"
|
| Code: |
extension=php_curl.dll
|
Let me know about results ... |
|
|
|
|
|
|
|
|
| Posted: Tue Sep 23, 2008 8:51 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| stereoa wrote: | | Ughh. I am trying to insert a for loop around the main part of the script, but it can't reference the global variables or I get T_SCRIPT errors. Help all us PHP noobs. |
Your intentions? Multi ID mode? This will be implemented in exploit's next version, very soon |
|
|
|
|
| Posted: Tue Sep 23, 2008 9:07 pm |
|
|
| martin1 |
| Regular user |
|
|
| Joined: Sep 21, 2008 |
| Posts: 17 |
|
|
|
|
|
|
|
nice one waraxe cant wait for it  |
|
|
|
|
| Posted: Wed Sep 24, 2008 12:11 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
| Posted: Mon Sep 29, 2008 4:35 pm |
|
|
| mehu |
| Regular user |
|
|
| Joined: Sep 23, 2008 |
| Posts: 12 |
|
|
|
|
|
|
|
| Is it possible to fetch the users login name rather than memberid that will get me their display name. I'm asking because I have a admin pw cracked, but the admin's display name seems to differ from his login name. |
|
|
|
|
|
|
|
|
| Posted: Mon Sep 29, 2008 10:07 pm |
|
|
| SnIpEr |
| Active user |
 |
|
| Joined: Sep 25, 2008 |
| Posts: 37 |
|
|
|
|
|
|
|
Meh, I feel like an idiot for asking, but here's my question.
How do I run the script? Here's what I've done so far in editing the .php file (the exploit):
$url = 'http://thenameoftheforum.com/Forums/index.php?act=idx';
$id = 1;// ID of the target user, default value "1" is admin's ID
$prefix = 'ibf_';// IPB table prefix, default is "ibf_"
# Proxy settings
# Be sure to use proxy
//$proxy_ip_port = '127.0.0.1:8118';
//$proxy_user_password = 'someuser:somepassword';
$outfile = './ipblog.txt';// Log file
Is that right, or do I have to edit it further (I added "thenameoftheforum.com", obviously)
The other thing is, what's the command to run this thing? I named the file IPB.php, and I put it in this folder path:
C:\PHP\IPB.php
Do I run that from the PHP Command prompt I get when I press php.exe, or a command prompt in Windows?
I feel so n00b, please help ) : |
|
|
|
|
|
|
|
|
| Posted: Tue Sep 30, 2008 10:07 am |
|
|
| raveenbi |
| Beginner |
|
|
| Joined: Sep 30, 2008 |
| Posts: 1 |
|
|
|
|
|
|
|
i am a newbie please clarify following..
!) if the target forum is in Linux/Unix is this work?
2) where i can add target forum url in this script.
3)where i can see the outputs.
Sorry if i am asking stupid questions.Thanks in advance. |
|
|
|
|
|
|
|
|
| Posted: Sun Oct 05, 2008 6:37 am |
|
|
| BaH |
| Regular user |
 |
|
| Joined: Oct 05, 2008 |
| Posts: 7 |
| Location: stPeterburg |
|
|
|
|
|
|
Hallo!! Thank`s for xploid!! plz help!!
corrected php.ini and added php_curl.dll!
| Code: | C:\Documents and Settings\bombo>c:\php\php.exe c:\ipb.php
PHP Warning: PHP Startup: curl: Unable to initialize module
Module compiled with module API=20001222, debug=0, thread-safety=1
PHP compiled with module API=20060613, debug=0, thread-safety=1
These options need to match
in Unknown on line 0
PHP Warning: dl(): curl: Unable to initialize module
Module compiled with module API=20001222, debug=0, thread-safety=1
PHP compiled with module API=20060613, debug=0, thread-safety=1
These options need to match
in C:\ipb.php on line 44
Curl extension not loaded!
Fatal exit ...
|
As it can be repaired? |
|
|
|
|
|
|
|
|
| Posted: Sun Oct 05, 2008 6:58 am |
|
|
| BaH |
| Regular user |
|
|
| Joined: Oct 05, 2008 |
| Posts: 7 |
| Location: stPeterburg |
|
|
|
|
|
|
2sniper:
1)write the site name :
vasyalol.com or forum.vasyalol.com orr vasyalol.com /forum/ !!!
2)Use cmd.exe in the start-up menu there it is necessary to specify a way to php.exe and youxploid.php!!
SoRRy on my English i`m Russian @_@! |
|
|
|
|
www.waraxe.us Forum Index -> Invision Power Board
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 3 of 5
Goto page Previous1, 2, 3, 4, 5Next
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 207
Members: 0
Total: 207
