Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
August 21, 2019
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 203
Members: 0
Total: 203
PacketStorm News
Currently there is a problem with headlines from this site
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> All other software -> Cutenews <= 1.4.5 admin password md5 hash fetch exploit Goto page Previous  1, 2, 3, 4
Post new topic  Reply to topic View previous topic :: View next topic 
PostPosted: Thu May 29, 2008 1:33 am Reply with quote
Terminal
Beginner
Beginner
 
Joined: May 15, 2008
Posts: 4




Terminal wrote:
Okay thanks that helped a little but now i get
URL is Valid
Request Failed!
Sleeping 1 Seconds
Awake...
Retry #2

and it keeps going adding a second and a retry everytime.

until #10 when its gives fatal error and stops.


Can i have a hand with this?
View user's profile Send private message
PostPosted: Wed Jun 04, 2008 3:18 pm Reply with quote
mixman
Regular user
Regular user
 
Joined: Jun 03, 2008
Posts: 11
Location: Estonia,Tallinn




Hi,
i found one site and got username from there:
Quote:
Total 1 user(s) detected:
1 admin(s)
0 editor(s)
0 journalist(s)
0 commenter(s)
Pretesting passed successfully - target is vulnerable!

Fetched 1 usernames with reglevel 'admin'

tt

Total time spent: 2 seconds
HTTP requests made: 20

Questions and feedback - http://www.waraxe.us/forums.html
See ya! Smile


Now when i run other script for getting md5, i get this,
Quote:
Pretest 1 failed - wrong username?

Please help me what am i doing wrong?
Quote:
$target = 'http://www.xxxxxx.ee/uudised/search.php';
$username = 'admin'; // Username is needed
$outfile = './cute_log.txt';// Log file


Shoutd be ok?
View user's profile Send private message
PostPosted: Wed Jun 04, 2008 3:26 pm Reply with quote
Chedda
Active user
Active user
 
Joined: May 26, 2008
Posts: 27




the admin username is tt not admin.

Code:

$target = 'http://www.xxxxxx.ee/uudised/search.php';
$username = 'tt'; // Username is needed
$outfile = './cute_log.txt';// Log file
View user's profile Send private message
PostPosted: Wed Jun 04, 2008 4:06 pm Reply with quote
mixman
Regular user
Regular user
 
Joined: Jun 03, 2008
Posts: 11
Location: Estonia,Tallinn




Chedda wrote:
the admin username is tt not admin.

Code:

$target = 'http://www.xxxxxx.ee/uudised/search.php';
$username = 'tt'; // Username is needed
$outfile = './cute_log.txt';// Log file


Thank you very much, that worked! Smile
View user's profile Send private message
PostPosted: Wed Jun 11, 2008 6:41 pm Reply with quote
code_decoder
Beginner
Beginner
 
Joined: Jun 07, 2008
Posts: 2




Terminal wrote:
Terminal wrote:
Okay thanks that helped a little but now i get
URL is Valid
Request Failed!
Sleeping 1 Seconds
Awake...
Retry #2

and it keeps going adding a second and a retry everytime.

until #10 when its gives fatal error and stops.


Can i have a hand with this?


same here.. i configure everything as said before .. but i get the same problem.. any idea people ??
View user's profile Send private message
PostPosted: Wed Aug 06, 2008 10:19 am Reply with quote
andy
Beginner
Beginner
 
Joined: Aug 06, 2008
Posts: 3




Hi, in log file I get something like this:

-------------------------------------------------------
Cutenews password md5 hash fetching started
Target: http://xxxxx.xxx/News/search.php
Username: xxx


What i have to do to receive md5 hash of password? I made everything step by step from this topic instructions.
Thanks.
View user's profile Send private message
PostPosted: Wed Aug 06, 2008 10:30 am Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




andy wrote:
Hi, in log file I get something like this:

-------------------------------------------------------
Cutenews password md5 hash fetching started
Target: http://xxxxx.xxx/News/search.php
Username: xxx


What i have to do to receive md5 hash of password? I made everything step by step from this topic instructions.
Thanks.


It's allready old exploit, more than half year has passed ... so target can be patched ...
Next, do you use it as php CLI? Can you see error messages?
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Wed Aug 06, 2008 10:37 am Reply with quote
andy
Beginner
Beginner
 
Joined: Aug 06, 2008
Posts: 3




Can You tell how can i do this?
I do it in the way which is described in this thread.
No error appears.

I know that I can hack this site cause I already have done it with this.
View user's profile Send private message
PostPosted: Tue Feb 24, 2009 3:43 pm Reply with quote
shunkiano
Beginner
Beginner
 
Joined: Feb 24, 2009
Posts: 3




I have a little problem with your exploit Smile

I run it on Linux with CLI and i got this message

Validating target URL
URL is valid
Pretest failed - wrong username?
View user's profile Send private message
PostPosted: Fri Feb 27, 2009 5:17 am Reply with quote
shunkiano
Beginner
Beginner
 
Joined: Feb 24, 2009
Posts: 3




Anybody help?
View user's profile Send private message
PostPosted: Fri Feb 27, 2009 7:01 am Reply with quote
gibbocool
Advanced user
Advanced user
 
Joined: Jan 22, 2008
Posts: 208




Well it means you may have put the wrong username.

_________________
http://www.gibbocool.com
View user's profile Send private message Visit poster's website
PostPosted: Fri Feb 27, 2009 8:14 am Reply with quote
skmpz
Advanced user
Advanced user
 
Joined: Oct 11, 2008
Posts: 169
Location: Cyprus




$username = 'waraxe'; // Username is needed

have u changed that line ?
i mean instead of waraxe between the '' the user u want to attack ..
View user's profile Send private message
PostPosted: Fri Feb 27, 2009 10:31 am Reply with quote
shunkiano
Beginner
Beginner
 
Joined: Feb 24, 2009
Posts: 3




Yes of course... i change all
View user's profile Send private message
PostPosted: Thu Jan 05, 2012 3:09 pm Reply with quote
sfisher
Beginner
Beginner
 
Joined: Jan 04, 2012
Posts: 2




Hey dear Janek

first, thanks a lot for your nice work , and also I've a question,
after hacking cutenews, how can I upload a shell with Manage Images,
it avoid php file and I just can upload images !
actually I tested, HTTP Live header & tamper data to handle it but again, can't upload

thnx for your help ... Crying or Very sad
View user's profile Send private message
Cutenews <= 1.4.5 admin password md5 hash fetch exploit
  www.waraxe.us Forum Index -> All other software
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 4 of 4  
Goto page Previous  1, 2, 3, 4
  
  
 Post new topic  Reply to topic  




Powered by phpBB 2001-2008 phpBB Group






All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2013 Janek Vind "waraxe"
Page Generation: 0.097 Seconds