Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
October 20, 2019
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 252
Members: 0
Total: 252
PacketStorm News
Currently there is a problem with headlines from this site
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> How to use gathered md5 hash? Step-by-step tutorial 4 n00bs Goto page Previous  1, 2, 3, 4, 5  Next
Post new topic  Reply to topic View previous topic :: View next topic 
PostPosted: Sun May 22, 2005 3:41 pm Reply with quote
mercato
Beginner
Beginner
 
Joined: May 22, 2005
Posts: 3




This exploit does not work on later versions of phpBB.

One thing you also need to do is edit the value in the cookie for the length of the userid. Admin is usually id number 2, so the length is 1.

If your userid is 1111, then the length will be 4 etc....

This does seem to wotrk on versions prior to 2.0.12 from what I can tell.
View user's profile Send private message
PostPosted: Sat Jun 25, 2005 3:33 pm Reply with quote
howitzer
Regular user
Regular user
 
Joined: Jun 25, 2005
Posts: 23




Hello i was wondering how u guys know the admin md5 hash password... i supouse that u have their cookie or what ?
How do u get their hash ?

10x forward
View user's profile Send private message
PostPosted: Sat Jun 25, 2005 11:14 pm Reply with quote
oxygenne
Advanced user
Advanced user
 
Joined: Apr 13, 2005
Posts: 52




You can get admin hash using some sort of sql injection or XSS.I was wondering if anyone have a clue how should i prepare cookie for the latest WordPress bug.I managed to get the user and pass hash which is MD5 encrypted
View user's profile Send private message
PostPosted: Sat Jun 25, 2005 11:49 pm Reply with quote
howitzer
Regular user
Regular user
 
Joined: Jun 25, 2005
Posts: 23




10x oxygenne , but there is no SQL Injection for phpbb 2.0.15 yet Confused or there is Question
View user's profile Send private message
PostPosted: Sun Jun 26, 2005 12:05 am Reply with quote
oxygenne
Advanced user
Advanced user
 
Joined: Apr 13, 2005
Posts: 52




yes but i thing there is a XSS in that version
View user's profile Send private message
PostPosted: Fri Jul 22, 2005 3:18 am Reply with quote
kidron
Beginner
Beginner
 
Joined: Jul 22, 2005
Posts: 4




is phpbb 2.0.7 and 2.0.15(.16 and 1.7) still vulnerable to cookie stilling?

because, when i look to my cookies.txt it doesn't look like this:

Code:
www.target.com FALSE / FALSE 1114433252 phpbb2mysql_data
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A32%3A%2219dd1947a95454ccaf223a731c32db0c%22%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%224%22%3B%7D
View user's profile Send private message
PostPosted: Fri Oct 14, 2005 8:49 am Reply with quote
raydog2k
Regular user
Regular user
 
Joined: Oct 14, 2005
Posts: 8




can some1 plz tell me how to change the cookie info gathered from using exploit for 2.0.12 and got this

Cookie: user=MTMyOnAycDo2ZjRjNWM1ZjUzYzJiMWQ2OWU0NDllMjdiYzQ1ZDQ3YjoxMDo6MDowOjA6MDo6NDA5Ng==; phpbb2mysql_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";s:3:\"132\";}; admin=cDJwOjBlMmM4OGRmMWU4YWZhZGI5ZTZhYjUzNThhNGM0ZGU5Og==; phpbb2mysql_sid=ee3589a62be690e2946448c626aba523; phpbb2mysql_t=a:1:{i:406;i:1129266078;}
View user's profile Send private message
PostPosted: Wed Oct 19, 2005 5:57 am Reply with quote
raydog2k
Regular user
Regular user
 
Joined: Oct 14, 2005
Posts: 8




i've figured it out but this cookie stuff doesnt seem to work....
View user's profile Send private message
Re: How to use gathered md5 hash? Step-by-step tutorial 4 n0
PostPosted: Sun Feb 26, 2006 1:15 pm Reply with quote
ianmac
Regular user
Regular user
 
Joined: Feb 26, 2006
Posts: 6




waraxe wrote:
OK, first of all, we need some preparation work.

    1. Get target password's md5 hash - in this tutorial it's 098f4bcd4621d373caae4e832628b4f6



How do I get the MD5 hash?
View user's profile Send private message
PostPosted: Thu Mar 23, 2006 1:14 am Reply with quote
sljyro
Advanced user
Advanced user
 
Joined: Mar 23, 2006
Posts: 53




hi all, new here. ive been following many threads here, so i thought i should join up.

i have got the md5 hash, user id, and everything else. changed the phpbb2mysql_data cookie succesfully (so i hope, looked easy). but everytime i try it, it just logs me out and doesnt log me in as the target.

ive tried with mozilla, firefox, opera, and all the same outcome.

could there be something i missed?

any help appreciated,

SL jyro
View user's profile Send private message
PostPosted: Wed Apr 05, 2006 7:54 am Reply with quote
Aryan-Husky
Active user
Active user
 
Joined: Apr 03, 2006
Posts: 37




I have tried this on a phpBB version 2.0.15 using Firefox and it doesn't seem to work? Can anybody else shed more light on this?

Could you maybe have to use a specific version of Firefox or Mozilla?

I am using version 1.5.0.1 of Firefox.
View user's profile Send private message
PostPosted: Wed Apr 19, 2006 9:06 pm Reply with quote
SicKn3sS
Regular user
Regular user
 
Joined: Apr 16, 2006
Posts: 14




I dont think this works anymore, i tried it exactly how you said it on my account and it wont work. I just wanna log in with the admin panel isnt there a way to do it with live http headers?
View user's profile Send private message
PostPosted: Tue Apr 25, 2006 11:44 pm Reply with quote
lazarus
Beginner
Beginner
 
Joined: Apr 23, 2006
Posts: 3




I have a big problem.

I tried to use the exploit with the picture (for phpbb 2.0.1Cool - the exploit works just fine and puts the cookie string into my log.txt file.

BUT:

I dont get the hash with the pass!

Here is what I got:

http://www.sitenameblabla.org/posting.php Cookie: as_phpbb2mysql_data=a:2:{s:6:\"userid\";s:3:\"353\";s:11:\"autologinid\";s:0:\"\";}; as_phpbb2mysql_sid=591bca2dcds72c9db708c5bbse245bc7


As you can see all I get is "sid" - no hash after "autologinid" - does it mean that the site is secured or I'm just so stupid that I'm missing something?
View user's profile Send private message
PostPosted: Wed Apr 26, 2006 10:14 pm Reply with quote
sljyro
Advanced user
Advanced user
 
Joined: Mar 23, 2006
Posts: 53




that might mean that the target user does not have autologin enabled for their account. so that is why the md5 hash isnt stored in their cookie.
View user's profile Send private message
little off-topic
PostPosted: Mon May 01, 2006 2:00 am Reply with quote
blamara
Beginner
Beginner
 
Joined: May 01, 2006
Posts: 1




I was serching something usefull ho to replace cookies in some browser and part of that task is completed tanks to this tutorial.

Also have noticed that MD5 hash is same length like PHPSESSID maybe it has something to do with it.

The problem I have is next:

I have found exploit to collect users data:
url: ... index.php?session=0b89193aca12
cookie: ... PHPSESSID=28118779305cbba8473fd7ca19dd068c ...

also have stumbled to cookies like this one:
FRQSTR=18909969x113247:1:1440|18909969|18909969|18909969|18909969;

still trying to figure it out what it is, but it must be something. I will use exploit to send me targets client, to see is this value connected to targets client.
---

Now what I want is to enter target url returned to me with session data sent to me, not sure will it work I will try later using this tutorial.

But I was thinking something in my back days I made proxy server to exploit cookies bug on some server, where my cookies were dinamically changed when access denied to switch to next user. I am thinking to use same technique, but I wonder is there on net some usefull tool like proxy where you can add filter for url and to change request dinamically ???

Any ideas ???
Or to write again my own tool,
it's borring to write tool when there must be one on web q=)

_________________
lol
View user's profile Send private message
How to use gathered md5 hash? Step-by-step tutorial 4 n00bs
  www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 4 of 5  
Goto page Previous  1, 2, 3, 4, 5  Next
  
  
 Post new topic  Reply to topic  




Powered by phpBB 2001-2008 phpBB Group






All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2013 Janek Vind "waraxe"
Page Generation: 0.069 Seconds