 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 110
 Members: 0
 Total: 110
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
| ayvegh |
|
| Replies: 21 |
| Views: 30677 |
|
|
 |
|
 |
|
haha What a joke!
I picked up the password in the preliminary attack!
For my security, I won't divulge the password, but it was a six digit number! 
Now, it seems this Admin was smarter than ... |
|
|
|
| ayvegh |
|
| Replies: 21 |
| Views: 30677 |
|
|
|
|
|
|
Try with passwordspro
md5(md5($pass))
Alright, it's running.
I'll have to get it running on my other machine to get some dedicated processing power, but thanks for all your help!
ayvegh |
|
|
|
| ayvegh |
|
| Replies: 21 |
| Views: 30677 |
|
|
|
|
|
|
Login to database and get login:hash:salt of user with id=1.Try do decrypt.
I already have the complete database as a precaution.
What method can I use to decrypt the salted hash? Unsalted hashes ... |
|
|
|
| ayvegh |
|
| Replies: 21 |
| Views: 30677 |
|
|
|
|
|
|
If you have FTP access read this
http://www.waraxe.us/ftopict-2487.html
That's the thing: I don't have FTP access, but I have access to the FTP users list, so I know that the Admin whose password ... |
|
|
|
| ayvegh |
|
| Replies: 21 |
| Views: 30677 |
|
|
|
|
|
|
Show me
ls -al /var/www/
No need to post the whole thing- here's a directory and a file:
total 3110
drwxr-xr-x 4 10001 www-data 4096 2008-09-01 16:18 admincp
-rw-r--r-- 1 10001 www-dat ... |
|
|
|
| ayvegh |
|
| Replies: 21 |
| Views: 30677 |
|
|
|
|
|
|
print_r(shell_exec('id'));
gives
uid=33(www-data) gid=33(www-data) groups=33(www-data) |
|
|
|
| ayvegh |
|
| Replies: 21 |
| Views: 30677 |
|
|
|
|
|
|
Okay, so I've refined my code a bit:
print_r(shell_exec('pwd'));
All that gives me is the directory string of where my script is located:
/var/www/[redacted]/www/[redact ... |
|
|
|
| ayvegh |
|
| Replies: 21 |
| Views: 30677 |
|
|
|
|
|
|
Hmm... that's not any form of social engineering I know of, but hey, I'm the noob here, right? 
Okay, so I ran this code from my location in the web directory:
$output = NULL;
@exec("l ... |
|
|
|
| ayvegh |
|
| Replies: 21 |
| Views: 30677 |
|
|
|
|
|
|
I hate to sound like such a noob, but I have two questions:
1. What are you trying to accomplish with these shell scripts?
2. How do I use these scripts? <?php exec(); ?> ?
Thanks again ... |
|
|
|
| ayvegh |
|
| Replies: 21 |
| Views: 30677 |
|
|
|
|
|
|
Hmm... now I'm really confused.
I have read-only access to the root of the filesystem.
What would that script accomplish?
Many thanks,
ayvegh |
|
|
|
| ayvegh |
|
| Replies: 21 |
| Views: 30677 |
|
|
|
|
|
|
| Try password for mysql to ftp,admin panel ..etc.If you don't have shell upload some small shell on server and look maybe this guy have other sites on this server.Search admin panel's,passwords,other d ... |
|
|
|
| ayvegh |
|
| Replies: 21 |
| Views: 30677 |
|
|
|
|
|
|
Hi everybody.
I've hacked a very large vBulletin-powered site.
I'm knowledgeable in PHP, MySQL, etc.
I have access to phpMyAdmin using the username/password from the config.php file, and I have ... |
|
|
| Page 1 of 1 |
All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
