 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 42
 Members: 0
 Total: 42
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Phpbb 3 Question |
|
 Posted: Sat Jul 14, 2007 6:35 am |
 |
|
| Cablekid |
| Advanced user |
 |
|
| Joined: Jul 14, 2007 |
| Posts: 85 |
|
|
|
 |
|
 |
|
Alrighty, i got admin to a phpbb 3 forum but i wanna try to upload a shell,
I allowed php attachments but that dosent work it renames the files and type when uploaded..
Anyother way?
Also downloaded the Database but the Users and hashes are encrypted... |
|
|
|
|
| Posted: Sat Jul 14, 2007 9:27 am |
|
|
| blaxenet |
| Active user |
|
|
| Joined: Jun 20, 2007 |
| Posts: 26 |
|
|
|
|
|
|
|
The MD5 hashes can be decoded...
Are you implying that the prefix_users table is encrypted as a whole? |
|
_________________
Blaxenet |
|
|
|
| Posted: Sat Jul 14, 2007 4:09 pm |
|
|
| Cablekid |
| Advanced user |
|
|
| Joined: Jul 14, 2007 |
| Posts: 85 |
|
|
|
|
|
|
|
Its Not the hashes,, The Whole Phpbb_uSer Table it Encrypted... and its not md5....
The Only way i can think is Making a Database Conveter for phpbb 3 to phpbb 2 ..
How about uploading a shell any idea? |
|
|
|
|
|
|
|
|
| Posted: Sun Jul 15, 2007 12:55 am |
|
|
| blaxenet |
| Active user |
|
|
| Joined: Jun 20, 2007 |
| Posts: 26 |
|
|
|
|
|
|
|
The last time I checked (1 minute ago) you can download the prefix_users table unencrypted.
Of course the board administrators may of installed some modifications to encrypt their backups.
I for one haven't seen this happen before...
Let's recap how a backup is done in phpBB3 just incase;
Admin Panel >> Maintenance >> Backup >>
Now you select your preferences and chose the prefix_users table.
(I selected the download option)
Hit submit and away you go!
If it's still displaying encrypted to you please post a few lines of the code.
This way we can see what you mean and try find a solution.
Also, when you upload an attachment it gets encrypted and loses the extension.
If you call it in your browser it won't display... you'll should get a Forbidden message.
You need the administrators password and a bit of luck to hope it's the same for his FTP in order to upload a shell, phpBB3 is (for the moment) secure for uploading attachments.
Other applications like Mambo / Joomla you can upload a shell in 2 seconds  |
|
_________________
Blaxenet |
|
|
|
|
|
|
|
| Posted: Sun Jul 15, 2007 2:51 pm |
|
|
| Cablekid |
| Advanced user |
|
|
| Joined: Jul 14, 2007 |
| Posts: 85 |
|
|
|
|
|
|
|
Hey I got it I found the password. i guess i got thrown off by the tables structuter, it has werid Charaters all around it.
Like this /nzik0zjzhb2tc/nzik0zjzhb2tc/md5hashhere/nzik0zjzhb2tc/nzik0zjzhb2tc
It was weried |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
