PDA

View Full Version : Does this site have holes?



chester pitts
03-31-2006, 10:56 AM
http://ebaytownonline.com/phpBB2/index.php

They are banning me I guessed based on ISP address....I tried reregistering but had no luck...any ideas?

carlo
03-31-2006, 10:59 AM
HELL YEAH!! its a phpbb forum :cool: they have more holes than a cheese grator.


carlo

chester pitts
03-31-2006, 11:01 AM
HELL YEAH!! its a phpbb forum :cool: they have more holes than a cheese grator.


carlo

How does one go about getting into those holes? I am a noob deluxe!

carlo
03-31-2006, 11:05 AM
well do something about being a n00b! learn how to program/hack and you will see how easy it is to get into these holes.

chester pitts
03-31-2006, 11:17 AM
I am trying..thats why i came here...lol

rename that place carlos.com or something

Ezekiel
03-31-2006, 12:01 PM
I am trying..thats why i came here...lol

rename that place carlos.com or something

http://www.securiteam.com/cgi-bin/htsearch

Search for phpbb and you will get 44 results, the newest probably being from late 2005, so if they don't patch regularly then you have more to choose from. Alternatively,

http://milw0rm.com/search/

Search for phpbb and you get a lot of results like before, but at milw0rm there is a few from 2006, definitely enough for at least one to affect the version running on the site. So that's just two sites that have databases of exploits, there are many more. We are not asking for you to go and look for the holes yourself, leave it to people who really know what they are doing, unless you want to go through the source of phpbb and try to identify some. With sites/software where source is not available (either the source of a web script like php, or the source of a program), it is a lot harder. Each exploit is usually explained on the page you find it on, so you only need a basic knowledge of stuff to use them. They will sometimes be given in a perl script, sometimes in a c source, and sometimes are just simple xss bugs, a small amount of searching is enough to know how to use them. Remember to find the version of phpbb the site is running, and only use exploits for that version. And if they are banning you from your ip address, didn't you think of using a proxy? There is like a new post every day about something to do with proxies, search the forum and you will find the answer.

Halla
03-31-2006, 01:59 PM
the beauty of phpbb is that you can modify it to suit your needs, theres no need to simply use the cookie cutter standard package.

The forums I run (with many others, ****** where its due!) at informationleak.com had a situation with someone running a botnet or something similar and attempting to log in as administrator and brute force the password to gain full control was spotted a while back and changes were made to the forum that included a custom built security function tha phpbb didnt have.. (hell, it may still not have it) that after 5 failed logins it banned the IP for 24 hours from logging in, not from viewing.

While this sounds like it wont work well in regards to using proxies and such, some permutation math showed that if they attempted to log in using 5000 proxies, they can only make 25000 attempts a day. 2 requests a second it would take 8000 days to crack a password of 6 chars in only lowercase alphanumeric. Add case sensitivity and symbols to that and its something like *00,000 days. Add that to each additional character and you see where Im going with this. By the time they gained access they would need to have established an entire society and trained generations of people to run the crack and even when they did get in there was another surprise waiting for them... I guess my great^5 grandkids or something would see this since the PW is *5 character alpha numeric symbolic case sensitive.

If anyones used phpbb you know the admin panel has 2 frames, the left naviagtion frame and the links on the navigation target to the right frame. We added an additional PW on the navigation frame so even if they did get an admin PW, they would have to start their cracking all over again to be able to do anything once in the admin panel.

Of course, this type of thing only applies if someone has made the changes to their code, and is also dependant on keeping your server up to date and patched up so no services running can be exploited and all that additional security be bypassed. However a quick fix to this is to have multiple servers, each one running a piece of the package, and redirects in the pages to the copy on the other server(s).

Now at that point the attacker have less options available to them. They could either sit there and crack away at the forum PWs.. (good luck, talk to ya in a few thousand years) or exploit a vulnerability in not *, but * different servers, each running on a different platform.

I just realized I started ranting here, so rather than axe the whole post, think of this as less a how to gain access and more of a how to defend post, which works out since how to gain access was covered anyway.

chester pitts
03-31-2006, 04:26 PM
http://www.securiteam.com/cgi-bin/htsearch

Search for phpbb and you will get 44 results, the newest probably being from late 2005, so if they don't patch regularly then you have more to choose from. Alternatively,

http://milw0rm.com/search/

Search for phpbb and you get a lot of results like before, but at milw0rm there is a few from 2006, definitely enough for at least one to affect the version running on the site. So that's just two sites that have databases of exploits, there are many more. We are not asking for you to go and look for the holes yourself, leave it to people who really know what they are doing, unless you want to go through the source of phpbb and try to identify some. With sites/software where source is not available (either the source of a web script like php, or the source of a program), it is a lot harder. Each exploit is usually explained on the page you find it on, so you only need a basic knowledge of stuff to use them. They will sometimes be given in a perl script, sometimes in a c source, and sometimes are just simple xss bugs, a small amount of searching is enough to know how to use them. Remember to find the version of phpbb the site is running, and only use exploits for that version. And if they are banning you from your ip address, didn't you think of using a proxy? There is like a new post every day about something to do with proxies, search the forum and you will find the answer.


I will take a look at your sites but cant right now..i am blocked from even looking at proxies..i guess if I dont know code I wont be able to get into to activate my account ? If you reregister the admin has to ok it before you can post or even view...so right now I can't see anything?