View Full Version : * Question about exploits..
casman
05-27-2006, 12:43 PM
Hi again.
I compiled a source code that cracks\(i think) invision forums.
After i compile + run the script i get some text like this:
0* :02 :*0 and INFOHASH:00000000000 etc
where do i put this code?
Ezekiel
05-27-2006, 03:46 PM
Hi again.
I compiled a source code that cracks\(i think) invision forums.
After i compile + run the script
After you say you "compiled" the script, I assume that the exploit code was given in C code; but if it was a perl script, please state that it is.
i get some text like this:
0* :02 :*0 and INFOHASH:00000000000 etc
where do i put this code?
To even begin to help you, we need the exact code, or link to the code. That information alone means nothing to me.
casman
05-27-2006, 05:31 PM
Hi , thats the code(php):
http://www.securiteam.com/exploits/5AP0G0KG0A.html
Ezekiel
05-28-2006, 06:07 AM
Hi , thats the code(php):
http://www.securiteam.com/exploits/5AP0G0KG0A.html
Well I only have quickly looked at the code, but forums store users' passwords in a hashed form, so I am assuming this code attempts to grab the hashed password of the user you specify, from the database. As I said, I haven't got time to go through all the code, but that's what it does from what I can see. Once you have this password hash, you then have to crack it (cain & abel can crack a wide variety of hashes); this takes a very long time.
casman
05-28-2006, 03:47 PM
Yeah , but it always return nul value....
casman
05-28-2006, 03:50 PM
In this part of code , i think im doing something wrong
$server = "web"; <---just the website without /forum/ path ??
$port = 80;
$file = "forum???"; <---file ? it means path ? like /forum/ ??
Ezekiel
05-28-2006, 03:58 PM
In this part of code , i think im doing something wrong
$server = "web"; <---just the website without /forum/ path ??
$port = 80;
$file = "forum???"; <---file ? it means path ? like /forum/ ??
The $server variable should be set to the address of the site you are targeting, without the path (www.site.com). The $file variable should be set to the path to the forum (/forum).
casman
05-28-2006, 04:19 PM
Ok, this time it just times out:
Fatal error: Maximum execution time of 60 seconds exceeded in G:\wamp\www\sqInj0y22.PHP on line 72
Line #72
$header.= fread($fp, 5*2);
Ezekiel
05-29-2006, 06:31 AM
Ok, this time it just times out:
Line #72
$header.= fread($fp, 5*2);
Are you sure the exploit is for the correct version of invision ***rds?
Powered by vBulletin® Version 4.1.8 Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.