PDA

View Full Version : * Question about exploits..



casman
05-27-2006, 11:43 AM
Hi again.

I compiled a source code that cracks\(i think) invision forums.

After i compile + run the script i get some text like this:

0* :02 :*0 and INFOHASH:00000000000 etc

where do i put this code?

Ezekiel
05-27-2006, 02:46 PM
Hi again.

I compiled a source code that cracks\(i think) invision forums.

After i compile + run the script

After you say you "compiled" the script, I assume that the exploit code was given in C code; but if it was a perl script, please state that it is.



i get some text like this:

0* :02 :*0 and INFOHASH:00000000000 etc

where do i put this code?

To even begin to help you, we need the exact code, or link to the code. That information alone means nothing to me.

casman
05-27-2006, 04:31 PM
Hi , thats the code(php):
http://www.securiteam.com/exploits/5AP0G0KG0A.html

Ezekiel
05-28-2006, 05:07 AM
Hi , thats the code(php):
http://www.securiteam.com/exploits/5AP0G0KG0A.html

Well I only have quickly looked at the code, but forums store users' passwords in a hashed form, so I am assuming this code attempts to grab the hashed password of the user you specify, from the database. As I said, I haven't got time to go through all the code, but that's what it does from what I can see. Once you have this password hash, you then have to crack it (cain & abel can crack a wide variety of hashes); this takes a very long time.

casman
05-28-2006, 02:47 PM
Yeah , but it always return nul value....

casman
05-28-2006, 02:50 PM
In this part of code , i think im doing something wrong

$server = "web"; <---just the website without /forum/ path ??
$port = 80;
$file = "forum???"; <---file ? it means path ? like /forum/ ??

Ezekiel
05-28-2006, 02:58 PM
In this part of code , i think im doing something wrong

$server = "web"; <---just the website without /forum/ path ??
$port = 80;
$file = "forum???"; <---file ? it means path ? like /forum/ ??

The $server variable should be set to the address of the site you are targeting, without the path (www.site.com). The $file variable should be set to the path to the forum (/forum).

casman
05-28-2006, 03:19 PM
Ok, this time it just times out:



Fatal error: Maximum execution time of 60 seconds exceeded in G:\wamp\www\sqInj0y22.PHP on line 72



Line #72


$header.= fread($fp, 5*2);

Ezekiel
05-29-2006, 05:31 AM
Ok, this time it just times out:




Line #72


$header.= fread($fp, 5*2);


Are you sure the exploit is for the correct version of invision ***rds?