Lol this wouldn't work for MPGH.
Requirements:
- Mozilla Firefox
- Cookie Editor
- Active Perl
- The Exploit
- A forum you don’t like.
All of these (except the forum of your choice) links will be provided for you when we reach the step so don’t worry about them for now.
Ok first off you will need something called Active Perl which can be found at
https://www.activestate.com/Products/...?id=ActivePerl (If your running Windows be sure to get the MSI version)
Well now that we have this baby installed lets move on to the actual exploiting shall we? There are many sites that give you ready
made exploits.
www.milw0rm.com (a good source)
www.h4acky0u.org (of course a good source Smile)
You need the exploit for the type of forum and the version, each one is different. In this one I’ll discuss how to hack
Invision Board 2.1.5. You can find the exploit at https://h4cky0u.org/viewtopic.php?t=11578
You will also need to get an account setup on the Forum you plan to hack. For this exploit an account is necessary. Just
go into registration and make a quick one. Shouldn’t take any more than 5 minutes.
Now on to the actual exploitation (I will break it down as far as possible so you understand it fully).
- Open up Notepad and copy and paste the exploit in.
- Before we save I’ll show you where to save it. My Computer > C Drive > Perl > Bin
- Press File > Save As > *go to your bin file* >
- Change your “Save as Type” to All.
- Name it ipb215.pl (you can name it anything just remember to add .pl)
Now you have the exploit saved on your computer.. Yay!!
The next step is to activate this exploit.
- Press Start > All Programs > Accessories > Command Prompt
- OR you could Press Start > Run > cmd
Now you have command prompt open, you will need this to execute the exploit. Now we need to tell Command Prompt which file
we’re going to run. Type the following into Command Prompt.
- cd\
- cd Perl
- cd bin
- ipb215.pl (or what you named it)
Now you’ve opened up the Perl exploit, we’re almost there! All that’s left to do is fill in the desired info. (I’ll use h4cky0u
as an example, this exploit will not work on h4cky0u so don’t even try Wink).
- IPB Forum URL ?: https://www.h4cky0u.org (since h4cky0u is a pure forum there is no /forum/ extension, if there was you would
have to type that in. e.g. https://www.h4cky0u.org/forums/)
- Your username ?: Input your username into this. The one you registered with earlier.
- Your pass ?: The password for the above account.
- Target userid ?: This is the person on which you wish to get the hash from. You can get their id quite easily. For Invision
Board, the “The Moderating Team”. It’s located in the main forum page near the bottom, close to where the active users are
located. Click there, and the Admin name should show up. Click it once to get to their page. It should take you to their
Profile. The URL should be something like this: https://www.examplesite.com/forums/in...?showuser=7930 . The number at
the end (7930) is their userid, this is what the last field is asking for. So type it in, and hit enter.
Next it should give you a message like this:
“Attempting to extract password hash from database...”
Letters and numbers should then start coming up. It should look something like this:
5b1a489cad355b07271fa2800178bc8e. Your probably thinking.. ok that’s all dandy but what am I supposed to do with that? That
is called a hash, using it we can obtain access to the Admin account that we just inputted the id for.
Next step is to get a cookie editor, but first we will need Mozilla Firefox. You can download it here: https://www.mozill*****m/firefox/
Keep in mind that this isn’t a cookie editor, it’s an internet browser (like Internet Explorer). To get the cookie editor we
need to go to: https://addneditcookies.mozdev.org/installation.html and click on install. Once the installation is done we
will be told that the update won’t take effect until Firefox is restarted, this means you will have to close all the open Firefox
browsers and open them up again.
Go to the forum that you just got the hash for and log in. In Firefox go to: Tools > Cookie Editor. You’ll need to locate 3
things; first we need to locate the “pass_hash” cookie. Double click it and replace it with the hash that we got,
e.g. 5b1a489cad355b07271fa2800178bc8e, and save it. Next locate the “member_id” and change that to the Admin id,
e.g. 7930. You will now have to delete the “session_id”. Almost there guys!
Close the cookie editor down, and refresh. Boom! You’re logged in as the Admin
NOTE: this does not work for the forums that have the secerity patch installed
Lol this wouldn't work for MPGH.
I am sure somebody must want to, but that's totally besides the point.
What he's saying is it doesn't work for sites that aren't invision board, which is seriously lacking some major common sense.
someone hack
mpwh
.******
ye and wuts up with the alt code e;s
Last edited by Synns; 06-25-2007 at 11:07 AM.
I think Arun is bussy then again
I made a power buster few years back that buges Dashboards so when some
body wanted to go to the forums he just got an error 404 site aint here .
Good tut anyways ,,,