Latest Additions

Image and video hosting by TinyPic Image and video hosting by TinyPic Image and video hosting by TinyPic Image and video hosting by TinyPic

Tuesday, March 16, 2010

Hacking IPB tut (with pics)

Well There are so many ways to hack "Powered by invision power board" . But Im going to use the easy one .. ok lets start
What we need?
Opera(web browser) : http://www.opera.com/download/
Perl : http://downloads.activestate.com/ActivePerl/releases/5.10.1.1007/
Exploit : http://hotfile.com/dl/32738317/f30816e/Exploit_Package.rar.html
NOTE: MAKE SURE YOU HAVE THE RIGHT VERSION OF PERL, or else youll get an error, and its a pain, trust.
Lets Start
1st you have to install Opera and perl
and after that run the Exploit with perl . and then you will get something like this
ok this will Work on
Powered by invision power board v2.1.4
Powered by invision power board v2.1.5
Powered by invision power board v2.1.6
Powered by invision power board v2.1.3
so lets find a website
goto google and type one of those in the top
and you will get bunch of sites choose one
and paste the link to forum in " Path to forum index" And click "Test forum vulnerability"
If the site isnot vulnerable, it will give something like this:
if the site is vulnerable it will give something like this :
Now change the User ID to admins ID most of times user id will be 1 or 2
if everything is good click ?Get date from database?
a hash should pop up where it says ?Returned date:? (note: you cant crack this hash you can only cookie spoof all the hash?s will be salted)
Now you have the hash ! now whats left to do is to login in with admin or whatever user you choose.
ok now you have to fucking pay attention, its not that hard.
Using Opera (just in case you forgot its your web browser (: ) First go to your vulnerable website and register enter all the information needed preferably not entering real info. ( if your not a retard )
Set a random username like : plorlt
set an email like: [email]a@hotmail.com[/email] ( it doesn?t have to be real I have a way of getting it without doing the email verify)
when it says an email has been sent to blabla just go back to the forum index and login.
When your in go to tools>advanced>cookies? now you need to find the vulnerable sites cookie you need to be logged in !
When you get to that cookie simple open the file and edit the Hash with the one you got with the exploit, and edit the member_id to whichever one you use to get the hash.
Then delete everything else in the cookie only member_id and hash is needed.
Click close and refresh the page you should be logged in as your target !
Opera is the most convenient web browser, and use ur dam brain, and u caaaannn duu ihthttttt
Posted by at

1 comment:

  1. AnonymousFri Oct 22, 01:30:00 PM GMT+5:30

    hi dear its verey nice can you send me copy of this to my e-mail
    ivenprvb@yahoo.com

    ReplyDelete

Subscribe to: Post Comments (Atom)