JaG
Oct 28 2003, 07:19 AM
Hello everyone, ive been testing some phpbb on myself and ive sucessfully gotten the hash to my account. Ive been trying to do autologin but im just lost. Ive tried to make a .txt file with the autologin info and replaced my old cookie but still no luck.
The hash ive got looks something like this:
xxxx_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A32%3A%22d9a42651057e2022e98a8d44d7c048b2%22%3Bs%3A6%3A%22userid%22%3Bi%3A1037%3B%7D;%20xxxxxx_sid=0ec2f1ca2c93196556efc3db0b8b1e9a;%20xxxxx_t=a%3A1%3A%7Bi%3A12926%3Bi%3A1067313312%3B%7D
anyone got any ideas gang??
thank your your time & help
ShadowRun
Oct 30 2003, 04:04 PM
i don't understand exactly what you want to do
if you want to have exact url to log you into forum or any site
try form@ or AD but then u don't need any hashes
all you get is url like this
| CODE |
| www.somesite.com/login.php?uid=LOGIN&pswd=PASS |
if that's not what you're looking for give us some details
[R]
Apr 17 2004, 02:11 PM
I have got a question...
I have the same problem! I tried to login in with the cookie but it does't works...
I have the correct hash but its only 25 Bits long....
Whats wrong?
Sorry for my english..
binary_hashes
Apr 17 2004, 02:50 PM
i know GSO admins i m talking abt GSO but i m seeking knowledge.
Can any won tell me how to bypass GSO's login area in order to gain privileges above than trial members
nuorder
Apr 17 2004, 03:01 PM
this could also work if u put it in a html file locally and run it NOT VERY SECURE THO
migo
Apr 17 2004, 03:14 PM
| QUOTE (binary_hashes @ Apr 17 2004, 02:50 PM) |
i know GSO admins i m talking abt GSO but i m seeking knowledge.
Can any won tell me how to bypass GSO's login area in order to gain privileges above than trial members |
what do u say
nuorder
Apr 17 2004, 03:22 PM
| QUOTE (binary_hashes @ Apr 17 2004, 02:50 PM) |
i know GSO admins i m talking abt GSO but i m seeking knowledge.
Can any won tell me how to bypass GSO's login area in order to gain privileges above than trial members |
thats easy all u need to do is this:
contribute meaningful and helpful posts as its based on content (as i just recently noticed)
wait until they let u become a full member
and dont post questions like these
schnibble
Apr 17 2004, 05:55 PM
| QUOTE (JaG @ Oct 28 2003, 07:19 AM) |
Hello everyone, ive been testing some phpbb on myself and ive sucessfully gotten the hash to my account. Ive been trying to do autologin but im just lost. Ive tried to make a .txt file with the autologin info and replaced my old cookie but still no luck.
The hash ive got looks something like this:
xxxx_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A32%3A%22d9a42651057e2022e98a8d44d7c048b2%22%3Bs%3A6%3A%22userid%22%3Bi%3A1037%3B%7D;%20xxxxxx_sid=0ec2f1ca2c93196556efc3db0b8b1e9a;%20xxxxx_t=a%3A1%3A%7Bi%3A12926%3Bi%3A1067313312%3B%7D
anyone got any ideas gang??
thank your your time & help  |
Afaik, u need to use some http interceptor. They work like proxys, and they intecept all incoming and outgoing http traffic. And there u can modife it. Never actually did it succesfuly, but thats the theory.
Free program for that is achilles (or something similar) and u have some commercial ones (from Retina or some other big form like that). Use google.
If u succed in doing it, please PM me...
tweakz20
Apr 17 2004, 07:21 PM
i really suggest not talking about getting around GSO's security stuff on the GSO boards.... it would be alot smarter to get your own board and test it!
migo
Apr 18 2004, 03:32 PM
| QUOTE (JaG @ Oct 28 2003, 07:19 AM) |
Hello everyone, ive been testing some phpbb on myself and ive sucessfully gotten the hash to my account. Ive been trying to do autologin but im just lost. Ive tried to make a .txt file with the autologin info and replaced my old cookie but still no luck.
The hash ive got looks something like this:
xxxx_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A32%3A%22d9a42651057e2022e98a8d44d7c048b2%22%3Bs%3A6%3A%22userid%22%3Bi%3A1037%3B%7D;%20xxxxxx_sid=0ec2f1ca2c93196556efc3db0b8b1e9a;%20xxxxx_t=a%3A1%3A%7Bi%3A12926%3Bi%3A1067313312%3B%7D
anyone got any ideas gang??
thank your your time & help |
afaik u want to modify ur cookie with the md5 hash u get from the exploit
right dude ?
if this is legal to post in public i can write here a code that takes the md5 hash and the uid and will use the trim funcion in php so that i will help alot
i don' know whetehr this could be post on public or not
is that wt u want ?
Best Regards
migo
daguilar01
Apr 18 2004, 11:41 PM
| QUOTE (tweakz20 @ Apr 17 2004, 12:21 PM) |
| i really suggest not talking about getting around GSO's security stuff on the GSO boards.... it would be alot smarter to get your own board and test it! |
the only person that was talking about gso was binary_hashes, i dont htink anyone else has any intent on using this on GSO, and im sure GSO would be already patched if it had this vuln, but i thikn the vuln in question is for phpbb and not ipb
migo
Apr 19 2004, 03:19 PM
| QUOTE (daguilar01 @ Apr 18 2004, 11:41 PM) |
| QUOTE (tweakz20 @ Apr 17 2004, 12:21 PM) | | i really suggest not talking about getting around GSO's security stuff on the GSO boards.... it would be alot smarter to get your own board and test it! |
the only person that was talking about gso was binary_hashes, i dont htink anyone else has any intent on using this on GSO, and im sure GSO would be already patched if it had this vuln, but i thikn the vuln in question is for phpbb and not ipb
|
GSO offers us a wonderful place for sharing our info and knowledge together and another thing i think GSecure and ComSec are knowing how to protect their forums from script kiddies
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
