

Md5 Şifresini Bildiğimiş Kişi Adına Login Olma
-
-
http://waraxe.us/forum/viewtopic.php?t=8 den alıntıdır. Waraxe zaten uçuk bi adam php yi yemiş yutmuş bütün açıklarını buluyo ordan alıntı yapıyorum iingiilizce.MD5 şifresiyle coocileri kullanarak login olma olayı .. Ben deneyemedim sınavlarım var bu aralar ama işe yarıyomuş..
How to use gathered phpBB admin password's md5 hash to get the admin rights
Step-by-step tutorial by waraxe
OK, first of all, we need some preparation work.- 1. Get target password's md5 hash - in this tutorial it's 098f4bcd4621d373caae4e832628b4f6
2. You need to know target's "user_id". For this use the phpBB feature called "memberlist" and
search for target's username and then look at his profile. In our example url to taget's profile
is:
http://localhost/phpbb206c/profile.php?mode=viewprofile&u=3
As you can see, "u=3", so target has "user_id" equal to "3".
3. You must have properly working Mozilla browser
Now, let's move further. I assume, you allready know, where are located Mozilla's cookies. I have
WindowsXP Home Edition and logged-in username "nobody", so cookie file is located in folder:
C:\Documents and Settings\nobody\Application Data\Mozilla\Profiles\[some subfolders]\cookies.txt
Cookie file manual editing is dangerous, so beware. I suggest to make the backup first.
Next, I assume, that you allready have account on target forum. Go to login page, enter your
username and password and check the checkbox named "Log me on automatically each visit:".
In this way you will force phpBB to store your pasword's md5 hash in your browser cookies.
Ok, you are logged in. Don't log out! And close Mozilla browser!! It's is very important!!!!!!!
Open "cookies.txt" and try to find cookie, which belongs to target server and named something like
"phpbb2mysql_data". Btw, phpbb configuration settings can override this name, so if you have probs
finding of the right cookie, then use Mozilla's Cookie Manager and remove ALL cookies. Now right
after the cookie cleanup login to target phpbb and you can see in cookie file your target cookie.
So, you see long textline similar to this:
www.target.com FALSE / FALSE 1114433252 phpbb2mysql_data
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A32%3A%2219dd1947a95454ccaf223a731c32db0c%22%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%224%22%3B%7D
Hmm, this cookie's value seems to be complicated to understand, is'nt? Lets analize it a little bit.
First, after urldecode() we will get something like:
a:2:{s:11:"autologinid";s:32:"19dd1947a95454ccaf223a731c32db0c";s:6:"userid";s:1:"4";}
Wtf is this? This is stuff you get, if you use php's function "serialize()" on some array.
I don't want to get in details, because this is kinda offtopic right now. But i think, that you
can see in this string 2 known variables:
1. s:32:"19dd1947a95454ccaf223a731c32db0c"; --> 19dd1947a95454ccaf223a731c32db0c - this must be you password's md5 hash.
2. ";s:6:"userid";s:1:"4";} --> "4"- this is of course your "user_id".
Now, you remember target's user_id and password's md5 hash, don't you
target's md5 - 098f4bcd4621d373caae4e832628b4f6
target's user_id - 3
So edit this cookie with notepad or wordpad and swap original values with target values.
In previous example we had cookie value like this:
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A32%3A%2219dd1947a95454ccaf223a731c32db0c%22%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%224%22%3B%7D
and after editing we have cookie value like this:
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A32%3A%22098f4bcd4621d373caae4e832628b4f6%22%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%223%22%3B%7D
If you compare those two strings, you an easily understand, where i was making the changes.
Finally, after cookiefile's editing and saving, open Mozilla and browse to target phpBB forum. If all went
perfectly, you have now "logged in" as target.
Mission complete!
ayrıca "Yep, Internet Explorer version 6.0 and maybe 5.5 too is protecting cookies from editing and if you change cookies for example with notepad, then IE just ignores it. So i have been testing various browsers and Mozilla seems to be best from cookie editing viewpoint." demiş i.explorer la olmuyo mozilla lazım :(
-
biraz eski konuya mesaj yazıoyorum ama md5toolbox diye bir program var onu kullan bence gayet hızlı çözersin md5 i ama çözemeyuedebilirsin
-
Şimdi işin matığında md5 tek yönlü olduğundan phpbb de onu ceviremior. yaptığı md5 ile convert edilmiş databasedeki şifreyi senin gönderdiğin şifreye md5e cevirip databasele kontrol ettiğine göre. ve cookielerde olduğunda onlar localdeki dosyalardan okunduğuna göre yapman gereken o siteden bir üyelik almak ve aldığın üyeliğin cookiesi ile adminin cookiesini bir cookie editör ile karşılaştırıp düzeltmek.
Bir cookie editör bul olması lazım.