Hi again.

I compiled a source code that cracks\(i think) invision forums.

After i compile + run the script i get some text like this:

0* :02 :*0 and INFOHASH:00000000000 etc

where do i put this code?

Hi again.

I compiled a source code that cracks\(i think) invision forums.

After i compile + run the script

After you say you "compiled" the script, I assume that the exploit code was given in C code; but if it was a perl script, please state that it is.



i get some text like this:

0* :02 :*0 and INFOHASH:00000000000 etc

where do i put this code?

To even begin to help you, we need the exact code, or link to the code. That information alone means nothing to me.

Hi , thats the code(php):
http://www.securiteam.com/exploits/5AP0G0KG0A.html

Hi , thats the code(php):
http://www.securiteam.com/exploits/5AP0G0KG0A.html

Well I only have quickly looked at the code, but forums store users' passwords in a hashed form, so I am assuming this code attempts to grab the hashed password of the user you specify, from the database. As I said, I haven't got time to go through all the code, but that's what it does from what I can see. Once you have this password hash, you then have to crack it (cain & abel can crack a wide variety of hashes); this takes a very long time.

Yeah , but it always return nul value....

In this part of code , i think im doing something wrong

$server = "web"; <---just the website without /forum/ path ??
$port = 80;
$file = "forum???"; <---file ? it means path ? like /forum/ ??

In this part of code , i think im doing something wrong

$server = "web"; <---just the website without /forum/ path ??
$port = 80;
$file = "forum???"; <---file ? it means path ? like /forum/ ??

The $server variable should be set to the address of the site you are targeting, without the path (www.site.com). The $file variable should be set to the path to the forum (/forum).

Ok, this time it just times out:



Fatal error: Maximum execution time of 60 seconds exceeded in G:\wamp\www\sqInj0y22.PHP on line 72



Line #72


$header.= fread($fp, 5*2);

Ok, this time it just times out:




Line #72


$header.= fread($fp, 5*2);


Are you sure the exploit is for the correct version of invision ***rds?