Page 1 of 1

phpBB forum hacking

PostPosted: Thu Oct 08, 2015 2:54 pm
by Koppara
Hello,
is it nowadays possible to hack phpBB forums? I have searched a lot but I haven't found any working hack. Is it possible to get all the the topics that are locked for me (ex. i can see rank all topics to rank 2, but there are topics up to rank 9 etc.) and is it possible to hack others account in the forum, like getting pws etc.

If these are possible, could you guys please teach?

Thank you!

Re: phpBB forum hacking

PostPosted: Thu Oct 08, 2015 2:55 pm
by Koppara

Re: phpBB forum hacking

PostPosted: Thu Oct 08, 2015 7:44 pm
by XaneXXXX
Everything is possible, You just need to find a way.

I'm not good with website hacking at all. But i would try and find the admin panel (if it is there). Some websites has like blabla.com/Admin/phpmyadmin or similar.

Then just bruteforce the password using Hydra or another program. If i didn't find an admin panel i would launch burpsuite and try finding exploits.

You could also try with packet editing. I have no idea if it will work on that site. But worth a shot.

Re: phpBB forum hacking

PostPosted: Fri Oct 09, 2015 3:29 am
by Sethioz
Don't think there are any public exploits. i've been running phpbb myself for like 10 years and haven't had any issues, even tho kids try almost every day.
bruteforcing .. you can forget it. 99% of website systems will lock you out and over network it would take years to bruteforce a simple pass.

only way is to find exploit to get password hash and crack that, but i'm not aware of any.
however there's a vulnerability with session / cookies. you can easily take over other person's session if you get the session ID (shown in URL) and cookies.
i forgot what that method is called tho, but you need a web hosting, host a simple cookie stealer script (google for it) and host it there, then mask it inside some image or other URL, using the URL brackets.
So when admins click on the link, you get their cookie + session data.

then all you do is change your cookies with some cookie editor (check extensions / add-ons for your browser) to what admin has and voilaa, you're logged in as admin and will see all the hidden topics, most likely admins have permissions to see all.

As about level 1 - 9 topics, that's completely custom on each forum. you can have 1000 levels if you want, permissions are custom. Best way to understand these things, is to host your own and experiment on it.

Re: phpBB forum hacking

PostPosted: Fri Oct 09, 2015 2:57 pm
by Koppara
Does it matter when is the latest tutorial made? I watched this video: https://www.youtube.com/watch?v=yflhmp4VJy4 but it didn't work :p

Re: phpBB forum hacking

PostPosted: Sat Oct 10, 2015 1:28 am
by Sethioz
Ofcourse it matters, all public exploits are reported and fixed, this is what's so good about free website systems, so many use them and so many report bugs.

You can forget about any public exploits, they get patched the same day practically, but if you talking about specific methods, don't watch videos by some morons who put text on video and are too stupid to talk. 99% of them are crap made by some little script kids who don't even know what they are doing, they just copy that info off of other sources.
You need to start by understand what XSS is and what SQL injection is, once you understand how they work, then you will be able to tell if tutorial is crap or not.

it's hard to explain if you don't know any programming, well you don't need to know programming in order to reverse engineer things, you just have to understand how things work.
But in general, it doesn't really matter which tutorial you watch, if it's well explained, then the base of exploiting is always same.

I don't remmeber what they are exactly, but I pulled them from milw0rm back in the days, they should still work. I also have a cookie stealer that i wrote and it worked fine up to a point, but i never really tried to hack any sites with it. I just tested in my hosting and pulled the cookie just fine.
I attached 2 of the milw0rm .txt files about XSS and cookie stealing and my cookie stealer. maybe they're some help to you.

cookiez_working.rar
(371 Bytes) Downloaded 148 times

XSS.rar
(656 Bytes) Downloaded 139 times

Stealer1.rar
(428 Bytes) Downloaded 141 times

Re: phpBB forum hacking

PostPosted: Sat Oct 10, 2015 12:51 pm
by Koppara
I managed to get it work somehow, but I don't get the cookie, I get the HTTP USER AGENT instead :D

Re: phpBB forum hacking

PostPosted: Tue Oct 13, 2015 5:47 pm
by Sethioz
cookie stealer only works if you re-direct and mask it through another website. You have to host it somewhere, then post a link here (for example) and if someone clicks on it, then it would log the cookie from this site. I used it only once, don't remember which one i used, maybe i used a combination of few, i'd have to go thru it myself in order to be able to tell you exact details.