vBulletin 5 Beta XX SQLi 0day

Yeah, what the title says, it’s a 0day..
Before you judge me about the style/way of coding, i’d like to say that i don’t know how to code in perl. At least i tried.
I don’t really know if this exploit has something to do in relation to the ones posted on inj3ct0r/1337day but here you go..
It’s a skiddie free version.. another version of the exploit exists, but isn’t going to become available anytime soon.. but because money speaks, you can have a go;p
This version just displays the MySQL version of the db
vBulletin 5.0.0 beta 28 which is the latest release has been tested successfully, probably version 5.0.0 beta 11 to 5.0.0 beta 28 are vulnerable
EDUCATIONAL PURPOSES ONLY

vBulletin x.x.x Customer Area 0day

At least, that’s what the title says on inj3ct0rs.com

Price was $150
Date added on the marketplace there:21/02/2013
The exploit has now been removed.. pity

Perl version

PHP version

This “exploit” is nothing more than a regex on the file: “/install/finalupgrage.php” or “/install/upgrade.php” or “/install/update.php”

If you have a look on the source of those files you can clearly see
var CUSTNUMBER = “336a1e54ff1528f897be111edf3da3d7″;
which is the md5 of the customer’s number(used to access vBulletin.com members area), a 12-character uppercase string
Once cracked(have fun doing that) then you can re-install the forum and access the administrators area.

According to vBulletin

A customer number is a unique number allocated to everyone who purachses a vBulletin license. The customer number, along with a password is required to access the vBulletin Members’ Area.

I don’t really know which vB release versions are “really” affected by the “exploit” but i would assume nulled ones

A BIG password cracking wordlist

Defuse Security have released the wordlist used by their Crackstation project

It really is something..  The numbers?

4.2 GiB compressed. 15 GiB uncompressed.
1,493,677,782 words

It’s a mix of

every wordlist, dictionary, and password database leak

every word in the Wikipedia databases (pages-articles, retrieved 2010, all languages)

as well as lots of books from Project Gutenberg

also includes the passwords from some low-profile database breaches that were being sold in the underground years ago

I was in the process of doing this also for my own stuff, mixing all of the password database leaks along pr0n password dumbs, so yeah these guys saved me a lot of work ;)

I don’t really know how this wordlist compares to UNIQPASS v11 but, that’s something for someone else to find out

Now.. on to hashcat for some tests;)
P.S: A guide on using hashcat will follow sometime in the near future;p

Torrent Mirror: https://thepiratebay.se/torrent/8159583
HTTP Mirror: http://defuse.ca/files/crackstation-human-only.txt.gz
Magnet link: Click Here

Consider donating to those guys before/after downloading the wordlist
Bitcoin: 1PDwwx3L7NH6Khq9ViwF3AYVhUHqGXyo4H
Litecoin: LVT12f2fFGvRL5DYvXLMWKnm2yAjWimwBR





Installing Metasploit on iPhone/iPad

First of all, proceed no further if you ‘re not jailbroken

Start an ssh session
Install wget & subversion
apt-get install wget subversion
Goto temp dir and download packages
cd /tmp
wget http://www.cyitsec.net/downloads/iconv_1.14-1_iphoneos-arm.deb
wget http://www.cyitsec.net/downloads/zlib_1.2.3-1_iphoneos-arm.deb
wget http://www.cyitsec.net/downloads/ruby_1.9.2-p180-1-1_iphoneos-arm.deb
wget http://www.cyitsec.net/downloads/ruby_1.8.6-p111-5_iphoneos-arm.deb

Install iconv, zlib, and a ruby version of your choice(1.9.2 worked just fine for me)
dpkg -i iconv_1.14-1_iphoneos-arm.deb
dpkg -i zlib_1.2.3-1_iphoneos-arm.deb
dpkg -i ruby_1.9.2-p180-1-1_iphoneos-arm.deb

Goto /var folder and create a dir where Metasploit will be installed
cd /var
svn co https://www.metasploit.com/svn/framework3/trunk/ msf

Bear in mind that in the previous part, you would have to be patient(very patient)
When everything is finished, go to installation dir and run Metasploit Console
cd /var/msf
./msfconsole

Voila!

IMG_0016

iPad 6.1.. Done!

It was about time I updated my iPad 2 to the latest firmware and jailbreak again
Around 200+ appz(notice the “z”) were installed from day 1 of this iPad’s purchase.. Until today;p
Disk size had been decreasing the last months so, oh what the heck! RESTORE!

IMG_0001-2

Only thing I forgot to do was to save a couple(100+) of photos I had on the iPad! Oh fuck!
Mind that, I ‘ve heard it from my fiancé :0
I just love the icon of Cydia on my iPad;p

First thing to do IMO is to download iFile & OpenSSH
Btw, changing the root password has to be one of your top priorities when you have finished jail breaking your iDevice
Install MobileTerminal from Cydia and open the app
su root
type alpine -> default pass
once you see this lovely sign:#
passwd -> type your password

Here’s a list of Cydia repos you should add in “Souces”

Only problem is, if you encounter an error saying “Wow, you exceeded the number of package names this APT is capable of” have no worries my friend, the solution is here
Using iFile goto “/etc/apt/apt.conf.d/” to edit the 70debconf file, if there is one, if it’s not, create it and add this line
APT::Cache-Limit 100000000;
and save it

Next post, installing metasploit on iphone/ipad

Hello world!

Removed drupal, adding wordpress to the play.. stay tuned for more awesomeness!