The Ethical Hacker Network - Information help>>>>SMF

rok

Newbie

Offline

Posts: 37

Information help>>>>SMF

« on: May 31, 2008, 01:58:46 AM »

what are the speciality of SMF???actually my freind has a imple machines forum,he is the admin,so I thought I will try to exploit that site,but when I am on to it I saw no vulnerbility??is hacking SMF forum very hard???what is it actually??MY freind just laughed on me Shocked

, Please help me on which way I should go,my freind told me that he is always ready,so I have the permission always,but its too hard I think..!!and Hope its not unethical,and just tell me the ways where I should start from,no need of telling how to do it,I want to work it out...!!help please..!!

regards,
Rok..!!


	Logged

shakuni

Jr. Member

Offline

Posts: 78

Re: Information help>>>>SMF

« Reply #1 on: May 31, 2008, 02:18:52 AM »

Start here,
http://www.google.com/search?hl=en&client=opera&rls=en&hs=A5f&q=vulnerabilities+in+smf&btnG=Search


	Logged

There is no rule, law or tradition that apply universally... including this one.

rok

Newbie

Offline

Posts: 37

Re: Information help>>>>SMF

« Reply #2 on: June 01, 2008, 01:45:17 AM »

can you please give more information???


	Logged

shakuni

Jr. Member

Offline

Posts: 78

Re: Information help>>>>SMF

« Reply #3 on: June 01, 2008, 02:54:13 AM »

It seems that you are new to all these things. The pointer I gave you were links to "exploits" for different versions of smf. What you need to do is that first determine the vesion of smf your friend has, then find exploits and vulnerabilities specific to that version and then use them to get admin privileges on your friend's forum.

Now since every there are many kind of vulnerabilities a forum can have, like XSS, SQL injection, remote file inclusion etc. or you can directly exploit the server that hosts the forum by exploiting any vulnerable demon running on it (In this case the vulnerabilities and the way to exploit them will be completely different).

If you have heard many of the terms first time in the above paragraphs then you need to research first on these concepts first because IMHO no one will spoon feed you to exploit anything especially when we don't know who is your "friend" whose forum you want to exploit.


	Logged

There is no rule, law or tradition that apply universally... including this one.

rok

Newbie

Offline

Posts: 37

Re: Information help>>>>SMF

« Reply #4 on: June 01, 2008, 06:24:28 AM »

yes,I am actually new on to these things.No,I can understand it Shakuni,no need of spon feeding.JUst give me some ideas about few things.

1)if there is no upload/download section how can a shell be uploaded??

2)and for exploiting servers what are the ways??please elaborate a little..!!


	Logged

BillV

Hero Member

Offline

Posts: 862

Re: Information help>>>>SMF

« Reply #5 on: June 01, 2008, 08:23:23 AM »

Quote

1)if there is no upload/download section how can a shell be uploaded??

You most likely don't need/want a shell for your case anyway.... you're looking to attack the application, not the server. Just because there's no upload script, doesn't mean there are no system calls going on somewhere in an application.

Quote

2)and for exploiting servers what are the ways??please elaborate a little..!!

As already stated... the daemons, or system services, may be vulnerable. Again, this is probably not something you should be doing in this case as I would guess your friend doesn't own the server on which the smf is hosted (but I could be wrong)


	Logged

rok

Newbie

Offline

Posts: 37

Re: Information help>>>>SMF

« Reply #6 on: June 02, 2008, 02:18:10 AM »

hey billV

can you tell me then for getting admin priviledge what should I go for..??

and yes,my friend does not host the server,so leave that.


	Logged

BillV

Hero Member

Offline

Posts: 862

Re: Information help>>>>SMF

« Reply #7 on: June 02, 2008, 06:49:37 AM »

Quote from: rok on June 02, 2008, 02:18:10 AM

hey billV

can you tell me then for getting admin priviledge what should I go for..??

As shakuni already advised, start searching google and the vulnerability databases for privilege escalation holes and the like. I don't have a direct answer for you because I don't know the vulnerabilities in SMF ... but if I wanted to find out, I would do the same thing you need to do and research just as we've recommended you do.

No one is going to tell you "click this link, or type this in, and you will have admin privileges."

Since you seem pretty new to web application security, I would highly suggest you take a look at the OWASP Project, and read through a lot of the material offered on that site.

BillV


	Logged

g00d_4sh

Sr. Member

Offline

Posts: 295

Re: Information help>>>>SMF

« Reply #8 on: June 04, 2008, 07:02:21 PM »

Wow.... reading through this... half of it felt like I was reading flow of consciousness excerpts from a speed addict. First thing I would suggest? Calm down, type slowly... elaborate on what you do know. Both about the server in question, and about capitalizing on exploits in general. Have you taken the time to read through the varied posts and links found in the ethical hacking section of this forum?

Obviously we are not going to 'spon fed' anyone. But if you take the time to look through the tutorials, examples, and links we have I'm sure you will find plenty to chew on and digest.


	Logged

"Bad.. Good? I'm the guy with the gun"

Pages: [1] Go Up

« previous next »

Support EH-Net by Buying all of your Amazon items using the search bar above. Try CBT Nuggets Free!

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.

Try CBT Nuggets Free!