(adsbygoogle = window.adsbygoogle || []).push({});
Introduction :
Whats up! Today I'm gonna show you guys how to hack vBulletin 4.1.2 , I know that there are many other threads showing how to do it,but i haven't find one that showing how to get admin hash AND decrypt it.
NOTE: I'm not responsible for anything you do!:yuno:
What you'll need
- FireFox (I Couldn't make it work on Chrome or iExplorer so use FireFox)
- Live HTTP Headers
- WINDOWS ( I'm not sure if this works on Mac!)
Downloads/Code
You must login or register to view this content.
You must login or register to view this content.
&messagegroupid[0]=YOURGROUPID ) UNION SELECT concat(username,0x3a,email,0x3a,password,0x3a,salt ) FROM user WHERE userid=1#
Instructions
1. Open FireFox
2.So let's go look for a vulnerable 4.1.2 vB , head over to You must login or register to view this content. You must login or register to view this content.
now search this
Powered by vBulletin® Version 4.1.2
Or
inurl:"forums/group.php" Powered by vBulletin® Version 4.1.2
, That's a special code i edited so please give me credit if you are gonna use it post it :yuno: .
3. Now look for a nooby one, With the default vB Skin, it might take sometime to find one!
4. Now if the forum is vulnerable, add group.php to the URL for example You must login or register to view this content. (This case sensitive) You must login or register to view this content.
5. Now it should ask you to register,quickly register then head back to /group.php and create a new group You must login or register to view this content.,name it whatever you want,hit skip when it asks you to upload a picture You must login or register to view this content.
6. Now check out the URL , it should say groupid= x You must login or register to view this content., now remember your group id (If it says groupid="your group name" then send me a PM or comment.
7. Now create a discussion You must login or register to view this content., name it whatever you want but you must remember it for the next step.
8. Now click on " Advanced Search " You must login or register to view this content.
9. Switch search type to " Group messages " and the discussion Title to " Keywords " You must login or register to view this content.
Before you search open LiveHTTPHeaders You must login or register to view this content.
Now hit search,go to your Live HTTP Headers and scroll all the way up till you see a sentence starting with " query " You must login or register to view this content.
Now click it once then click on " Replay " You must login or register to view this content.
After the refresh you could see there are some letters/numbers that have been added You must login or register to view this content. , well that's the admin login! but you'll need to drecrypt it ... don't worry! You must login or register to view this content.
Thanks for reading my tutorial.
No credit since everything was typed by me.
Correct me if i did anything wrong