Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: IP.Board 2.3.6

  1. #1
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    8

    Default IP.Board 2.3.6

    How would someone hack this version of forums using BT3?

    Thanks

  2. #2
    Member
    Join Date
    Feb 2010
    Posts
    204

    Default

    Easy, find the location of the server and then use this link

    http://www.kershaw-knives.net/images...18-350x350.gif

  3. #3
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    8

    Default

    Funny. Let me re-word myself.

    Are there any exploits for that verison of forums that I could use to penetrate into the forums?

  4. #4
    Good friend of the forums williamc's Avatar
    Join Date
    Feb 2010
    Location
    Chico CA
    Posts
    285

    Default

    Google - Invision Power Board 2.3.6 exploit <search>

    It appears version 2.3.5 is vulnerable, but not .6 (yet).

  5. #5
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    8

    Default

    Quote Originally Posted by williamc View Post
    Google - Invision Power Board 2.3.6 exploit <search>

    It appears version 2.3.5 is vulnerable, but not .6 (yet).

    Thanks.

    Let me know if you find any.

    And if anyone else has any other ways to hack this version please let me know.

  6. #6
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    What Operating System is it running on?
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  7. #7
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    8

    Default

    Quote Originally Posted by Trent View Post
    How would someone hack this version of forums using BT3?

    Thanks
    Talk about grave digging

    What ever the free versions of ip boards run on. I have no idea.

  8. #8
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by Trent View Post
    Talk about grave digging

    What ever the free versions of ip boards run on. I have no idea.
    Yes, you're right. This came up in my list of New Posts because some very classy new member posted an expletive laced post in here (which I deleted), but I didn't check the last posted date before throwing my own response in here.

    Im guessing that you didnt have this installed on one of your own test systems then?
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  9. #9
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    8

    Default

    No, It is just a free forum account that I am admin on.
    We have had to switch forums a few times due to script kiddies/brute force hackers getting into the admin panel.

    I'd like to know how to prevent this ( Other than secure passwords)

  10. #10
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by Trent View Post
    No, It is just a free forum account that I am admin on.
    We have had to switch forums a few times due to script kiddies/brute force hackers getting into the admin panel.

    I'd like to know how to prevent this ( Other than secure passwords)
    A few methods:
    • User lockout for x number of invalid password attempts (although this can create a DOS opportunity for attackers)
    • Multi factor authentication, or use of something like a CAPTCHA to defeat automated guessing (although it may not be suitable or possible in this case as your software must support it)
    • Banning of access to IP addresses that appear to be brute forcing you (although there are ways around this for attackers)
    • Use the latest version of the software


    Good secure passwords are probably your best bet though.

    Actual exploits may allow an attacker to do more than just get admin access to the forum though, it may allow them to get access to the underlying OS which could allow them to do a lot more damage. There's other methods to minimise the impact of this, but most require administrative access to the underlying OS.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •