phpMyAdmin 2.6.2-pl1

[cocacolaz]

I need a way to bypass the login of this version. i cant find any exploit despite this version is from 2005. any ideas? i have database user + password hash but i cant crack it.. maybe some exploits you guys know for this version ?

 

[Pernat1y]

OffSec’s Exploit Database Archive

The Exploit Database - Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more.

www.exploit-db.com

Tried any of those?

 

[cocacolaz]

OffSec’s Exploit Database Archive

The Exploit Database - Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more.

www.exploit-db.com

Tried any of those?

yes i already tried several exploits from exploit-db and sploitus but could not find anything that work for that version

 

[Pernat1y]

yes i already tried several exploits from exploit-db and sploitus but could not find anything that work for that version

I were unable to find distribution package of this version of PMA ("phpMyAdmin-2.6.2-pl1.zip") to test exploit.
Vulnerability scanners (Nessus, OpenVAS etc.) may help to identify applicable exploits for this particular version.

I need a way to bypass the login of this version. i cant find any exploit despite this version is from 2005. any ideas? i have database user + password hash but i cant crack it.. maybe some exploits you guys know for this version ?

BTW, SQL hashes are very fast to bruteforce.

 

[cocacolaz]

I were unable to find distribution package of this version of PMA ("phpMyAdmin-2.6.2-pl1.zip") to test exploit.
Vulnerability scanners (Nessus, OpenVAS etc.) may help to identify applicable exploits for this particular version.


BTW, SQL hashes are very fast to bruteforce.

unfortunately i was not able to crack it.
tried hashcat with several wordlists + crackstation.net but still no luck
i have no idea how the password format could be so i could not apply a hashcat mask neither