Today we shall see how to get admins pass in mybb. What you need is to upload a shell i’ve used an r57 shell here (which is the tricky part and you need to do that).
Many people upload shells but little do they know how to use it effectively.
So Lets begin:
Download The shells pack from here:
Step 1: The MyBB portal Database config is in the forum/inc/ .
Step 2: Find & See The config.php:
Step 3: Now we explore the database a bit. Put the details we gained from the config.php.
Step 4: Now we see the tables list. So we explore mybb_users by using the query:
select * from mybb_users
Step 5: Now we write a query to change the email and maintain complete control over the forum ^^.
The query is:
UPDATE mybb_users SET email=”firstname.lastname@example.org” where uid=”1″
The uid can be 1 or 2 depending on the admin generally it is 1.
Step 6: Lets see if it worked…
Yep it worked the email was changed.
Step 7: Now go to login click forgot Password -> give your new email and you get admin pass.
There you got the admin pass without the need to crack the hash ^^. Thats it for our mybb hacking “through shell” . I Hope I Helped You In Some Way