vb.org Archive - database hacked > know users passwords

Page 2 of 2

Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)

- - database hacked > know users passwords (https://vborg.vbsupport.ru/showthread.php?t=199138)

Dismounted

12-22-2008 04:47 AM

If he got access to the database, he could just create a new account with Admin access if he wanted. Or he could temporarily change the password of your moderator.

You have more problems to worry about than a moderator's account.

Marco van Herwaarden

12-22-2008 09:46 AM

Quote:

Originally Posted by el_capiton (Post 1690509)

i've a guy claiming it accessed the database and got one mod pass and logged in with it.
he has made a screenshot of mods and admin area to prove he was there.
the mod pass was 10 chars long and it was portuguese, its still easy to be discovered?

Create a test account and provide your firend with the hash. Ask him to provide the real password. ;)

x0r	12-22-2008 03:26 PM

Cracking hashes is pretty easy if you know what are you doing...

see this for examples...
https://vborg.vbsupport.ru/showthread.php?t=199526

RHWiRED

12-22-2008 11:42 PM

Err, you are ALL wrong!
Cracking vBulletin hash's and salts is extremely easy. All you need to know, is the hash format, which is: MD5(MD5(password).salt)

People load a dictionary, set it to dictionary mode, load the user: password:email list, and within seconds, all the easy passwords are cracked.
Leave it an hour or so and the more difficult passwords are cracked. If the rest aren't cracked by the end, changes are they're using an extremely hard password.

Make sure you use a combination of lowercase, higher case, numbers, letters, and special characters when you generating a password:

Example: ()Q@[]4[[!*^Yejfbn f(@344{P}{(*&@
- Virtually impossible to brute & dictionary attack.

Cheers

Dismounted

12-23-2008 02:26 AM

That is assuming the attacker knows the salt.

RHWiRED

12-23-2008 02:57 AM

The salt hash is IN the database marked under "salt".
If they have the database, they have the salt, email, and basically every single bit of info displayed on the website.

Cheers,

Medtech

12-26-2008 05:45 AM

Quote:

Originally Posted by RHWiRED (Post 1691689)

The salt hash is IN the database marked under "salt".
If they have the database, they have the salt, email, and basically every single bit of info displayed on the website.

Cheers,

Exactly!!

All times are GMT. The time now is 08:35 AM.

Page 2 of 2

Show 40 post(s) from this thread on one page

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01000 seconds Memory Usage 1,728KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (2)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (7)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: