|
Cracking the MD5 passwords?
Alright I'm tired of this bullshit. I really need to find a way to crack up the MD5 passwords of a user in the database because my forums keep getting hacked over and over again and I have a way to prevent this from happening in the future. I don't care what it's gonna cost me as long as I can find out the passwords.
So any help is greatly appreciated! |
you cant crack em... they are salted so basically impossible... even those bruters cant figure out the hashes but you can be getting hacked by them hijacking a cookie of yours and then using that salted hashed that is still encrypted to log in...
just a thought :) |
Of course I can crack them. Everything is possible in vBulletin, if you ask me. But only if Jelsoft would be nice enough to tell me on how to do that.
|
Quote:
|
Quote:
|
Quote:
|
I don't understand your logic...
You want to prevent hacking by cracking your passwords? Doesn't make sense to me. :) Anyway... an md5 hash is a 32char unique (not 100% unique, but close) string using hex numbers. Hashes are one way, so you can't "crack" them, but you can try to find other strings which give you the same hash result (aka a collision). Since the passwords as hashed twice like this: md5(md5(password) . salt) it will take a LOT of CPU power to try and find the original password. You'd first to first get all the 32 + salt (3?) character strings that give you the final hash, and then of all of those, you'd have to find all the possible strings that give you the first 32 characters of it. I think it's safe to say the password storing method is NOT the problem here. |
You don't understand why I'm doing this, SirAdrian. I have a few members who are well known as hackers on my forums so I'm thinking of cracking up their passwords on my forums and see if they work on THEIR forum so I can gain access to their ACP and their stupid ass hidden forum which has all the info of hacking vBulletin sites. I wish if vB.com/Jelsoft could do something about that vB site since it's all related to porn and hacking which I doubt that they will take any action. And since Jelsoft won't be able to do this and no one is able to stop them, why can't I do that instead? You don't realize how many Final Fantasy forums they have hacked lately and you don't even know a thing or two about them. Seeing as my FF forum is doing great, I believe I am their next target now. I've been hacked for once already but no, not this time sorry.
I am going through a lot of stress and pain here just so I could find the hashed passwords. I hope someone will be able to help me out here. Quote:
|
Quote:
|
So I will be getting into trouble and not them since they are the ones who go around forums and hack them up? That's pathetic!
|
Quote:
|
Well, as long as their site goes six feet down with the fishes, then I'm fine with that. :D
|
It is very possible. I know a vB forum owner that uses vB that exploited vB by some how decrypting the md5 hash's to login to their members accounts on sites like theirs [Cheating sites] to stuff it up..:/
I would snitch on them, But Idon't have anything againest them. ;p |
Alter the JS login code that hashes the password to also send the password in plaintext to the webserver (would require them to login again).
My suggestion is to just ban the users and tighten up security on your end. Stooping to their level is a bad idea. |
Don't take me wrong, he's a godly programmer, you wouldn't wanna mess with him, and just now, Here, I got his program:
I first madea encrypted password, to put in the program, thus why I left the background site open that shows me getting the code [like since I didn't wanna exploit members passwords on Gaminggutter :P ] http://img266.imageshack.us/img266/4950/pwnedmd5oq9.jpg SirAdrian, you sir, have been pwned. |
lol... how have I been "pwned"? Go ahead and crack a vBulletin password with that. You know the format. Three "a"s hardly count. Remember that the "salt" does not only contain alpha-numerical characters either, and your password length will have to be ~ 35 chars.
|
Ok, give me a hash with a decent ammount of letters and numbers and other chars. :)
|
Use your own forum...
You could also increase the salt size to 12 characters, which would greatly strengthen the password. This is irrelevant. I don't see what this has to do with his problem? If the hacker already has access to his DB, why does he need password? Edit: "f2a92998aecb1b0ad28b6d6a4a6df1e1" Go nuts :) |
Quote:
Quote:
|
I'm surprised the staff here is letting a thread go with a user asking how to exploit vBulletin :O
|
Eh, I would post the site I got this from. But I don't wanna be..like..be ++++ed up. :P
|
You can't exploit vBulletin this way unless you have access to the database first. If you do, you can do far worse things anyway...
Alex, be a nice lad and tell me the password I posted. :) |
Yeah Alex, why don't you do that? :) And Adrian, even if the password was incorrect OR correct, please say so!
|
You have more chance of winning the lottery or being struck by lightning than you have of cracking a vb users password from their hash, not to mention you need a bit more processing power than your average (or even 'powerful') desktop pc. Anyone who claims they crack their members passwords via the hash is lying - even on the minute chance you were very lucky and managed one - everyones salt is different, so the same password has a different hash for each user. Much more likely they simply used dictionary attacks.
|
lol at the noobiness (my new word) of snake
|
Quote:
If you think you are hacked by someone, contact your local authorities or the host/ISP of the hacker. |
| All times are GMT. The time now is 03:06 AM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|