vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   View plain text vbulletin passwords. (https://vborg.vbsupport.ru/showthread.php?t=194683)

Loget 10-27-2008 08:26 AM
View plain text vbulletin passwords.
 
Does anyone know how to do this? I need this to detect multiple accounts. I want the password sent to a .txt files everytime a user logs in.

If anybody can help that would be great!

snakes1100 10-27-2008 08:28 AM
Not possible, there is a hack in the mods section that uses cookies to detect multies, do a search for it.

Loget 10-27-2008 08:31 AM
Im pretty sure its possible since anyone can edit the code on the vbulletin files....

snakes1100 10-27-2008 09:12 AM
ok, well edit away, vbulletin uses this, good luck.

$hash=MD5(MD5($password)+$salt)

Dismounted 10-27-2008 11:22 AM
The only way to "crack" a vBulletin password hash is to brute force it. And that will take a long, long time. Rainbow tables won't work as a random salt (unique to each user) is added.

Videx 10-28-2008 01:47 AM
How the heck would knowing someone's password enable you to detect multiple logins anyway? You mean for the people that are stupid enough to use the same password?

The mod you want is Multiple account login detector (AE Detector) .

punchbowl 01-10-2009 02:07 PM
If I get the md5 password and salt through mysql how can I return a plaintext password?

edit: impossible apparently

Rene Kriest 01-10-2009 04:03 PM
Quote:
Originally Posted by Videx (Post 1654236)
How the heck would knowing someone's password enable you to detect multiple logins anyway? You mean for the people that are stupid enough to use the same password?

The mod you want is Multiple account login detector (AE Detector) .
Dude, it is simple as it is: spamers need to take care of their PWs and believe that they are hidden to moderators and maybe admins. Cookies can be deleted anyway, IP changed as well - but change 10+ PWs?

I worked for a very large forum and the moment we accidentally had access to the plain PWs we had the ability to boot a large stack of forum spamers and idiots.

AE detector is useful but only if - if someone keeps his cookies and that is depending more on a wish than really a reliable forensic method.

And last but not least: you always have to take more than one aspect into consideration. Cookie detection is one thing, identical PW another. The more pieces you get together the better. I wouldn't rely solemly on AE detector and on PW alone - but together they rock.

Bellardia 01-10-2009 05:27 PM
A password is even easier to abuse than a cookie.
The spammer only needs one per account, and rarely has to log in more than once, thus it could create a totally random PW and it wouldn't make a difference.

If you really insist on doing this you could add an extra hidden field in the login form, on form submit (this.value=getElementsById(vb_login_password).val ue). Then modify the login page to store that field.

I won't really help you further because it's not a good idea. You're willing to jeopardize your sites security to try and find spammers that use the same password. Might as well just allow the 'random' salt to be a fixed value so the same passwords have the same hash.

Dismounted 01-11-2009 04:46 AM
Quote:
Originally Posted by punchbowl (Post 1707339)
If I get the md5 password and salt through mysql how can I return a plaintext password?

edit: impossible apparently
One of the joys of MD5/SHA/Whirlpool/etc. is that they are one-way hashes. :)


All times are GMT. The time now is 06:31 AM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01005 seconds
  • Memory Usage 1,730KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete