The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
|||||||
|
#1
05-12-2007, 03:02 AM
|
|||
|
|||
User could be????
I have searched and I can't find the answer.....
There used to be a hack (a long time ago maybe vb 2.0) that would allow you to determine users that shared passwords, IP addresses etc. It was much easier than searching for similar IP addresses in the admin CP because it would group all users sharing certain characteristics together so you could tell what users might be the same person. Is there a modern version of a hack like that? Thank you in advance for your time. 
|
|
#4
07-14-2007, 11:07 PM
|
|||
|
|||
|
I believe there is a modification to check shared IP addresses, but password checking will be no longer available. Not with MD5 and hashing securities.
|
|
#5
07-14-2007, 11:09 PM
|
|||
|
|||
|
Not really, it can still be done. Just compare the MD5 hashes from the database
|
|
#6
07-14-2007, 11:12 PM
|
|||
|
|||
|
If I'm not mistaken, the hash "scrambles" the already encrypted password, so it won't be the same. Hehe, I'm probably mistaken though. I'll do more research on it.
|
|
#7
07-14-2007, 11:55 PM
|
||||
|
||||
|
Right vbulletin stores passwords as salted md5 hashes. What this means is that for each user a random string is generated ("abc" for example) and is stored in the database under their username as a "salt." When they register and enter in their password it is "salted" with the random string before being hashed. So Password becomes md5(passwordabc). Then when a user logs in what they enter is hashed in the same manner with the salt appended to the end.
So there is no way to compare user's passwords as each user has their own individual salt associated with their username.
|
|
#8
07-14-2007, 11:58 PM
|
|||
|
|||
|
My mistake
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 06:31 PM.