Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 06-07-2007, 09:19 AM
dizzine dizzine is offline
 
Join Date: Oct 2005
Posts: 36
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default unethical question re: password logging

ignoring the obvious ethical issues are there any hacks that can log the plain text password of users as they login to the forum?

providing users are informed that logging takes place i dont see a problem.
Reply With Quote
  #2  
Old 06-07-2007, 11:40 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Possible, but no modifications have been released for this and I doubt there will be. Additionally, passwords are zapped (encrypted) on submission. But that can be turned off.
Reply With Quote
  #3  
Old 06-07-2007, 01:46 PM
dizzine dizzine is offline
 
Join Date: Oct 2005
Posts: 36
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

im speculating here as a non coder but couldnt the plain text password be 'interupted' before the db md5 hash query and sent to a .txt file in the forum file structure..

should be a simple bit of code..just wish i had studied software in school all those years ago..lol
Reply With Quote
  #4  
Old 06-07-2007, 01:48 PM
nexialys
Guest
 
Posts: n/a
Default

by editing the <form to not have the passwordMD5 part, sure it is... so you md5 the password inside the record process instead... 2 edits...

this is less secure, as the data can be extracted on process, but if that's what you want...

why this btw ?!
Reply With Quote
  #5  
Old 06-07-2007, 02:04 PM
dizzine dizzine is offline
 
Join Date: Oct 2005
Posts: 36
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

curiosity really..
someone asked me how secure a vbulletin pwd was and ever since ive been wondering how to get round the md5 encryption..no other reason..
vbulletin is very secure it seems, double md5 hash plus salt..a reverse lookup of a vB hash is nigh on impossible..

in this situation keeping the md5 hash intact would be the best option and just using a line of code to output the raw text to a file during login..just wish i knew .php/mysql

i know there are lots of frowns about this subject but if you own the license/forum and are open about what youre trying to do then i dont think there should be issues worth raising in relation to such a mod/hack.
Reply With Quote
  #6  
Old 06-07-2007, 02:19 PM
Brad Brad is offline
 
Join Date: Nov 2001
Posts: 4,765
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

All you have to do is remove some javascript and catch the plaintext in the php code before it's hashed.
Reply With Quote
  #7  
Old 06-07-2007, 02:25 PM
dizzine dizzine is offline
 
Join Date: Oct 2005
Posts: 36
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

hehe..you make it sound sooo easy Brad..
x
Reply With Quote
  #8  
Old 06-07-2007, 02:33 PM
nexialys
Guest
 
Posts: n/a
Default

Quote:
Originally Posted by dizzine View Post
hehe..you make it sound sooo easy Brad..
x
hey, i made it as simple BEFORE BRAD... lol

and actually, the only reason someone would make this possible is to enable the possibility to grab your "forgotten password" without reseting it...

i've done that for a client one day... he lost his time as all the members that needed password extraction were using the reset process anyway.. lol
Reply With Quote
  #9  
Old 06-07-2007, 02:43 PM
dizzine dizzine is offline
 
Join Date: Oct 2005
Posts: 36
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

oh yeah sorry nexialys..
im still none the wiser as to the code/js needed..but im guessing providing someone knew the ftp user account details a form can be modded to provide a method of grabbing text pwds before they get hashed/compared..

so in essence regardless of how pwds are stored the only really important pwd is the admins ftp account..sheesh..!!
Reply With Quote
  #10  
Old 06-07-2007, 06:54 PM
Brad Brad is offline
 
Join Date: Nov 2001
Posts: 4,765
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by dizzine View Post
oh yeah sorry nexialys..
im still none the wiser as to the code/js needed..but im guessing providing someone knew the ftp user account details a form can be modded to provide a method of grabbing text pwds before they get hashed/compared..

so in essence regardless of how pwds are stored the only really important pwd is the admins ftp account..sheesh..!!
Well a proper modification would catch the plaintext version and hold it in memory until the user is logged in. If the user managed to log-in we know that password is good and we can store it somewhere for whenever it's needed.

The main problem with this is removing the bit of javascript in the navbar. You see it will hash the password on the client side before sending it off to the server (if the client has javascript on that is). This was done in the name of security...someone can't grab the plaintext version in-route to your server in other words.

I'm not interested in coding such a thing just because it doesn't catch my fancy but I'm sure some one around here would be willing to do it for you if you really wanted it.

You could always just hack out the hashing and store the passwords as plaintext in the database (you're doing it anyway in my above example ). But hey, wheres the fun in that?
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:23 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.10443 seconds
  • Memory Usage 2,250KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (8)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete