Go Back   vb.org Archive > Community Central > Community Lounge
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #11  
Old 09-25-2007, 01:13 PM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

@Brad,

You forget that it is a double md5(). Bruteforcing a MD5-hash would take you decades, even on very fast computers. The only (reasonable) way to get a md5 is to use rainbow tables, and as far as i know there have never been any created for double md5's.
Reply With Quote
  #12  
Old 09-25-2007, 01:17 PM
dyna88 dyna88 is offline
 
Join Date: Dec 2006
Location: Wisconsin
Posts: 164
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Dean C View Post
I still challenge you, or anyone to do it.

Me also....lol

It would simply be easier to use an exploit to gain access as I mentioned above....
Reply With Quote
  #13  
Old 09-25-2007, 06:18 PM
Jerry's Avatar
Jerry Jerry is offline
 
Join Date: Jun 2003
Posts: 64
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Knightmane View Post
I think this is a good place to mention something I have been seeing on my own web site's Currently Active Users page.

Apparently there are some data thieves out there using script programs to activate and run your own forum's Impex programs and the script will save your forum's data to any server they designate in the script itself, which allows these thieves to look through your data at their own leisure.
This isn't the case, you would need to have write access to the ImpExConfig.php file to do this (to redirect the target database), and someone has read/write access to your server and malicious intent, ImpEx is the last of your worries.

Quote:
Originally Posted by Knightmane View Post
The first time I saw these people doing this, my first thought wasn't piracy; it was, "Hey, I don't have Impex installed. What's going on?"
They were most likely polling to find it to see if you have a very old version that did have the one exploit in it.

Quote:
Originally Posted by Knightmane View Post
The next time it happened, I reported the incident to the server provider where the script was trying to aim data to, and they closed that thief's server account permanently (they thanked me in an email for bringing it to their attention.)

The following times I have seen this, I have simply IP banned their ISPs. I know that is a bit extreme, but I got tired of seeing the attempts being made.
With the latest ImpEx there is no known threat and removing it is the best protection, as it's a one time tool and by the time you do another import, I've most likely updated something and there will be a new version.

Quote:
Originally Posted by Knightmane View Post
So if you have Impex installed on your web server where your forum is located, please keep in mind that you are inviting these people to hit your forum site to back up your web forum data to read through later. And yes, this will also mean that they can get your passwords, too.
No they can't get the data, and no they can't get the passwords. Even if the could with the salted md5 of the password it wouldn't help.

Quote:
Originally Posted by Knightmane View Post
Impex, while a good program, I am to understand, is a major security risk in this case. If you are not using the program, disable it and that will prevent these people from being able to use it on your own web site.
It is not, it is however a powerfull tool that has read and write access depending on it's configuration, and the ability to delete data it has imported from an forum, though not from a forum where the import has been finalised (removing the import ids). Once installed it requires (as mentioned) admincp access and the customer number.

Quote:
Originally Posted by Knightmane View Post
Thank you for your time. I just thought vbulletin should know what was happening with this situation. Please look into this!
I do constantly, it's my full time job

Quote:
Originally Posted by Knightmane View Post
(I posted this information on vbulletin.com, but I wanted to make sure everyone knew about this so they could take protective measures.)
Quote:
Originally Posted by Dean C View Post
Well it's your own fault if you left a security risk on your server. I believe it does say to remove impex files once you're done.
Ditto, basically do the import, finalise the import, then remove the files, one time tool etc.

Quote:
Originally Posted by dyna88 View Post
More then likely the reason they are looking for impex is because an older version used in conjunction with 3.5.1-3.5.4 I think it was had a few RFI exploits....this is why it is so important to keep updated.
There was one, on March 23rd ..... I remember that as it is my birthday ! I fixed that and it's the only one I'm aware of.
Reply With Quote
  #14  
Old 09-25-2007, 07:36 PM
Brad Brad is offline
 
Join Date: Nov 2001
Posts: 4,765
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Marco van Herwaarden View Post
@Brad,

You forget that it is a double md5(). Bruteforcing a MD5-hash would take you decades, even on very fast computers. The only (reasonable) way to get a md5 is to use rainbow tables, and as far as i know there have never been any created for double md5's.
I never said I'd get it in a timely manner. It was stated that it was impossible to get the password, I'm saying it is possible in theory and that leads to begin possible in pratice. It may take years and years to do it but it is possible.

I understand that it's doubled md5ed and a salt is used to make it harder. But the fact remains that the routine for storing and generating that data is known to anyone that can read the source code. If I know the routine, and have the data from the user table, and have the computing power to throw at the problem I will end up with a working password at some point.
Reply With Quote
  #15  
Old 09-25-2007, 07:45 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Brad View Post
I will end up with a working password at some point.

I can just see you now, password in one hand, pension book in the other
Reply With Quote
  #16  
Old 09-26-2007, 06:59 AM
Freesteyelz's Avatar
Freesteyelz Freesteyelz is offline
 
Join Date: Jan 2006
Posts: 1,552
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Paul M View Post
I can just see you now, password in one hand, pension book in the other
Salt...Hash...Brad will be all over this one.
Reply With Quote
  #17  
Old 09-26-2007, 12:24 PM
Brad Brad is offline
 
Join Date: Nov 2001
Posts: 4,765
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Paul M View Post
I can just see you now, password in one hand, pension book in the other
Well I'd go a quicker route if I really wanted to get in of course! You'd be an idiot if you tried to get the password like that...it'd be far easier to break into the server through some hole. Of course you never know...md5 could be broken by the time I get old. >)

Freestyelz; I gave up on that stuff awhile ago. PM me if you'd like to know why.
Reply With Quote
  #18  
Old 09-27-2007, 03:29 AM
Freesteyelz's Avatar
Freesteyelz Freesteyelz is offline
 
Join Date: Jan 2006
Posts: 1,552
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Brad View Post
Freestyelz; I gave up on that stuff awhile ago. PM me if you'd like to know why.
Hahaa...Well, we've spoken about this years ago too off and on so I'm glad to hear that. :up: Man, we gotta catch up. It's been a while so I'm looking forward to hearing your latest happenings.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:33 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.11695 seconds
  • Memory Usage 2,253KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (15)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (8)post_thanks_box
  • (8)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (8)post_thanks_postbit_info
  • (8)postbit
  • (8)postbit_onlinestatus
  • (8)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete