Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
Reload this Page database hacked > know users passwords
FAQ Community Calendar Today's Posts Search

Reply
Page 1 of 2 1 2
 
Thread Tools Display Modes
  #1  
Old 12-17-2008, 11:48 PM
el_capiton el_capiton is offline
 
Join Date: Dec 2008
Posts: 11
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default database hacked > know users passwords
hello

if someone gains access to the vbulletin database, is it possible for the hacker to know the users pass? i mean they are in hash format could they retrieve the passwords from the hash? how long would it take to perform this task, if possible
Reply With Quote
  #2  
Old 12-17-2008, 11:52 PM
SEOvB's Avatar
SEOvB SEOvB is offline
 
Join Date: May 2007
Location: Indianapolis
Posts: 2,451
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
It would take ages to perform for each individual password
Reply With Quote
  #3  
Old 12-17-2008, 11:59 PM
el_capiton el_capiton is offline
 
Join Date: Dec 2008
Posts: 11
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by FRDS View Post
It would take ages to perform for each individual password
for ages you mean days, weeks, months?
even with the salt thing i think vbulletin has in the passwords?
Reply With Quote
  #4  
Old 12-18-2008, 12:04 AM
phantom15 phantom15 is offline
 
Join Date: Jan 2008
Posts: 31
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
md5 salted... to bruteforce would take years I think
Reply With Quote
  #5  
Old 12-18-2008, 12:30 AM
SEOvB's Avatar
SEOvB SEOvB is offline
 
Join Date: May 2007
Location: Indianapolis
Posts: 2,451
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by el_capiton View Post
for ages you mean days, weeks, months?
even with the salt thing i think vbulletin has in the passwords?
By ages I mean, a lot longer than it'd ever be worth
Reply With Quote
  #6  
Old 12-18-2008, 10:15 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
There are no known rainbow table attacks for this type of hash. The only method would be to brute force, and that would take years. After brute forcing the hash, you would need to brute force the actual password's hash, which would take less time, but still time (although this time, rainbow tables are possible).
Reply With Quote
  #7  
Old 12-19-2008, 12:57 AM
el_capiton el_capiton is offline
 
Join Date: Dec 2008
Posts: 11
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
thanks for your answers
Reply With Quote
  #8  
Old 12-19-2008, 01:09 AM
Medtech's Avatar
Medtech Medtech is offline
 
Join Date: Oct 2007
Posts: 310
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by phantom15 View Post
md5 salted... to bruteforce would take years I think
Actually with salt and the latest dictionaries, it is done in about 20 seconds.. if the perp knows what the salt is.

Quote:
Originally Posted by FRDS View Post
It would take ages to perform for each individual password
Actually Admins are the targets, what good would it do to hack a mod or member?

You want a secure password? use 4 to 5 words with spaces and a couple symbols. That is impossible to decode for even the best hackers. I use 1024 bit encryption in my passwords.. even the feds can't decode that, lol
Reply With Quote
  #9  
Old 12-19-2008, 03:34 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
How about we go all out and use Whirlpool?
Reply With Quote
  #10  
Old 12-21-2008, 06:03 PM
el_capiton el_capiton is offline
 
Join Date: Dec 2008
Posts: 11
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Medtech View Post
Actually with salt and the latest dictionaries, it is done in about 20 seconds.. if the perp knows what the salt is.



Actually Admins are the targets, what good would it do to hack a mod or member?

You want a secure password? use 4 to 5 words with spaces and a couple symbols. That is impossible to decode for even the best hackers. I use 1024 bit encryption in my passwords.. even the feds can't decode that, lol
i've a guy claiming it accessed the database and got one mod pass and logged in with it.
he has made a screenshot of mods and admin area to prove he was there.
the mod pass was 10 chars long and it was portuguese, its still easy to be discovered?
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 03:23 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04039 seconds
  • Memory Usage 2,248KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (5)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete