Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > General > Member Archives

Reply
 
Thread Tools
Details »»

Version: , by da_selector (Guest)
Developer Last Online: Jan 1970 Show Printable Version Email this Page

Version: Unknown Rating:
Released: 07-25-2001 Last Update: Never Installs: 0
 
No support by the author.

I think this is the right forum...is there any way of getting a password from any of the files???

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #52  
Old 09-09-2002, 04:31 PM
Steve Machol's Avatar
Steve Machol Steve Machol is offline
 
Join Date: Nov 2001
Posts: 1,896
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

[QUOTE]Originally posted by TECK
steve, look in admin/adminlog.php at line 308. it's still present as part of the code.
Reply With Quote
  #53  
Old 09-20-2002, 01:18 PM
Merjawy's Avatar
Merjawy Merjawy is offline
 
Join Date: Sep 2002
Location: USA
Posts: 505
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I don't know if this works for everyone or not.. but I have managed to make two admin folders.. one is old like vB2.0.0 or something like that.. and when I need to check passwords I use that side making sure command line to show password in config is there and set to 2. and I was able to see the passwords both ways.. crypted and also have seen the plain text on vB2.2.6
Reply With Quote
  #54  
Old 09-20-2002, 04:35 PM
NTLDR's Avatar
NTLDR NTLDR is offline
Coder
 
Join Date: Apr 2002
Location: Bristol, UK
Posts: 3,644
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally posted by Merjawy
I was able to see the passwords both ways.. crypted and also have seen the plain text on vB2.2.6
Now for some reason why don't I belive you
Reply With Quote
  #55  
Old 09-20-2002, 06:29 PM
g-force2k2 g-force2k2 is offline
 
Join Date: Mar 2002
Location: Everywhere you wanna be..
Posts: 1,608
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

the only way that is possible is if you take out the md5() functions as listed by PPN... unless you got your forum from somewhere else other then vb.com they don't show passwords regards...

g-force2k2
Reply With Quote
  #56  
Old 09-21-2002, 12:42 PM
TECK's Avatar
TECK TECK is offline
 
Join Date: Nov 2001
Location: Canada
Posts: 4,182
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

i know i will not signup with a board that can read my password. that's why i own VB.
Reply With Quote
  #57  
Old 09-21-2002, 03:54 PM
Xenon's Avatar
Xenon Xenon is offline
 
Join Date: Oct 2001
Location: Bavaria
Posts: 12,878
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally posted by TECK
i know i will not signup with a board that can read my password. that's why i own VB.
well that's the problem. An admin with some coding skills can easily change the way passwords are encryptedt by saving em in the db unencrypted also.

so you always have to trust an Admin (also an admin of a vB) that he doesn't do it....
That's why everyone should use different passwords on different pages, just a way of security
Reply With Quote
  #58  
Old 09-21-2002, 03:59 PM
N9ne N9ne is offline
 
Join Date: Feb 2002
Posts: 1,495
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Yep, I sign up on a lot of forums but make sure I use a different password on each...
Reply With Quote
  #59  
Old 12-19-2002, 03:41 PM
Gaz.t Gaz.t is offline
 
Join Date: Jun 2002
Posts: 50
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

umm Best way never use the same PW as your ADMIN CP
Reply With Quote
  #60  
Old 01-05-2003, 02:20 PM
BfB BfB is offline
 
Join Date: Jul 2002
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

FWIW, the owner of a site has installed a hack that emails him the password upon new registrations. It's not the "Who might this New User be?" hack, I'm pretty sure. He is also using the latest vBB. Read here:

Quote:
Here is a little bit more free education on vBulletin and MD5 encryption.

MD5 encryption is one-way encryption. If you have the unencrypted password, you can use vBulletin's built-in functionality to search for users with that password.

When you register, your password, unencrypted, is included in the email notification I receive.

========
There is a new user, *************** at ********* Forums
To view their profile, go here:
http://www.**********.com/forums/mem...o&userid=*****
IP Address: ***.241.245.34
Host Name:
Password: ******
Email Address : ****************@hotmail.com
========

Any ideas how he's doing this?
Reply With Quote
  #61  
Old 01-05-2003, 07:55 PM
okrogius okrogius is offline
 
Join Date: Dec 2001
Location: USA
Posts: 264
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Yes, and it's quite easy to do it to.

The question again is wy you would need clear plain text passwords. Name me one good reason and I'll be glad to help you out.
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:17 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04497 seconds
  • Memory Usage 2,294KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • postbit_imicons
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete