Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #11  
Old 12-22-2008, 04:47 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If he got access to the database, he could just create a new account with Admin access if he wanted. Or he could temporarily change the password of your moderator.

You have more problems to worry about than a moderator's account.
Reply With Quote
  #12  
Old 12-22-2008, 09:46 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by el_capiton View Post
i've a guy claiming it accessed the database and got one mod pass and logged in with it.
he has made a screenshot of mods and admin area to prove he was there.
the mod pass was 10 chars long and it was portuguese, its still easy to be discovered?
Create a test account and provide your firend with the hash. Ask him to provide the real password.
Reply With Quote
  #13  
Old 12-22-2008, 03:26 PM
x0r x0r is offline
 
Join Date: Sep 2008
Posts: 17
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Cracking hashes is pretty easy if you know what are you doing...

see this for examples...
https://vborg.vbsupport.ru/showthread.php?t=199526
Reply With Quote
  #14  
Old 12-22-2008, 11:42 PM
RHWiRED RHWiRED is offline
 
Join Date: Jun 2008
Posts: 51
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Err, you are ALL wrong!
Cracking vBulletin hash's and salts is extremely easy. All you need to know, is the hash format, which is: MD5(MD5(password).salt)

People load a dictionary, set it to dictionary mode, load the user: password:email list, and within seconds, all the easy passwords are cracked.
Leave it an hour or so and the more difficult passwords are cracked. If the rest aren't cracked by the end, changes are they're using an extremely hard password.

Make sure you use a combination of lowercase, higher case, numbers, letters, and special characters when you generating a password:

Example: ()Q@[]4[[!*^Yejfbn f(@344{P}{(*&@
- Virtually impossible to brute & dictionary attack.


Cheers
Reply With Quote
  #15  
Old 12-23-2008, 02:26 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

That is assuming the attacker knows the salt.
Reply With Quote
  #16  
Old 12-23-2008, 02:57 AM
RHWiRED RHWiRED is offline
 
Join Date: Jun 2008
Posts: 51
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The salt hash is IN the database marked under "salt".
If they have the database, they have the salt, email, and basically every single bit of info displayed on the website.

Cheers,
Reply With Quote
  #17  
Old 12-26-2008, 05:45 AM
Medtech's Avatar
Medtech Medtech is offline
 
Join Date: Oct 2007
Posts: 310
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by RHWiRED View Post
The salt hash is IN the database marked under "salt".
If they have the database, they have the salt, email, and basically every single bit of info displayed on the website.


Cheers,
Exactly!!
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:36 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05280 seconds
  • Memory Usage 2,220KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (7)post_thanks_box
  • (7)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (7)post_thanks_postbit_info
  • (7)postbit
  • (7)postbit_onlinestatus
  • (7)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete