Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
Reload this Page Is there a 'see members pw' hack available?
FAQ Community Calendar Today's Posts Search

Reply
Page 1 of 2 1 2
 
Thread Tools Display Modes
  #1  
Old 08-15-2002, 05:36 AM
DanIAm's Avatar
DanIAm DanIAm is offline
 
Join Date: Aug 2002
Posts: 43
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Is there a 'see members pw' hack available?
If so can you point me in the right direction?

edit: Also, could someone not draw up a dummy request for the members name and password. I know nothing about hacking, but how hard would it be to create a section within VB in which upon the member clicking they would be prompted to enter their member name and pw for confirmation. This of course not being encrypted, and either logged or emailed to the admin.
Reply With Quote
  #2  
Old 08-15-2002, 06:03 AM
tHE DSS's Avatar
tHE DSS tHE DSS is offline
 
Join Date: Jun 2002
Location: UK
Posts: 113
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
First, how come you want your members passwords?
Reply With Quote
  #3  
Old 08-15-2002, 07:15 AM
Erwin's Avatar
Erwin Erwin is offline
 
Join Date: Jan 2002
Posts: 7,604
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
No, because members may use the same password for other forums or sites - it would be bad for an admin to abuse that.
Reply With Quote
  #4  
Old 08-29-2002, 06:10 PM
Learner29's Avatar
Learner29 Learner29 is offline
 
Join Date: Nov 2001
Posts: 174
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
not necessarily.....

why do you assume it is necessarily for a negative reason.

if an admin wanna abuse his users, he could sell the email list he has to any porno site, or could do any other thing that might cross your mind.

I still would like to ask for this hack.

if an admin wanna abuse the user and see his or her password, he could always change the email address of that user in the control panel, to his own email, and send the password to the user.

it is that easy.
Reply With Quote
  #5  
Old 08-29-2002, 07:41 PM
NTLDR's Avatar
NTLDR NTLDR is offline
Coder
  
Join Date: Apr 2002
Location: Bristol, UK
Posts: 3,644
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally posted by Learner29
I still would like to ask for this hack.
How many times do you need to be told that this is IMPOSSIBLE?
Reply With Quote
  #6  
Old 08-29-2002, 07:43 PM
N9ne N9ne is offline
 
Join Date: Feb 2002
Posts: 1,495
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
He can't change their email to his own email and get the password sent, as it resets the password when being sent.

Also, to answer the thread starters question: vBulletin uses a MD5 hash technology and it's next to impossible to decode it...
Reply With Quote
  #7  
Old 08-29-2002, 07:49 PM
Logician's Avatar
Logician Logician is offline
 
Join Date: Nov 2001
Location: inside vb code
Posts: 4,449
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally posted by Learner29
not necessarily.....
why do you assume it is necessarily for a negative reason.
Here is the deal: Tell me a good reason you need to know your users' board passwords, I'll tell you how to grab some of them..
Reply With Quote
  #8  
Old 08-29-2002, 07:51 PM
N9ne N9ne is offline
 
Join Date: Feb 2002
Posts: 1,495
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Here's some general advice: Use a different password at every forum you go to, because some people might want it for malicious uses and if ever a hack is released, or they get their hands on a MD5 decoder, you're screwed
Reply With Quote
  #9  
Old 08-29-2002, 07:57 PM
NTLDR's Avatar
NTLDR NTLDR is offline
Coder
  
Join Date: Apr 2002
Location: Bristol, UK
Posts: 3,644
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
The only good use I think think for finding/knowing users passwords is for finding people who have registered dublicate times, in which case there is already a hack that does this, it will compare all the MD5 hashes for duplicate passwords. There is never any need to know what the users password is.
Reply With Quote
  #10  
Old 08-29-2002, 08:14 PM
N9ne N9ne is offline
 
Join Date: Feb 2002
Posts: 1,495
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
However when people register multiple times, they still could be using a different password, which means there are no uses
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 10:02 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05803 seconds
  • Memory Usage 2,250KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete