May 2nd, 2003, 11:12 PM
hacking ma bbs
I wanted to test an old vbulletin installation i got left from a friend ages ago, i don`t use it btw. After searching for any exploits for it (i was just bored and wanted to see what i could do) i found a exploit published here: http://www.xatrix.org/article2034.html the version is 2.2.5 btw.
Anyway i did what it said and got the sessionid, and password hash, but they were encrypted, so i don`t see the reason in my patching it because it's encrypted anyway, so no one can get into it.
Also, it's not like the exploit gave my username or password away at all, so even if attackers saw what i did they couldn`t do anything.
Am i just reading this all wrong and infact it's giving away alot of detail with which someone could hack my bbs? if so, please explain cos i don`t understand the benefits of patching this paticular exploit.
May 2nd, 2003, 11:23 PM
Password crackers can do it very fast once they have the hashes. (Relatively fast).
With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!
Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.
May 5th, 2003, 04:55 PM
The exploit i listed is a stupid one, it requires the `target' which was me, to be not logged in, so i`d have to follow the malicious link, (without being logged in), then i`d somehow be taken to a login page (which would be suspicious) then i`d have to login, and then i`d have to go back twice in the browser in order to execute the malicious code.
Anyway thanks, I think I'll go make a md5 decryptor now.
May 5th, 2003, 10:14 PM
If you succeed in its creation. Please, send it to me.
I think I'll go make a md5 decryptor now
It would be a good way to become popular.
Life is boring. Play NetHack... --more--