Results 1 to 2 of 2

Thread: Since that thread died...

  1. #1
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255

    Since that thread died...

    And we discussed full disclosure earlier:

    Okay so recently I dumped the database of a forum with a few exploits. I did it because there was software on the forum that was hidden and protected because they want you to pay for it. But why pay when you can get it for free? isn't that why we all download warez and music?
    Stealing software is bad.

    Well I got the files I needed, but, anyways, even though that's pretty much all I needed to get done so far, I'd still like to crack a few of the passwords of the admins from the board so I could keep an eye on whats going on there in the future. Of course, they are encrypted in md5. Now here is my idea, instead of cracking the pw hashes with rainbow tables or something of the likes, could you go into the database, and switch the password hash of your account, with one of the admins. So you could do that, upload the database. Do a "Forgot your password?" routine on the forum with your account, and then boom it emails you the admin password just like that. Or I guess even you could just change the emails to the accounts around... Anyways, anyone tried that on a phpbb forum before? Did it work? I would just upload the database to my own server but I don't have the resources to do that =( anyone wanna help?
    Yes, I've done that to my own PHPBB installs.

    All you need is some SQL like:
    PHP Code:
    UPDATE usertable SET passwordfield MD5('newpassword'WHERE username 'targetuser' 
    Changing usertable, passwordfield, username, and 'targetuser' to suit the DB. Now, note this won't actually help you break into said system (unless it's still vulnerable), nor will it help you get the admin password.

    In any event, rest assured your traffic will be logged and you'll likely be contacted by the authorities. Don't say nobody warned ya.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  2. #2
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    In any event, rest assured your traffic will be logged and you'll likely be contacted by the authorities. Don't say nobody warned ya.
    Alas, there is never a copper around when you want one, as we Brits say.................I fear there is little hope that the authorities will be called in. Seing as the site was hosting warez.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •