Results 1 to 9 of 9

Thread: Getting the admin PW from a forum...

  1. #1

    Getting the admin PW from a forum...

    Okay so recently I dumped the database of a forum with a few exploits. I did it because there was software on the forum that was hidden and protected because they want you to pay for it. But why pay when you can get it for free? isn't that why we all download warez and music? Well I got the files I needed, but, anyways, even though that's pretty much all I needed to get done so far, I'd still like to crack a few of the passwords of the admins from the board so I could keep an eye on whats going on there in the future. Of course, they are encrypted in md5. Now here is my idea, instead of cracking the pw hashes with rainbow tables or something of the likes, could you go into the database, and switch the password hash of your account, with one of the admins. So you could do that, upload the database. Do a "Forgot your password?" routine on the forum with your account, and then boom it emails you the admin password just like that. Or I guess even you could just change the emails to the accounts around... Anyways, anyone tried that on a phpbb forum before? Did it work? I would just upload the database to my own server but I don't have the resources to do that =( anyone wanna help?

  2. #2
    MD5 is one way encryption, any database that uses on passwords cannot have a email recovery system for forgotten passwords (at least a system that sends the password). PHPBB may have something to change/reset the password with other valid information presented but they cannot send you your password.

    What site did you exploit?

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Well... You seem to have some really sweet ideas there.... Why don't you just try them out and report back what you find...... That would help us all be able to crack these pesky PHP BBS' wouldn't it....

    C'mon man.... We need help too..... We aren't all 1337 like you....

    PS. Did you even read the first page you reached coming to this site?

    Didn't think so!!!!!

    BAM.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    I can't say which one it is, because then they might find out and upgrade their forum! >
    but yeah see, I cant just reset or change the passwords because then they will know right away that they are being attacked and upgrade their forums and ill be screwed. I just want to have them so I can keep an eye on this board and any more programs they release in the future. As soon as my rainbow tables are done generating (only about a year left till they're done I think) I'll give that a go, a shame I had already generated them all at a buddys house but he happens to be on a business trip atm.

    Tiger Shark : What first page? When I came to this site for the first time all I saw an index of forums..if you mean the user agreement stuff when you register, I gave it a quick scan..

  5. #5
    You do realize you just posted details of your attack into a forum for security professionals?

    I hope you weren't expecting much hacking advice from us, considering we eat skiddies for breakfast.

  6. #6
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,534
    Thankfully, this poster has set out EXACTLY what they are after, and they didn't sugar coat it to make it sound like they were interested in HELPING anyone....................

    I would like to think that the forum in question, would be aware that they are under attack, but, unfortunately, in this world that we live in, it is safe to assume the worst.

    To follow in Tiger Shark's footsteps :

    :BAM:
    so now I'm in my SIXTIES FFS
    WTAF, how did that happen, so no more alterations to the sig, it will remain as is now

    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  7. #7
    welllllllllllll...i don't condone mindless destruction of someones website,forum,computer. But if all you want is information, or software, and you can get in and out with out actually causing any damage, then i don't really see much of a problem with it.
    i wasn't looking for a ton of advice, i was just wondering if anyone had tried what i had suggested.

  8. #8
    welllllllllllll...i don't condone mindless destruction of someones website,forum,computer. But if all you want is information, or software, and you can get in and out with out actually causing any damage, then i don't really see much of a problem with it.
    i wasn't looking for a ton of advice, i was just wondering if anyone had tried what i had suggested.
    So you don't believe intellectual property is of any value? I bet the developer you stole software from does.

    Well, at least you were well versed in dealing with us. Most of the skiddies that come here talk leet, so I'll give you that much.

    For future reference to the web app writers: Don't email passwords

  9. #9
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    No son.... you didn't get an answer..... You won't, not from here.... What you are trying to do is actually rather simple.... But you aren't quite smart enough to get it yet are you? The MD5 isn't reversable, (as Soda pointed out), but that's irrelevant, there's a better way on a PHPBB.... Look at the table structure... Silly.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •