|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 91
Members: 0
Total: 91
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
The Ultimate N00B Question |
|
Posted: Sun Jul 01, 2007 2:56 pm |
|
|
funtime |
Regular user |
|
|
Joined: Jul 01, 2007 |
Posts: 5 |
|
|
|
|
|
|
|
Pretty simple question I want to know if any of you know of any scripts (forums and guestbooks are a plus)
THAT DO NOT HASH THE PASSWORDS
My friend told me there is some mod for phpbb that changes it to it doesn't do md5 anymore and the passwords are raw.
That means you can look them up in the database without having to waste your time with md5 cracking sites.
Anyone know of anything? I have been looking around and no luck. Hope someone can help me out!
|
|
|
|
|
|
Re: The Ultimate N00B Question |
|
Posted: Sun Jul 01, 2007 4:19 pm |
|
|
ToXiC |
Moderator |
|
|
Joined: Dec 01, 2004 |
Posts: 181 |
Location: Cyprus |
|
|
|
|
|
|
funtime wrote: | Pretty simple question I want to know if any of you know of any scripts (forums and guestbooks are a plus)
THAT DO NOT HASH THE PASSWORDS
My friend told me there is some mod for phpbb that changes it to it doesn't do md5 anymore and the passwords are raw.
That means you can look them up in the database without having to waste your time with md5 cracking sites.
Anyone know of anything? I have been looking around and no luck. Hope someone can help me out!
|
what exactly you want to do .. ? change the password to be stored in plaintext instead of using md5 fundtion ? ..or retrieve the all the md5 passwords in plain text ?
At first case this can be done by changing the appropriate insert/select statements of phpnuke so that they dont use md5 to check/insert into the databse.. which i dont know if exists any module that does that ..
at second case : is impossible to retrive all passwors of a database . You can only try to crack them with various ways .. |
|
_________________ who|grep -i blonde|talk; cd~;wine;talk;touch;unzip;touch; strip;gasp;finger;gasp;mount; fsck; more; yes; gasp; umount; make clean; sleep;wakeup;goto http://www.md5this.com |
|
|
|
|
|
|
|
Posted: Sun Jul 01, 2007 5:43 pm |
|
|
funtime |
Regular user |
|
|
Joined: Jul 01, 2007 |
Posts: 5 |
|
|
|
|
|
|
|
let me explain better there is a lot of scripts out there and not everyone has their passwords convert to md5. some go into a flatfile or your sql database just as plain text and that's want i'm looking for. why waste your time TRYING to convert passwords when you could use a script made (forum or a guestbook which requires member to register) and get all the passwords from the database or flatfile with no effort. do you see what i mean? if you are thinking this is not true then you are wrong because i got a script from trendy website creator (yep everyone who wants to get peoples password go hunt it down i'm telling you a secret lol). it shows you the passwords of your members accounts. BUT ITS NOT A FORUM it's a automatic website creation tool for your members (customers).
so here is the question again does anyone know of any script that will show the owner (cause it will be put on a host i own so i have total control over it and any data it records) the passwords set by the user of every account made on that forum or guestbook?
OR BETTER YET know how to remove the md5 code in the "registered new user" and explain how to set it so it INSTEAD adds plain text for the password then bthe md5 crap.
OK this changed from asimple newbie question to a better put on the thinking cap lol.
As i am asking you this question i am looking onlinefor scripts (from really cheap poorly made companies) and hoping iget lucky. if i find anything i will share with all of you. but if you know anything that can help please share your info with me i could use any help you have to offer.
(i found this siimple forum script called chipmonk forum and here is the link)
http://www.chipmunk-scripts.com/page.php?ID=8
i wonder is anyone can tell me how to alter the reguser.php so it inserts the users password as plain text. looks a lot less crazy then phpbb or even smf.
I tried just copy the code for how it enters the info into the sql for name and that didnt work.
|
|
|
|
|
|
|
|
|
Posted: Sun Jul 01, 2007 10:35 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
You can make additional table "phpbb_plaintext" and add 1-2 lines new code, which will in case of new user registration insert md5 to old table AND plaintext password to new table. Better yet - in phpmyadmin just copy the old users table (structure only) and then use original sql clause form source code with little modification (password instead md5). |
|
|
|
|
|
|
|
|
Posted: Mon Jul 02, 2007 3:09 am |
|
|
funtime |
Regular user |
|
|
Joined: Jul 01, 2007 |
Posts: 5 |
|
|
|
|
|
|
|
WOW Waraxe you are a god ok now comes the big super question can YOU please help me with this? Is there anyway I can ask you to either show me a tutor that is out there or what the code that I supposed to add looks like? I'm great at adding mods to boards but not a pro at php and sql but I am a FAST learner! the chipmonk board I posted the link for is perfect if you can show me something for that or even phpbb or hell ANY board I am not picky anything will do. I'm happy enough JUST to get a answer from someone who knows what I am asking about! Again thank you for answering my question. I hope you can help me by making a tutor or even a premade file or anything so I can get this uploaded and get it going.
|
|
|
|
|
|
|
|
|
Posted: Mon Jul 02, 2007 3:24 am |
|
|
funtime |
Regular user |
|
|
Joined: Jul 01, 2007 |
Posts: 5 |
|
|
|
|
|
|
|
OK messing around with it this is what is happening
I changed the md5 (which is in ONLY 2 files reguser.php in the root of the chipmonk forum folder and one in the admin folder called reguser.php)
and I Changed it to password
(so it said this before)
if ($password==$pass2 && $_POST['password'])
{
$password=md5($password);
and now it says
if ($password==$pass2 && $_POST['password'])
{
$password=password($password);
Also I added a copy of the table users and called it users2 but i'm kinda stuck how do I alter it so it will make a copy to that table can you help? Can anyone help?
When I did the password instead of md5 I got this error
Fatal error: Call to undefined function: password() in /public_html/monk/reguser.php on line 72
I'm Soooooooooo close I can taste it!
P.S. I am using this as my forum so that way everyone knows what I am messing with.
http://www.chipmunk-scripts.com/page.php?ID=8
If anyone knows how to do this or has it done allready with another board style (invision,phpbb,smf) I will gladly try what you got but I am only doing this one since its really small and easy to understand. |
|
|
|
|
|
|
|
|
Posted: Mon Jul 02, 2007 5:12 am |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
Some idea to think.
Code is delete by me |
|
Last edited by pexli on Tue Jul 03, 2007 6:06 am; edited 1 time in total |
|
|
|
|
|
|
|
Posted: Mon Jul 02, 2007 1:47 pm |
|
|
funtime |
Regular user |
|
|
Joined: Jul 01, 2007 |
Posts: 5 |
|
|
|
|
|
|
|
WOW! this is what I am looking for!
*****UPDATE******
WOW THAT TOTALLY WORKS! That is the neatest shit I have ever seen in my life the person who made that is a freaking god! I'm freaking OUT! it's so awesome!!! OK like I said I will uploaded this and if the link dies just pm me on this board and I will reupload.
*****UPDATE******
If anyone has anything like this for any ANOTHER forum / board / script please post it cause that would really be awesome! I will upload this vb script (precracked and ready to go) when I got it working just as a thanks for everyone helping me out on this. Again I want to say thank you to EVERYONE who has posted on my thread. You guys are really pretty awesome here so thanks a lot!. |
|
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|