Waraxe IT Security Portal
Login or Register
March 13, 2025
Members List
IRC chat
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
Sql Char Encoder
y3dips ITsec
Md5 Cracker
User Manuals
Recommend Us
Your Account
User Info
Welcome, Anonymous

Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 69
Members: 0
Total: 69
Full disclosure
Multiple sandbox escapes in asteval python sandboxing module
SEC Consult SA-20250226-0 :: Multiple vulnerabilities in Siemens A8000 CP-8050 & CP-8031 PLC
Re: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client
MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client
Self Stored XSS - acp2sev7.2.2
Python's official documentation contains textbook example of insecure code (XSS)
Re: Netgear Router Administrative Web Interface Lacks Transport Encryption By Default
Monero 18.3.4 zero-day DoS vulnerability has been droppedpublicly on social network.
Netgear Router Administrative Web Interface Lacks Transport Encryption By Default
[CVE-2024-54756] GZDoom <= 4.13.1 Arbitrary Code Execution viaMalicious ZScript
Re: Text injection on https://www.google.com/so rry/index via ?q parameter (no XSS)
SEC Consult SA-20250211-0 :: Multiple vulnerabilities in Wattsense Bridge
APPLE-SA-02-10-2025-2 iPadOS 17.7.5
APPLE-SA-02-10-2025-1 iOS 18.3.1 and iPadOS 18.3.1
CVE-2024-55447: Access Control in Paxton Net2 software (update)
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> phpBB 2.0.22 database too big?
Post new topicReply to topic View previous topic :: View next topic
phpBB 2.0.22 database too big?
PostPosted: Tue Apr 22, 2008 7:47 pm Reply with quote
Joined: Apr 22, 2008
Posts: 4


I just encountered the most damned problem, after a horrible time getting access, I finally managed to get a moderator (possibly admin? dunno?) who has the rights to backup the database. Hooray I thought..

The forum in question has around 10k users and 40k posts, and I started happily downloading their full database at an easy 1meg/sec. 80 meg later ffox siezes up and the download times out .. I try again, this time using the gzip option, however when extracting in winrar I get that the archive is damaged..

I opened up the 80meg that I managed to download before the timeout, and sadly the users table isn't amongst it.. I just got basically 425,000 lines of forumposts and random crap, plus ~400,000 lines of search_wordlist.

So.. basically I need to exact a single table (or perhaps delete the wordlist ones via controlpanel? possible?).. Any suggestions? I've googled around some and it seems that this is a common problem, however most remedies include using phpmyadmin, something which I can't really do since I only (so far) have access to the admin cp.
View user's profile Send private message
PostPosted: Tue Apr 22, 2008 10:38 pm Reply with quote
Joined: Apr 22, 2008
Posts: 4

A little appendix to my previous post, it seems that EasyMod might be used as an alternative entrypoint? The data I managed to extract included the EM password, md5 encrypted.

(edit; found hash) 1a353063dbd2da7ba471849c35f90886 .. Any help decrypting it appreciated, I'll run my computers trying to do it during the night.

Does anyone have any previous experience with what you can do with EasyMod? Is it a viable method of extracting the remaining database?

Also, if I would to remove the ~40k posts from the forum, it's quite logical that both the wordlist_search tables would empty themselves as well as the massive lines of forumposts that make up the database?

(Sorry, bit of a spammer Smile)

Last edited by revulsion on Wed Apr 23, 2008 6:22 am; edited 1 time in total
View user's profile Send private message
PostPosted: Tue Apr 22, 2008 10:46 pm Reply with quote
Advanced user
Advanced user
Joined: Jan 22, 2008
Posts: 208

Yep if u get rid of the posts the database size will be much smaller Wink Of course this will quickly alert other admins that something is wrong.
Good work so far mate.. may i ask how you got into phpbb 2.0.22?

View user's profile Send private message Visit poster's website
PostPosted: Tue Apr 22, 2008 10:55 pm Reply with quote
Joined: Apr 22, 2008
Posts: 4

gibbocool wrote:
Yep if u get rid of the posts the database size will be much smaller ;) Of course this will quickly alert other admins that something is wrong.
Good work so far mate.. may i ask how you got into phpbb 2.0.22?

Yeah that'll be my last resort then I guess, not really my intention to mess up their entire board either, though it's nearly their own fault if they don't backup :). Afraid me getting into the board wasn't too advanced, a large ISP where I live got hacked the other day, and their database was released. I had a database from five years back which I crosschecked with the new one.. Then I picked out the relevant stuff that I wanted (some specific accounts), found 10ish that matched what I wanted. Then on one of those I noticed he had a "you have a new reply" message on some forum, checked it and noticed he had userid #2 ..

Soon afterwards I noticed it was a pretty nice find since the forum was huge.. so, yeah, not exactly repeatable I'm afraid. Huuuuge luck factor other than this snag in the end.
View user's profile Send private message
PostPosted: Wed Apr 23, 2008 10:28 am Reply with quote
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu

Plaintext of 1a353063dbd2da7ba471849c35f90886 is torefors

View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Sun Oct 05, 2008 10:26 pm Reply with quote
Joined: Oct 06, 2008
Posts: 2

may you tell me which forum did u hack?

you can send me a pm Smile
View user's profile Send private message
PostPosted: Mon Oct 06, 2008 9:10 pm Reply with quote
Valuable expert
Valuable expert
Joined: May 15, 2008
Posts: 275

1) Use correct grammar. Its "will you" not "may you"
2) You only want the URL so you can "hack" it using the cracked hash.

Sorry if that sounds blunt, but its got to be said.
View user's profile Send private message
phpBB 2.0.22 database too big?
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic

Powered by phpBB © 2001-2008 phpBB Group

Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.035 Seconds