 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 74
 Members: 0
 Total: 74
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
vBulletin logging in.. with a hash. |
|
 Posted: Sat Jul 26, 2008 1:52 am |
 |
|
| Urb4n |
| Advanced user |
 |
|
| Joined: Apr 16, 2008 |
| Posts: 55 |
|
|
|
 |
|
 |
|
| k so I'm using tamper data, and I can't find a field for the salt of a hash, so I'm wondering does it submit the pw as a regular md5, then after that, recrypt it and add a salt? Is there anyway to simply log into a forum with a users salt+md5? |
|
|
|
|
| Posted: Sat Jul 26, 2008 2:02 am |
|
|
| mge |
| Valuable expert |
|
|
| Joined: Jul 16, 2008 |
| Posts: 142 |
|
|
|
|
|
|
|
a search in official vbulletin forums gave me the following clues:
| Quote: | | md5(md5(md5('plaintext password') . $salt) . COOKIE_SALT) |
whereas $salt is saved in the database table "user" in the column "salt" and the constant COOKIE_SALT includes the license number.
could be a little tricky 
though it might be different for an older version |
|
|
|
|
www.waraxe.us Forum Index -> Hash related information
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
