|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 87
Members: 0
Total: 87
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Ok so i have the md5 + salt |
|
Posted: Mon Sep 22, 2008 10:59 pm |
|
|
Poison |
Advanced user |
|
|
Joined: Jul 30, 2008 |
Posts: 126 |
|
|
|
|
|
|
|
Yo so i got the Hash + salt to an ipb 2.3.5 forum, how do i log in with cookies using the hash?
im using firefox |
|
|
|
|
Posted: Tue Sep 23, 2008 5:55 am |
|
|
KOODOS |
Regular user |
|
|
Joined: Sep 23, 2008 |
Posts: 12 |
|
|
|
|
|
|
|
exactly wat i'm wondering.
will the session_id cookie make it impossible?
BTW u can download a cookie editor add-on for firefox |
|
|
|
|
Posted: Tue Sep 23, 2008 11:15 am |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
You have salted hash and that's not useable to logging in without cracking it first. And besides there is IP address and/or user-agent check in place in IPB, so even if you will steal admin's session id from database (this is possible with sql injection), then it's useless ... if ipcheck is active and x-forwarded-for setting is off ... |
|
|
|
|
Posted: Tue Sep 23, 2008 12:01 pm |
|
|
KOODOS |
Regular user |
|
|
Joined: Sep 23, 2008 |
Posts: 12 |
|
|
|
|
|
|
|
i thought so
coz i checked my pass_hash cookie and it was neither my md5(pass) or the overall md5 hash. And i have no idea wat the session_id or the ipb_stronghold cokkies where supposed to be. Also i could not edit any of the cookies anyway. I edit them and automatically they are back to wat they were
Anyway i managed to crack an account or sorry i mean "recovered my password", i feel so special lol |
|
|
|
|
www.waraxe.us Forum Index -> Invision Power Board
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|