|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 54
Members: 0
Total: 54
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
1 MD5 from IPB |
|
Posted: Mon Jul 13, 2009 6:50 pm |
|
|
Zax0mA |
Beginner |
|
|
Joined: Feb 26, 2008 |
Posts: 3 |
|
|
|
|
|
|
|
Here is the dump data from IPB.
Does IPB actually use a salt? Couldn't find any salt info in the mysql table...
Here is the hash, please tell me where to find the salt, if it exists.
"93ba65e438b671ab3bc030828f909a60".
Would be nice to see it cracked, can give you root servers for it.
Regards, |
|
|
|
|
|
Re: 1 MD5 from IPB |
|
Posted: Mon Jul 13, 2009 6:59 pm |
|
|
BoboTiG |
Advanced user |
|
|
Joined: Jun 22, 2009 |
Posts: 66 |
|
|
|
|
|
|
|
Zax0mA wrote: | Does IPB actually use a salt? |
For 2.x.x versions yes. |
|
|
|
|
Posted: Mon Jul 13, 2009 7:01 pm |
|
|
Zax0mA |
Beginner |
|
|
Joined: Feb 26, 2008 |
Posts: 3 |
|
|
|
|
|
|
|
"2.3.6 ".
Where in the DB can I find the has for the user?
I exploited another software using the same database via SQLi and got the admin info via
"SELECT id, member_login_key, members_display_name FROM dbname.inv_members WHERE id = 3 "
3 is the id of the admin.
Any suggestions?
Thanks for your help. |
|
|
|
|
|
|
|
|
Posted: Wed Jul 15, 2009 1:32 pm |
|
|
renaker |
Active user |
|
|
Joined: Nov 15, 2008 |
Posts: 27 |
|
|
|
|
|
|
|
In "Invision Power Board <= 2.3.5 Remote SQL Injection Exploit" by waraxe, the hash and salt are retrieved like this:
(php snippets)
hash:
$pattern = 'UNION SELECT 1,1 FROM ' . $prefix . "members_converge WHERE converge_id=$id AND ORD(SUBSTR(converge_pass_hash,$pos,1))";
salt:
$pattern = 'UNION SELECT 1,1 FROM ' . $prefix . "members_converge WHERE converge_id=$id AND ORD(SUBSTR(converge_pass_salt,$pos,1))";
...so in short, they're kept in the members_converge table, the hash field is "converge_pass_hash" and the salt field is "converge_pass_salt" |
|
|
|
|
www.waraxe.us Forum Index -> MD5 hashes
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|