 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
phpBB 2.0.22 database too big? |
 |
 Posted: Tue Apr 22, 2008 7:47 pm |
 |
|
| revulsion |
| Beginner |
 |
|
| Joined: Apr 22, 2008 |
| Posts: 4 |
|
|
|
 |
|
 |
|
Hello,
I just encountered the most damned problem, after a horrible time getting access, I finally managed to get a moderator (possibly admin? dunno?) who has the rights to backup the database. Hooray I thought..
The forum in question has around 10k users and 40k posts, and I started happily downloading their full database at an easy 1meg/sec. 80 meg later ffox siezes up and the download times out .. I try again, this time using the gzip option, however when extracting in winrar I get that the archive is damaged..
I opened up the 80meg that I managed to download before the timeout, and sadly the users table isn't amongst it.. I just got basically 425,000 lines of forumposts and random crap, plus ~400,000 lines of search_wordlist.
So.. basically I need to exact a single table (or perhaps delete the wordlist ones via controlpanel? possible?).. Any suggestions? I've googled around some and it seems that this is a common problem, however most remedies include using phpmyadmin, something which I can't really do since I only (so far) have access to the admin cp. |
|
|
|
|
|
|
|
|
| Posted: Tue Apr 22, 2008 10:38 pm |
|
|
| revulsion |
| Beginner |
|
|
| Joined: Apr 22, 2008 |
| Posts: 4 |
|
|
|
|
|
|
|
A little appendix to my previous post, it seems that EasyMod might be used as an alternative entrypoint? The data I managed to extract included the EM password, md5 encrypted.
(edit; found hash) 1a353063dbd2da7ba471849c35f90886 .. Any help decrypting it appreciated, I'll run my computers trying to do it during the night.
Does anyone have any previous experience with what you can do with EasyMod? Is it a viable method of extracting the remaining database?
Also, if I would to remove the ~40k posts from the forum, it's quite logical that both the wordlist_search tables would empty themselves as well as the massive lines of forumposts that make up the database?
(Sorry, bit of a spammer  ) |
|
Last edited by revulsion on Wed Apr 23, 2008 6:22 am; edited 1 time in total |
|
|
|
|
|
|
|
| Posted: Tue Apr 22, 2008 10:46 pm |
|
|
| gibbocool |
| Advanced user |
 |
|
| Joined: Jan 22, 2008 |
| Posts: 208 |
|
|
|
|
|
|
|
Yep if u get rid of the posts the database size will be much smaller  Of course this will quickly alert other admins that something is wrong.
Good work so far mate.. may i ask how you got into phpbb 2.0.22? |
|
|
|
|
|
|
|
|
| Posted: Tue Apr 22, 2008 10:55 pm |
|
|
| revulsion |
| Beginner |
|
|
| Joined: Apr 22, 2008 |
| Posts: 4 |
|
|
|
|
|
|
|
| gibbocool wrote: | Yep if u get rid of the posts the database size will be much smaller ;) Of course this will quickly alert other admins that something is wrong.
Good work so far mate.. may i ask how you got into phpbb 2.0.22? |
Yeah that'll be my last resort then I guess, not really my intention to mess up their entire board either, though it's nearly their own fault if they don't backup :). Afraid me getting into the board wasn't too advanced, a large ISP where I live got hacked the other day, and their database was released. I had a database from five years back which I crosschecked with the new one.. Then I picked out the relevant stuff that I wanted (some specific accounts), found 10ish that matched what I wanted. Then on one of those I noticed he had a "you have a new reply" message on some forum, checked it and noticed he had userid #2 ..
Soon afterwards I noticed it was a pretty nice find since the forum was huge.. so, yeah, not exactly repeatable I'm afraid. Huuuuge luck factor other than this snag in the end. |
|
|
|
|
|
|
|
|
| Posted: Wed Apr 23, 2008 10:28 am |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
Plaintext of 1a353063dbd2da7ba471849c35f90886 is torefors
|
|
|
|
|
| Posted: Sun Oct 05, 2008 10:26 pm |
|
|
| kasykisgalva |
| Beginner |
|
|
| Joined: Oct 06, 2008 |
| Posts: 2 |
|
|
|
|
|
|
|
revulsion,
may you tell me which forum did u hack?
you can send me a pm |
|
|
|
|
| Posted: Mon Oct 06, 2008 9:10 pm |
|
|
| lenny |
| Valuable expert |
 |
|
| Joined: May 15, 2008 |
| Posts: 275 |
|
|
|
|
|
|
|
kasykisgalva:
1) Use correct grammar. Its "will you" not "may you"
2) You only want the URL so you can "hack" it using the cracked hash.
Sorry if that sounds blunt, but its got to be said. |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 75
Members: 0
Total: 75
