Waraxe IT Security Portal
Login or Register
December 23, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 91
Members: 0
Total: 91
Full disclosure
CyberDanube Security Research 20241219-0 | Authenticated Remote Code Execution in Ewon Flexy 205
Stored XSS with Filter Bypass - blogenginev3.3.8
[SYSS-2024-085]: Broadcom CA Client Automation - Improper Privilege Management (CWE-269)
[KIS-2024-07] GFI Kerio Control <= 9.4.5 Multiple HTTP Response Splitting Vulnerabilities
RansomLordNG - anti-ransomware exploit tool
APPLE-SA-12-11-2024-9 Safari 18.2
APPLE-SA-12-11-2024-8 visionOS 2.2
APPLE-SA-12-11-2024-7 tvOS 18.2
APPLE-SA-12-11-2024-6 watchOS 11.2
APPLE-SA-12-11-2024-5 macOS Ventura 13.7.2
APPLE-SA-12-11-2024-4 macOS Sonoma 14.7.2
APPLE-SA-12-11-2024-3 macOS Sequoia 15.2
APPLE-SA-12-11-2024-2 iPadOS 17.7.3
APPLE-SA-12-11-2024-1 iOS 18.2 and iPadOS 18.2
SEC Consult SA-20241211-0 :: Reflected Cross-Site Scripting in Numerix License Server Administration System Login
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> phpBB 2.0.22 database too big?
Post new topicReply to topic View previous topic :: View next topic
phpBB 2.0.22 database too big?
PostPosted: Tue Apr 22, 2008 7:47 pm Reply with quote
revulsion
Beginner
Beginner
Joined: Apr 22, 2008
Posts: 4




Hello,

I just encountered the most damned problem, after a horrible time getting access, I finally managed to get a moderator (possibly admin? dunno?) who has the rights to backup the database. Hooray I thought..

The forum in question has around 10k users and 40k posts, and I started happily downloading their full database at an easy 1meg/sec. 80 meg later ffox siezes up and the download times out .. I try again, this time using the gzip option, however when extracting in winrar I get that the archive is damaged..

I opened up the 80meg that I managed to download before the timeout, and sadly the users table isn't amongst it.. I just got basically 425,000 lines of forumposts and random crap, plus ~400,000 lines of search_wordlist.

So.. basically I need to exact a single table (or perhaps delete the wordlist ones via controlpanel? possible?).. Any suggestions? I've googled around some and it seems that this is a common problem, however most remedies include using phpmyadmin, something which I can't really do since I only (so far) have access to the admin cp.
View user's profile Send private message
PostPosted: Tue Apr 22, 2008 10:38 pm Reply with quote
revulsion
Beginner
Beginner
Joined: Apr 22, 2008
Posts: 4




A little appendix to my previous post, it seems that EasyMod might be used as an alternative entrypoint? The data I managed to extract included the EM password, md5 encrypted.

(edit; found hash) 1a353063dbd2da7ba471849c35f90886 .. Any help decrypting it appreciated, I'll run my computers trying to do it during the night.

Does anyone have any previous experience with what you can do with EasyMod? Is it a viable method of extracting the remaining database?

Also, if I would to remove the ~40k posts from the forum, it's quite logical that both the wordlist_search tables would empty themselves as well as the massive lines of forumposts that make up the database?

(Sorry, bit of a spammer Smile)


Last edited by revulsion on Wed Apr 23, 2008 6:22 am; edited 1 time in total
View user's profile Send private message
PostPosted: Tue Apr 22, 2008 10:46 pm Reply with quote
gibbocool
Advanced user
Advanced user
Joined: Jan 22, 2008
Posts: 208




Yep if u get rid of the posts the database size will be much smaller Wink Of course this will quickly alert other admins that something is wrong.
Good work so far mate.. may i ask how you got into phpbb 2.0.22?

_________________
http://www.gibbocool.com
View user's profile Send private message Visit poster's website
PostPosted: Tue Apr 22, 2008 10:55 pm Reply with quote
revulsion
Beginner
Beginner
Joined: Apr 22, 2008
Posts: 4




gibbocool wrote:
Yep if u get rid of the posts the database size will be much smaller ;) Of course this will quickly alert other admins that something is wrong.
Good work so far mate.. may i ask how you got into phpbb 2.0.22?


Yeah that'll be my last resort then I guess, not really my intention to mess up their entire board either, though it's nearly their own fault if they don't backup :). Afraid me getting into the board wasn't too advanced, a large ISP where I live got hacked the other day, and their database was released. I had a database from five years back which I crosschecked with the new one.. Then I picked out the relevant stuff that I wanted (some specific accounts), found 10ish that matched what I wanted. Then on one of those I noticed he had a "you have a new reply" message on some forum, checked it and noticed he had userid #2 ..

Soon afterwards I noticed it was a pretty nice find since the forum was huge.. so, yeah, not exactly repeatable I'm afraid. Huuuuge luck factor other than this snag in the end.
View user's profile Send private message
PostPosted: Wed Apr 23, 2008 10:28 am Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Plaintext of 1a353063dbd2da7ba471849c35f90886 is torefors

Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Sun Oct 05, 2008 10:26 pm Reply with quote
kasykisgalva
Beginner
Beginner
Joined: Oct 06, 2008
Posts: 2




revulsion,
may you tell me which forum did u hack?

you can send me a pm Smile
View user's profile Send private message
PostPosted: Mon Oct 06, 2008 9:10 pm Reply with quote
lenny
Valuable expert
Valuable expert
Joined: May 15, 2008
Posts: 275




kasykisgalva:
1) Use correct grammar. Its "will you" not "may you"
2) You only want the URL so you can "hack" it using the cracked hash.

Sorry if that sounds blunt, but its got to be said.
View user's profile Send private message
phpBB 2.0.22 database too big?
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.047 Seconds