Waraxe IT Security Portal

balafou · Beginner

I've been using SQL injections and cross-site-scripting methods to obtain md5 hashes in IPB, PHPBB and VBulletin forums for quite a long and i was able to crack 80% of those hashes successfully. Until now.]

Today i prepared a script to get a bunch of MD5's (well, i thought) in an IPB forum and while testing it on me (using my cookie) i noticed that the MD5 hash didn't look like the one i remembered my password giving. I started searching in the net and....

Things seem to have been hardened now. IPB forums use randomly salted MD5 hashes, and others will follow very soon i think.

Invision Power Board stores the password in the "ibf_members_converge" table in the following format:

converge_pass_hash = md5( md5( converge_pass_salt ) . md5( plain_text_password ) );

The password salt (converge_pass_salt) is a random 5 character string generated from the "ips_kernel/class_converge.php" module. It can include any character except the backslash character.

Is this the end of CSS and SQL Injection in forums?

Heintz · Valuable expert

In many cases you do not have to know whats in the hash, its
enought you have it, and you can pretend to be someone else.
sql injection is more wider subject since there might be vulnearabilities in sql server itself, and there might be other valuable data in database other than password hashes. xss has also much wider use range than simple cookie stealing , user might be tricked into doing something, like, deleting user, or grant administrator privileges if GET is used, or buy something or even attack another site.. with careful research and planning, many possibilities.

i don't know about particular software you are talking about but, i think methods themselves are not subject to get lost in near time.

y3dips · Valuable expert

ive allready get md5 hash from ibf_members > legacy_password
n the hash is work fine, coz with rainbow i could crack it

i dont know about the version , but i tell you it was from a big forum Smile

unnamed · Beginner

can any1 see if they can crack this password(its from the members converge on invision):

converge_pass_hash converge_pass_salt
c60c3941ba6d338d044b0f9675bd048a a6`HK

Shadow · Regular user

I dont think xss or sql injection exploits will stop. They will just evolve as the software does. Just think how many ppl mod their cms or forum many of whom no not what they doing there by opening new exploits. There are alot of smart ppl out there someone will find a way around it be it crack it or use it. Exploits wont stop as long as their are sloppy programmers or lazy ppl that dont update i call them install and forget ppl. eg: I just found a site still running php-nuke 7.2 unpatched + they have 5 sub domains using the same ver. I have emailed them twice with their admin passes and it still remains unpatched 2 months later! I think I might change their site so they get the messege maybe publicly display their passes on the index page.

I think this 1 liner is due here

Heintz · Valuable expert

i think the problem relies in "non-trained" people coding/practising and just not being aware about sql injections or other abusive ways to make use of the script, while thei're making their softwares v 1.0, and later are just too lazy to rewrite the whole code with good design and improved skills.

anyways "randomly salted" means that the salt *is* random. the salt is stored with the hash, so there is no need to make a salt from the password itself. salt is readed and concenated with password, before the digesting is done.

helloworld · Beginner

I have a md5-hashes, but I can't decipher.

4B3DD5CF0F25CC1F9D0E81B82DE53EAD
000706FD8817D156C426D1DB428338C2

Help me please and send result on localhost127@fastmail.fm . Thankful in advance.