|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 120
Members: 0
Total: 120
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
question about cookie / md5 hash |
|
Posted: Sat Dec 24, 2005 11:37 pm |
|
|
syntax9 |
Active user |
|
|
Joined: Dec 21, 2005 |
Posts: 33 |
|
|
|
|
|
|
|
|
|
|
|
Posted: Wed Dec 28, 2005 11:18 am |
|
|
AtApi |
Beginner |
|
|
Joined: Dec 27, 2005 |
Posts: 1 |
|
|
|
|
|
|
|
I have the same problem... can someone help us?
I think its a different encryption or is a MD5 hash with some salt...
Any hints?
AtApi |
|
|
|
|
Posted: Thu Dec 29, 2005 9:12 am |
|
|
shai-tan |
Valuable expert |
|
|
Joined: Feb 22, 2005 |
Posts: 477 |
|
|
|
|
|
|
|
lmao sounds like a proof of concept. Waraxe Released an SQL injection for phpbb 2.0.6 back in the day that didnt get the full 32 characters of the md5 from the DB... all you had to do was look at tyhe user table structure and rearrange the nulls or 0s to the right columns. Send me the link to the exploit and Ill see what I can do. Bear in mind that Im on holiday.
Shai-tan |
|
_________________ Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
|
|
|
|
Posted: Thu Jan 05, 2006 5:09 am |
|
|
syntax9 |
Active user |
|
|
Joined: Dec 21, 2005 |
Posts: 33 |
|
|
|
|
|
|
|
Here's the new session key format:
The value is the output of the PHP uniqid() function. The prefix is the output of a mersenne twister PRNG.
This value is passed to the client, and the md5() of the clients value is stored in the sessions_keys table. The fact that it's stored in a hashed format means that a read-only database compromise will not allow an attacker to simply replay a value from the database.
If you wish to validate the users cookie, take the users stored value, run it through md5() and then validate that with the value in the database. |
|
|
|
|
Posted: Tue Jan 17, 2006 4:39 pm |
|
|
lld_master |
Regular user |
|
|
Joined: Jan 12, 2006 |
Posts: 12 |
|
|
|
|
|
|
|
alright that explains alot.
Is there a way to convert it to MD5? without access to the DB? |
|
|
|
|
Posted: Tue Jan 17, 2006 5:38 pm |
|
|
syntax9 |
Active user |
|
|
Joined: Dec 21, 2005 |
Posts: 33 |
|
|
|
|
|
|
|
|
|
|
|
Posted: Tue Jan 17, 2006 6:36 pm |
|
|
lld_master |
Regular user |
|
|
Joined: Jan 12, 2006 |
Posts: 12 |
|
|
|
|
|
|
|
no, thats a tool to convert a STRING to MD5...
from wat i see written above it goes likes this:
1-------------------------------------2=============3
USERS ACTUAL PASSWORD => MD5 => this form of the hash
that link poiints to a converstion between 1 and 2, I need a conversion between 2 and 3.
Unless I understood wrong.... |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|