|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 99
Members: 0
Total: 99
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Cookies in newer phpbb versions? |
|
Posted: Wed Jul 12, 2006 10:39 pm |
|
|
na85 |
Regular user |
|
|
Joined: Jul 13, 2006 |
Posts: 13 |
|
|
|
|
|
|
|
Hi all, I'm na85, and I'm new but hoping to learn some skills soon
I recently tried to log in to a phpbb site (recent version, 2.0.19) as another user via the cookie method. After being urldecoded, the cookie looks something like this: 86862982519b45b5b817140.25368421
The string is the right length but obviously md5 hashes can't have .'s in them. I then read somewhere here that you can't get a password hash from the forum's cookie in the later versions. If this is the case, how do the new sites authenticate users? I am currently looking through ethereal output of me logging in to my own site, trying to find a password hash. No dice so far.
Either way, I was going to submit this user's hash to plaintext but they seem to be down. Are there any brute-forcing tools that will crack 8-character passwords that contain upper- and lower-alpha, numeric, and symbols? I was using MDcrack but its charset limit is too small.
thanks for the help
na85 |
|
|
|
|
|
|
|
|
Posted: Thu Jul 13, 2006 8:34 pm |
|
|
Chb |
Valuable expert |
|
|
Joined: Jul 23, 2005 |
Posts: 206 |
Location: Germany |
|
|
|
|
|
|
As far as I know is this value like a session id, which will be compared with the value in the database, if I am right. |
|
|
|
|
Posted: Sat Jul 15, 2006 4:22 pm |
|
|
na85 |
Regular user |
|
|
Joined: Jul 13, 2006 |
Posts: 13 |
|
|
|
|
|
|
|
I believe it's the result of a uniqid() function that combines a user's last IP, last login and SID.
If someone could gather that information, would it be possible to generate the same cookie? |
|
|
|
|
Posted: Wed Sep 06, 2006 4:21 am |
|
|
mainstream |
Regular user |
|
|
Joined: Sep 04, 2006 |
Posts: 18 |
|
|
|
|
|
|
|
post the whole cookie xx the domain |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|