Waraxe IT Security Portal
Login or Register
November 23, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 65
Members: 0
Total: 65
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Newbies corner -> The Ultimate N00B Question
Post new topicReply to topic View previous topic :: View next topic
The Ultimate N00B Question
PostPosted: Sun Jul 01, 2007 2:56 pm Reply with quote
funtime
Regular user
Regular user
Joined: Jul 01, 2007
Posts: 5




Very Happy Pretty simple question I want to know if any of you know of any scripts (forums and guestbooks are a plus)

THAT DO NOT HASH THE PASSWORDS

My friend told me there is some mod for phpbb that changes it to it doesn't do md5 anymore and the passwords are raw.

That means you can look them up in the database without having to waste your time with md5 cracking sites.

Anyone know of anything? I have been looking around and no luck. Hope someone can help me out!

Cool
View user's profile Send private message
Re: The Ultimate N00B Question
PostPosted: Sun Jul 01, 2007 4:19 pm Reply with quote
ToXiC
Moderator
Moderator
Joined: Dec 01, 2004
Posts: 181
Location: Cyprus




funtime wrote:
Very Happy Pretty simple question I want to know if any of you know of any scripts (forums and guestbooks are a plus)

THAT DO NOT HASH THE PASSWORDS

My friend told me there is some mod for phpbb that changes it to it doesn't do md5 anymore and the passwords are raw.

That means you can look them up in the database without having to waste your time with md5 cracking sites.

Anyone know of anything? I have been looking around and no luck. Hope someone can help me out!

Cool



what exactly you want to do .. ? change the password to be stored in plaintext instead of using md5 fundtion ? ..or retrieve the all the md5 passwords in plain text ?

At first case this can be done by changing the appropriate insert/select statements of phpnuke so that they dont use md5 to check/insert into the databse.. which i dont know if exists any module that does that ..

at second case : is impossible to retrive all passwors of a database . You can only try to crack them with various ways ..

_________________
who|grep -i blonde|talk; cd~;wine;talk;touch;unzip;touch; strip;gasp;finger;gasp;mount; fsck; more; yes; gasp; umount; make clean; sleep;wakeup;goto http://www.md5this.com
View user's profile Send private message Visit poster's website MSN Messenger
PostPosted: Sun Jul 01, 2007 5:43 pm Reply with quote
funtime
Regular user
Regular user
Joined: Jul 01, 2007
Posts: 5




Sad let me explain better there is a lot of scripts out there and not everyone has their passwords convert to md5. some go into a flatfile or your sql database just as plain text and that's want i'm looking for. why waste your time TRYING to convert passwords when you could use a script made (forum or a guestbook which requires member to register) and get all the passwords from the database or flatfile with no effort. do you see what i mean? if you are thinking this is not true then you are wrong because i got a script from trendy website creator (yep everyone who wants to get peoples password go hunt it down i'm telling you a secret lol). it shows you the passwords of your members accounts. BUT ITS NOT A FORUM it's a automatic website creation tool for your members (customers).

so here is the question again does anyone know of any script that will show the owner (cause it will be put on a host i own so i have total control over it and any data it records) the passwords set by the user of every account made on that forum or guestbook?

OR BETTER YET know how to remove the md5 code in the "registered new user" and explain how to set it so it INSTEAD adds plain text for the password then bthe md5 crap.

OK this changed from asimple newbie question to a better put on the thinking cap lol.

As i am asking you this question i am looking onlinefor scripts (from really cheap poorly made companies) and hoping iget lucky. if i find anything i will share with all of you. but if you know anything that can help please share your info with me i could use any help you have to offer.


(i found this siimple forum script called chipmonk forum and here is the link)
http://www.chipmunk-scripts.com/page.php?ID=8

i wonder is anyone can tell me how to alter the reguser.php so it inserts the users password as plain text. looks a lot less crazy then phpbb or even smf.

I tried just copy the code for how it enters the info into the sql for name and that didnt work.

Sad
View user's profile Send private message
PostPosted: Sun Jul 01, 2007 10:35 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




You can make additional table "phpbb_plaintext" and add 1-2 lines new code, which will in case of new user registration insert md5 to old table AND plaintext password to new table. Better yet - in phpmyadmin just copy the old users table (structure only) and then use original sql clause form source code with little modification (password instead md5).
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Mon Jul 02, 2007 3:09 am Reply with quote
funtime
Regular user
Regular user
Joined: Jul 01, 2007
Posts: 5




WOW Waraxe you are a god ok now comes the big super question can YOU please help me with this? Is there anyway I can ask you to either show me a tutor that is out there or what the code that I supposed to add looks like? I'm great at adding mods to boards but not a pro at php and sql but I am a FAST learner! the chipmonk board I posted the link for is perfect if you can show me something for that or even phpbb or hell ANY board I am not picky anything will do. I'm happy enough JUST to get a answer from someone who knows what I am asking about! Again thank you for answering my question. I hope you can help me by making a tutor or even a premade file or anything so I can get this uploaded and get it going.

Very Happy
View user's profile Send private message
PostPosted: Mon Jul 02, 2007 3:24 am Reply with quote
funtime
Regular user
Regular user
Joined: Jul 01, 2007
Posts: 5




OK messing around with it this is what is happening

I changed the md5 (which is in ONLY 2 files reguser.php in the root of the chipmonk forum folder and one in the admin folder called reguser.php)

and I Changed it to password
(so it said this before)
if ($password==$pass2 && $_POST['password'])
{
$password=md5($password);

and now it says

if ($password==$pass2 && $_POST['password'])
{
$password=password($password);


Also I added a copy of the table users and called it users2 but i'm kinda stuck how do I alter it so it will make a copy to that table can you help? Can anyone help?

When I did the password instead of md5 I got this error

Fatal error: Call to undefined function: password() in /public_html/monk/reguser.php on line 72


I'm Soooooooooo close I can taste it!


P.S. I am using this as my forum so that way everyone knows what I am messing with.

http://www.chipmunk-scripts.com/page.php?ID=8

If anyone knows how to do this or has it done allready with another board style (invision,phpbb,smf) I will gladly try what you got but I am only doing this one since its really small and easy to understand.
View user's profile Send private message
PostPosted: Mon Jul 02, 2007 5:12 am Reply with quote
pexli
Valuable expert
Valuable expert
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




Some idea to think.

Code is delete by me Laughing Laughing


Last edited by pexli on Tue Jul 03, 2007 6:06 am; edited 1 time in total
View user's profile Send private message
PostPosted: Mon Jul 02, 2007 1:47 pm Reply with quote
funtime
Regular user
Regular user
Joined: Jul 01, 2007
Posts: 5




WOW! this is what I am looking for!

*****UPDATE******
WOW THAT TOTALLY WORKS! That is the neatest shit I have ever seen in my life the person who made that is a freaking god! I'm freaking OUT! it's so awesome!!! OK like I said I will uploaded this and if the link dies just pm me on this board and I will reupload.
*****UPDATE******



If anyone has anything like this for any ANOTHER forum / board / script please post it cause that would really be awesome! I will upload this vb script (precracked and ready to go) when I got it working just as a thanks for everyone helping me out on this. Again I want to say thank you to EVERYONE who has posted on my thread. You guys are really pretty awesome here so thanks a lot!.
View user's profile Send private message
The Ultimate N00B Question
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.047 Seconds