What happened you ask?

Announcements/News

Moderator: Moderators

Message
Author
jbauson
Human
Human
Posts: 20
Joined: 16 Apr 2008, 02:46

Re: What happened you ask?

#31 Post by jbauson »

Bibian wrote: On the old forum, some script kiddie used an old exploit to get the passwords of certain people.
There's no way you can decrypt md5(), BUT if openkore forums edited the way of user registration, login, and forgot password to view the user's password on the phpbb db, that might really problem.

mOriDIN
Noob
Noob
Posts: 1
Joined: 18 Apr 2008, 10:17

Re: What happened you ask?

#32 Post by mOriDIN »

sry about noob Question!

as i understand it, the old forum was compromised. and as a by product the database structure was screwed up.

does that also apply to the openkore manual? is that why it's inaccesible at the moment?

junq
Perl Monk
Perl Monk
Posts: 4
Joined: 07 Apr 2008, 09:53

Re: What happened you ask?

#33 Post by junq »

md5 isn't crypt, md5 is a hash. and you can attack md5 hashes with the use of rainbow tables. on weak passwords it won't take long to break a password hash.

anyways, any information available as to which account got compromised and lead to the problems?

.junq

isieo
Kami-Sama Desu~
Kami-Sama Desu~
Posts: 195
Joined: 04 Apr 2008, 09:24
Noob?: Yes
Location: 31th Dimension
Contact:

Re: What happened you ask?

#34 Post by isieo »

junq wrote:md5 isn't crypt, md5 is a hash. and you can attack md5 hashes with the use of rainbow tables. on weak passwords it won't take long to break a password hash.

anyways, any information available as to which account got compromised and lead to the problems?

.junq
it's junq! =P

mail me with your openkore mail and i'll add you back to the internals :/ security reason...

jbauson
Human
Human
Posts: 20
Joined: 16 Apr 2008, 02:46

Re: What happened you ask?

#35 Post by jbauson »

junq wrote:md5 isn't crypt, md5 is a hash. and you can attack md5 hashes with the use of rainbow tables. on weak passwords it won't take long to break a password hash.

anyways, any information available as to which account got compromised and lead to the problems?

.junq

Yes md5 is a hash and there no way to retrieve the original value of hashed strings that why I used the word "Decrypt".
On the old forum, some script kiddie used an old exploit to get the passwords of certain people.
I think Bibians point is, "its easier for that person who exported the user tables if those information are installed on their private machines(mysql server), so they can bruteforce on it without restrictions.

:)

kali
OpenKore Monk
OpenKore Monk
Posts: 457
Joined: 04 Apr 2008, 10:10

Re: What happened you ask?

#36 Post by kali »

There's no way you can decrypt md5()
Which is precisely junq's point - md5 is not a crypt, but a hash. A crypt is different from a hash - they function differently. Of course you can argue that they can be used for the same applications (e.g. user authentication) but that doesn't make them the same. In other words, do not interchange them.

Besides, the exploiter did not get passwords through bruteforcing the hashes - he used a php bb exploit to piggyback on the login.php page and harvest the passwords of people typing in that form. This is partly the reason why we upgraded to the latest phpbb.
Got your topic trashed by a mod?

Trashing topics is one click, and moving a topic to its proper forum is a lot harder. You expend the least effort in deciding where to post, mods expend the least effort by trashing.

Have a nice day.

junq
Perl Monk
Perl Monk
Posts: 4
Joined: 07 Apr 2008, 09:53

Re: What happened you ask?

#37 Post by junq »

jbauson wrote: Yes md5 is a hash and there no way to retrieve the original value of hashed strings that why I used the word "Decrypt".
Read up here: http://en.wikipedia.org/wiki/Rainbow_tables
IIRC phpbb 2.x didn't use a salt in the hashing of passwords, thus, they can be reversed. But as kali pointed out, the attack vector chosen was different.

ahuks
Noob
Noob
Posts: 10
Joined: 22 Apr 2008, 23:29
Noob?: Yes
Location: Philippines
Contact:

Re: What happened you ask?

#38 Post by ahuks »

i don't know what your talking about i'm noob here.../gg :o
Bang Bang...

kali
OpenKore Monk
OpenKore Monk
Posts: 457
Joined: 04 Apr 2008, 10:10

Re: What happened you ask?

#39 Post by kali »

BTW, why is junq still not given an admin status?

junq, if you have an openkore.com email I suggest you email isieo so we can verify who you are and give you back admin access.

Oh, and from my cursory inspection of the server logs the day the forum was exploited, I did see that most of the accounts that the exploiter was targetting were the admin accounts. So if there was one admin here who was also an admin in sf.net, and had the same passwords to both websites, his was probably the account that was used to delete the project from sf.
Got your topic trashed by a mod?

Trashing topics is one click, and moving a topic to its proper forum is a lot harder. You expend the least effort in deciding where to post, mods expend the least effort by trashing.

Have a nice day.

Roxas
Noob
Noob
Posts: 13
Joined: 06 May 2008, 02:53
Noob?: No
Location: No man's land

Re: What happened you ask?

#40 Post by Roxas »

Bibian, can u pls give us a link to the new manual??
Image

Post Reply