Announcement

Collapse
No announcement yet.

Help me

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Help me

    Ok i remember reading on here, i think it was here, that a guy thought two members were the same person posting twice on two accounts, well he had a script he ran to see if the passwords were the same, it doesnt tell the password it just tests negative or positive for a identical match. Does anyone here have something like that , i need it really really bad
    Rebel Designs Studios

  • #2
    with a stock vb3, it is not possible.

    Comment


    • #3
      I dont remember seeing a hack for it. But a question..couldn't you run an ip search to see if 2 members are using the same ip? I would think that would be more telling than passwords.

      Comment


      • #4
        Why don't you use a query?

        SELECT username FROM user WHERE password = 'insert_md5_here';

        That should work
        That's the end of that!

        Comment


        • #5
          Originally posted by MrNase
          Why don't you use a query?

          SELECT username FROM user WHERE password = 'insert_md5_here';

          That should work
          Not when the salts differ

          Comment


          • #6
            Do the salts differ? I thought there are always the same because they use the Customer Number
            That's the end of that!

            Comment


            • #7
              will that work

              SELECT username FROM user WHERE password = 'insert_md5_here';
              Rebel Designs Studios

              Comment


              • #8
                the salt differs between users so user X who uses the same password between board Y and board Z doesn't have the same password stored in the database. The password sent to the user just happens to have the customer number used in a second hash so the password in db != password stored in cookie.

                Meaning for leet hax0r ΓΈ obtains your password from a cookie he can login as you thats about it no password/email changing or logging in the admincp as that requires the original md5 password.

                If he gets it from the database he can't login as you as he needs the customer number to produce the hash, but if he gets that he can again login as you to post but can't get in to admincp or change your password / email.

                Before if the h4x0r got your md5 password then he could use a md5 cracker and if he broke it he could do bad stuff.

                So the various encryption methods prevent serious damage from occuring.
                Scott MacVicar

                My Blog | Twitter

                Comment


                • #9
                  ok, well i found that thread i was talking about it was on TAZ, http://www.theadminzone.com/forums/s...ead.php?t=2537
                  Rebel Designs Studios

                  Comment

                  Loading...
                  Working...
                  X