Announcement

Collapse
No announcement yet.

vbportal?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Actually, as far as I know, there are no means of dehashing a vBulletin password, unless possibly if you have access to some supercomputers...
    Best Regards
    Colin Frei

    Please don't contact me per PM.

    Comment


    • #17
      Originally posted by Dean C View Post
      Okay than Ixian, you bruteforce a twice md5 encrypted password with a salt and get back to me when you've cracked it...
      The passwords are not interesting. They can get any data from the server if they have access. This includes the files that the customer might have access to.

      What's more interesting to them are the email addresses and other customer details -> enough spam companies are interested in buying those.


      And to just confirm to everybody else: yes, this was a real hack - not a hoax

      Comment


      • #18
        Originally posted by Colin F View Post
        Actually, as far as I know, there are no means of dehashing a vBulletin password, unless possibly if you have access to some supercomputers...
        Nope, can't be done, hence the whole point of a hash over an encryption.
        I wrote ImpEx.

        Blog | Me

        Comment


        • #19
          Originally posted by Jerry View Post
          Nope, can't be done, hence the whole point of a hash over an encryption.
          Yes, but with enough strong enough computers, you might be able to generate big enough rainbow tables to find the correct original value.
          Of course, 35 symbol strings would take quite a while
          Best Regards
          Colin Frei

          Please don't contact me per PM.

          Comment


          • #20
            If you have those resources to your availability you won't be a little hacker from some weird country spending time on the internet writing l337 and hacking small sites lik vbportal.

            Comment


            • #21
              Don't be to sure about that.

              If they have access to the database, they also have access to the salt. It would still require major computer power to break 1 single password (and multiply that by the number of memebrs if you want all passwords), but there are more ways into getting a lot of computer power then only access to some Super Computers.

              Many simple somputers (like PC's) can be used to each do part of the calculation, thus forming a network computer that could do the job (still would need considerable time). For those who have heard of [email protected] the concept is familiar. I have once ran such a group (not seti but a differnt algo project) myself using ~50.000 PC's around the world (with the users knowledge!).

              A lot of hackers have control over large number od ghost computers (infected by a virus or trojan without the user knowing it) so it could be done.

              It is still very unlikely that they will be able to retrieve passwords, but the advice to change is always a good one.
              Last edited by Marco van Herwaarden; Wed 26th Jul '06, 11:22am.
              Want to take your board beyond the standard vBulletin features?
              Visit the official Member to Member support site for vBulletin Modifications: www.vbulletin.org

              Comment


              • #22
                Originally posted by Colin F View Post
                Yes, but with enough strong enough computers, you might be able to generate big enough rainbow tables to find the correct original value.
                Of course, 35 symbol strings would take quite a while
                I think you're arguing semantics.

                Dehashing (decrypting) vs hash collision. Finding a collision (any string that generates the same hash as the original) is the hash equivalent to decrypting.

                Comment


                • #23
                  You may be able to find a hit on the same md5 string, though not by getting the original password, just another source that gives the correct md5 string target, its not getting the password.
                  I wrote ImpEx.

                  Blog | Me

                  Comment


                  • #24
                    We regret to say yes vbPortal has been hacked this morning using a PHP passthru() hack, we are down and our user table has most likely been compromised. Although it's most likely not prosible to get your passwords I would change them anywhere else you might use them.

                    Were working very hard to resolve this issue and will let you know when we have found out how they got access to the server and have it fixed.

                    I can't add anything right now.

                    Comment


                    • #25
                      Is it true that this group contacted vbPortal admins regarding the security hole and nothing was done to cover it up? If so, I'd highly recommened not using this software anymore.... (not using the portal software, vBulletin is secure as long as you're using an official release from vb)
                      Steve
                      CreedFeed - Feed Your Need!
                      http://www.creedfeed.com

                      Comment


                      • #26
                        No thats not true, they contacted us with a $20,000 Extortion ploy, we have been working none stop along with our host liquidweb to find the hack. It looks like it may have been contained in a uploaded imqage. It's doubful it's a vbportal exploit.

                        Comment


                        • #27
                          Here is a copy of what we recieved. Obviously he thought we were like vBulletin, we don't charge $160 and we sure don't have 22,877 paid users.



                          Dear Sir/Madam

                          This is with regret to let you know, that we have tracked a new security issue (hole) at VBProtal, that lets hackers to get a great shell from the remote server, as a results we have attached a copy of your passwd file contents and your config file in addition let me remind you that we have a copy of your database, as a witness let me remind you that you have 22,877 users.
                          So, this dangerous hole can harm your reputation, and decrease the number of your users, perhaps if we do publish your database, perhaps not, even we can put it in a Bid, Like e-bay. And about the security hole, it can be useful for those hackers who are thirsty for Mass-Hack. At last there should be the turn of your own server, although it is a great server, but the survival depends on you action on our request.
                          As we both well know, you have made a great profit by selling licenses :
                          For example:
                          22,877 x 160 $ = 3,660,320 $
                          (Members) x (Lic. Price) = Your Profit

                          You see, you are rich, So we can make a deal, 20,000 $ for :
                          1) letting you know about the hole and its fix,
                          2) Stopping us from publishing your database of members at www.rapidshare.de
                          3) Stopping us from publishing the bug to other Hackers including how to use.
                          4) Saving your server from a complete down time

                          So, if you are interested in making a deal reply us with good news, and we let you know about our payment details on e-gold.
                          then, your 48 hrs is just started from 15:51 Eastern Time.
                          We look forward to hearing about Funds.
                          This is the last email.

                          Yes today vbportal.com and phpportals.com were hacked
                          did you enjoy?
                          also i must be tell it to you i have sent e-mail to all of your members and i sent the defacement page.
                          N3X7 target and next defacement is for vbulletin company
                          just imagin vbull is hacked .com .net .org ...........

                          look at this:
                          http://www.zone-h.org/index2.php?opt...=45&id=4398696

                          take care my friends.


                          Best Regadrs
                          Seems we were just practice!!
                          Last edited by wajones; Wed 26th Jul '06, 1:42pm.

                          Comment


                          • #28
                            What a bunch of retards, extortion is sad.

                            Comment


                            • #29
                              What is really sad is that it seems it may be a PHP bug causing it, we have since disabled phpsuexec, the php passthru() funtion and set the passthur setting to 1 in php.ini

                              This is the email from our host, hopefully it will help others from getting hit. ???
                              Hello,

                              It shouldnt be a problem with your script, it is just a problem with using
                              that script and having phpsuexec on. Typically this should be disable and the
                              passthru setting should be set to 1 in the php.ini.

                              - Show quoted text -


                              Comment


                              • #30
                                As wife of one of VB Portals developers i would like you all to know that no one is sticking their heads in the sand, I watch hours turn into days with him either coding,answering messages of looking at log files and not to mention the having a heart attack over this portal but still there he is trying to find the source of this and make it secure etc... I think you should all be less judgmental or see if your anymore capable.
                                vbPortal Developer

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                X