bros Posted January 9, 2010 Author Report Share Posted January 9, 2010 vB works wonderfully. I dislike vB, it's too.... bulky and web 2.0y Quote Link to comment Share on other sites More sharing options...
memoryproblems Posted January 9, 2010 Report Share Posted January 9, 2010 (edited) Invision Power Board with security holes? Who would have thought it. Really, this is another edge that phpbb3 has, it is impossible to retreive a lost phpbb3 password, and the only way to screw it up/hack accounts in that manner is if you have access to modify the database. I guess if your willing to pay $150 for an inferior software with security issues, good for you. Edited January 9, 2010 by memoryproblems Quote Link to comment Share on other sites More sharing options...
bros Posted January 10, 2010 Author Report Share Posted January 10, 2010 Invision Power Board with security holes? Who would have thought it.Really, this is another edge that phpbb3 has, it is impossible to retreive a lost phpbb3 password, and the only way to screw it up/hack accounts in that manner is if you have access to modify the database. I guess if your willing to pay $150 for an inferior software with security issues, good for you. psssst all use MD5 salted hashes. Not sure about IPB. I think 2.x.x might use SHA-1 that's salted. SMF and phpbb used MD5 salted hashes though Quote Link to comment Share on other sites More sharing options...
hizzy Posted January 10, 2010 Report Share Posted January 10, 2010 i use google chrome Quote Link to comment Share on other sites More sharing options...
Caesar833 Posted January 10, 2010 Report Share Posted January 10, 2010 Does this include really old invisionfree boards? If so how do i check the version? Quote Link to comment Share on other sites More sharing options...
Brenann Posted January 10, 2010 Report Share Posted January 10, 2010 IPB 3.0.5 is good. Safe and sexy forums... I hope bros has lots of fun with whoever the idiot is that thought hacking forums was a good idea. Quote Link to comment Share on other sites More sharing options...
bros Posted January 10, 2010 Author Report Share Posted January 10, 2010 i use google chrome chrome ftw Safe and sexy forums...I hope bros has lots of fun with whoever the idiot is that thought hacking forums was a good idea. It is rather fun. I'm going to talk about it on CN Radio. Quote Link to comment Share on other sites More sharing options...
Little Fame Monster Posted January 10, 2010 Report Share Posted January 10, 2010 [...] convert to SMF. Although I love SMF... in some ways I absolutely hate it too. It's very simplistic, which I love, but sometimes this "simplicity" also makes things so much harder. For the love of God, use PHPBB. You'll thank me later. Quote Link to comment Share on other sites More sharing options...
bros Posted January 10, 2010 Author Report Share Posted January 10, 2010 Although I love SMF... in some ways I absolutely hate it too. It's very simplistic, which I love, but sometimes this "simplicity" also makes things so much harder. For the love of God, use PHPBB. You'll thank me later. Mods make it better Quote Link to comment Share on other sites More sharing options...
Tushar Dhoot Posted January 10, 2010 Report Share Posted January 10, 2010 (edited) If someone has gotten into a forum on CN using a specific exploit on a specific type of forum software, then it would /probably/ be a good idea to not be on that, right? Yea, but it'd /probably/ not be a good idea to upgrade to an even less secure version. Especially one with perl exploits, and a rather similar php password exploit. psssstall use MD5 salted hashes. Not sure about IPB. I think 2.x.x might use SHA-1 that's salted. SMF and phpbb used MD5 salted hashes though IPB 2.x.x is MD5 hashed with optional salts. Edited January 10, 2010 by Tushar Dhoot Quote Link to comment Share on other sites More sharing options...
Little Fame Monster Posted January 10, 2010 Report Share Posted January 10, 2010 Mods make it better SMF mods are easy to install. I'll give you that. Still... good mods that are compatible are hard to find. Quote Link to comment Share on other sites More sharing options...
Penkala Posted January 10, 2010 Report Share Posted January 10, 2010 i use google chrome Let me guess, you're impersonating Nelchael? Quote Link to comment Share on other sites More sharing options...
bros Posted January 10, 2010 Author Report Share Posted January 10, 2010 Yea, but it'd /probably/ not be a good idea to upgrade to an even less secure version. Especially one with perl exploits, and a rather similar php password exploit.IPB 2.x.x is MD5 hashed with optional salts. Ahhh. Well still, you can cracked the hashes as long as you have the salts and a good rainbow table SMF mods are easy to install. I'll give you that. Still... good mods that are compatible are hard to find. ...what? O_o Just look at the SMF site, there are a whole bunch for SMF 2 or SMF 1. More for 1.1.x than 2.x though Quote Link to comment Share on other sites More sharing options...
bros Posted January 10, 2010 Author Report Share Posted January 10, 2010 Oh, and guys: INVISIONFREE IS NOT INVISION POWER BOARD Quote Link to comment Share on other sites More sharing options...
Vasuda Posted January 11, 2010 Report Share Posted January 11, 2010 (edited) phpBB forever! Edited January 11, 2010 by Vasuda Quote Link to comment Share on other sites More sharing options...
lonewolfe2015 Posted January 11, 2010 Report Share Posted January 11, 2010 To be fair, IPB has no competition if you'll pay for it. There is a mod in development that will allow an automatic installation of applications rather than using the cpanel. It's also purty and more user friendly... I've used the most recently SMF and IPB versions in case anyone was curious, still would pick IPB every time. A good note to remember though for people - Use a different CN forums password than you use for your alliance passwords and use an entirely separate diplomating password. Needless to say irc and your CN nation could be separate as well... 5 passwords ain't hard to remember. Quote Link to comment Share on other sites More sharing options...
Schattenmann Posted January 16, 2010 Report Share Posted January 16, 2010 It is rather fun. I'm going to talk about it on CN Radio. I missed it. Return of DarkFoxDemon? Who's the evil villain? Quote Link to comment Share on other sites More sharing options...
bros Posted January 22, 2010 Author Report Share Posted January 22, 2010 So, uh, my other topic got deleted. So i'll bump this one. Someone did this on some forums Quote Link to comment Share on other sites More sharing options...
Lord of the Port Posted January 22, 2010 Report Share Posted January 22, 2010 Ahhh. Well still, you can cracked the hashes as long as you have the salts and a good rainbow table Bad passwords can always be hacked. As far as I know, all 2.3.x versions of IPB have salted MD5 passwords. Even with the full table (salts and the salted password) there is no reliable method of re-calculating the original hash of the original password. The password is constructed as following: md5(md5(password).md5(salt)) . You have the salt, so you have the md5 salt. You have the final hash. However, you do not have the md5 hash of the password. This means you not only have to find a collision that exactly matches the original password-hash, but then you also have to find a collision that is small enough to be entered into the password field. Here they describe how they constructed a single MD5 collision for a Certification Authority. Let's, for simplicity sake, assume it is the same kind of calculation. It took 200 Playstation 3's 18 hours to construct a collision. This means, at best, with the right results immediately at the start, you would need 36 hours and 200 Playstation 3's to break a password from a hashed salted password, even with all the data available. Playstation 3 cluster The chances of the average alliance here owning 200 Playstation 3's, configured to run parallel, are next to zero. The mentioned 18 hours time come from the only collision construction I am aware off, and is incompatible with the type of calculation needed to construct two hashes that are small enough to be used. In short: if your password table uses hashes, you are safe. Quote Link to comment Share on other sites More sharing options...
bros Posted January 22, 2010 Author Report Share Posted January 22, 2010 Bad passwords can always be hacked. As far as I know, all 2.3.x versions of IPB have salted MD5 passwords.Even with the full table (salts and the salted password) there is no reliable method of re-calculating the original hash of the original password. The password is constructed as following: md5(md5(password).md5(salt)) . You have the salt, so you have the md5 salt. You have the final hash. However, you do not have the md5 hash of the password. This means you not only have to find a collision that exactly matches the original password-hash, but then you also have to find a collision that is small enough to be entered into the password field. Here they describe how they constructed a single MD5 collision for a Certification Authority. Let's, for simplicity sake, assume it is the same kind of calculation. It took 200 Playstation 3's 18 hours to construct a collision. This means, at best, with the right results immediately at the start, you would need 36 hours and 200 Playstation 3's to break a password from a hashed salted password, even with all the data available. Playstation 3 cluster The chances of the average alliance here owning 200 Playstation 3's, configured to run parallel, are next to zero. The mentioned 18 hours time come from the only collision construction I am aware off, and is incompatible with the type of calculation needed to construct two hashes that are small enough to be used. In short: if your password table uses hashes, you are safe. Well look at what happened to your alliance's forums today Quote Link to comment Share on other sites More sharing options...
Lord of the Port Posted January 22, 2010 Report Share Posted January 22, 2010 (edited) Well look at what happened to your alliance's forums today Panic, apparently. As I said, the only thing that is stored in the database are the final hashes and the salts. I showed in my previous post that it has little value. [edit]Bros2 sent me the link. This exploit returns the final hash and the salt. This exploit only works if you have the standard 'ibf_' prefix. This exploit will only work with weak passwords. A password can be described as weak if your grandmother can memorize it. Edited January 22, 2010 by Lord of the Port Quote Link to comment Share on other sites More sharing options...
janax Posted January 22, 2010 Report Share Posted January 22, 2010 You mean the kind of passwords that most people use ? Quote Link to comment Share on other sites More sharing options...
andyt2k Posted January 22, 2010 Report Share Posted January 22, 2010 The newspaper today had a list of the top 10 most common they included 123456 12345 1234567 Password 123456789 I can't remember it, but I got into the admin settings on the computers in my highschool with 2 guesses, the password was "school" That's not hacking by any means, that's like taking a spare key out of a fake rock, it's inviting people in Quote Link to comment Share on other sites More sharing options...
bros Posted January 22, 2010 Author Report Share Posted January 22, 2010 You mean the kind of passwords that most people use ? yeah Basically, don't use dictionary words. It is hilariously easy to crack them Quote Link to comment Share on other sites More sharing options...
Starcraftmazter Posted January 25, 2010 Report Share Posted January 25, 2010 That's what happens when you use !@#$%* propriety software. Everyone that got hacked deserves it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.