Jump to content

Old Passwords

audey

By audey
in Everything Else

 Share

Recommended Posts

loftrat Newbie

loftrat

Posted
Posted

All the passwords are available on the Interwebs for everybody to see now.....it was only a matter of time - mine's on there as well, I guess I must have been having finger trouble when I logged in though because there's about 4 different versions of it :D

Link to comment
Share on other sites
h3%5kr3w Newbie

h3%5kr3w

Posted
Posted

Well, tbh, i originally digressed from this thread, but now that it's exposed to all...

as per the .txt file out there...

>>

hexskrew - blacksink27*

hexskrew - blacksink27

hexskrew - blacksink278

But as of now, password has been demoted, a super INSECURE password is used here, and higher level passwords are used elsewhere as per my heirarchial password design per purpose and importance..

btw, I do have the file but moreoverly I am interested in what else is in there. Not for script kiddie purposes, or anything else. I like to say that I am an active member of this community and by all means even if I do not agree (and sometimes fight with) some of you folks, I do respect you all and have NO purpose to use this file in any malicious ways... But it does have something to say about the people that did this... What was the real purpose? I mean they say they did it because they don't think mubix, darren, and matt know what they are doing, but this place is not about learning semenars. They don't act like they are supahz 1337, and they never throw their weight around. Seems to me that zfo did this just to act like they have big balls... I say it's bullshit and they just wanna pull stupid shit.

Why the hell else would they do that? I mean yeah, if they just defaced the server and then spit out what they did to do it and what could be done to fix it would be one thing, but they just took the whole thing down... What did they think this was the Gipson?!

Link to comment
Share on other sites
cabster21 Newbie

cabster21

Posted
Posted

Mine on here was a name... I don't use it for anything else. I always use crappy passwords for forums, as I tend to visit them from more than one location - often public. I know there are a few good solutions out there, I'm just very lazy. I don't even know what my demonoid account password is, it's the one that was sent to me. I keep meaning to change it.

Link to comment
Share on other sites
foo Newbie

foo

Posted
Posted
Mine on here was a name... I don't use it for anything else. I always use crappy passwords for forums, as I tend to visit them from more than one location - often public. I know there are a few good solutions out there, I'm just very lazy. I don't even know what my demonoid account password is, it's the one that was sent to me. I keep meaning to change it.

yup. same here about using crappy pw's for forums etc.. hell, usually when i need a random pw for places like these i just look around me & whatever i see first, i enter that :P

didn't care to change it until i saw that list users/pw's publicized all over the web

Link to comment
Share on other sites
Jason Cooper Newbie

Jason Cooper

Posted
Posted
Its not hard, especially if you know what the salt is and/or have this: http://www.insidepro.com/eng/egb.shtml.

Considering the login runs over http and not https they just seem to have run a simple sniffer on ther server and pulled out a long list. (That is why there are a number of passwords in the list for the same users, usually the first one contains a typo.)

Now if it the logins ran over https it would have made things a bit more difficult for them, they would have had to log a lot more information and then use the SSL private key from the server to decrypt the sniffed traffic. They would have had access to the private key by the looks of it. Wouldl they have gone that effort (Or would they have known how to do that) is an interesting question as the other sites that they broke into either required them to crack hashes or had the passwords stored in plain text.

Link to comment
Share on other sites
foo Newbie

foo

Posted
Posted
Considering the login runs over http and not https ...

yeah, it'd be nice if https was used. if i remember right, i thought i read somewhere that darren was prob going to implement that... *shrug*

Link to comment
Share on other sites
VaKo Newbie

VaKo

Posted
Posted

I don't think for a second that they were in the server for any length of time and were sniffing the traffic. I think they just figured out the userDB salt and cracked as many passwords as they could. If you look at the list they seem to have 3000 passwords, I don't think these forums have that many active users, and even a large amount of logged in lurkers couldn't account for those numbers.

Link to comment
Share on other sites
Seshan Newbie

Seshan

Posted
Posted
I don't think for a second that they were in the server for any length of time and were sniffing the traffic. I think they just figured out the userDB salt and cracked as many passwords as they could. If you look at the list they seem to have 3000 passwords, I don't think these forums have that many active users, and even a large amount of logged in lurkers couldn't account for those numbers.

That means the forums save old passwords. Some people have multiple passwords, or like mine my older password I use to use. Witch is kinda stupid.

Link to comment
Share on other sites
VaKo Newbie

VaKo

Posted
Posted

I honestly don't know enough about IPB personally to clarify either way I'm afraid. And I don't honestly know a huge deal more than is public knowledge about the specifics of the attack. Matt is the only one who can answer those questions.

Link to comment
Share on other sites
  • 1 year later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...