Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
June 23, 2024
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 390
Members: 0
Total: 390
PacketStorm News
·301 Moved Permanently

read more...
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> phpBB 2.0.22 database too big?
Post new topic  Reply to topic View previous topic :: View next topic 
phpBB 2.0.22 database too big?
PostPosted: Tue Apr 22, 2008 7:47 pm Reply with quote
revulsion
Beginner
Beginner
 
Joined: Apr 22, 2008
Posts: 4




Hello,

I just encountered the most damned problem, after a horrible time getting access, I finally managed to get a moderator (possibly admin? dunno?) who has the rights to backup the database. Hooray I thought..

The forum in question has around 10k users and 40k posts, and I started happily downloading their full database at an easy 1meg/sec. 80 meg later ffox siezes up and the download times out .. I try again, this time using the gzip option, however when extracting in winrar I get that the archive is damaged..

I opened up the 80meg that I managed to download before the timeout, and sadly the users table isn't amongst it.. I just got basically 425,000 lines of forumposts and random crap, plus ~400,000 lines of search_wordlist.

So.. basically I need to exact a single table (or perhaps delete the wordlist ones via controlpanel? possible?).. Any suggestions? I've googled around some and it seems that this is a common problem, however most remedies include using phpmyadmin, something which I can't really do since I only (so far) have access to the admin cp.
View user's profile Send private message
PostPosted: Tue Apr 22, 2008 10:38 pm Reply with quote
revulsion
Beginner
Beginner
 
Joined: Apr 22, 2008
Posts: 4




A little appendix to my previous post, it seems that EasyMod might be used as an alternative entrypoint? The data I managed to extract included the EM password, md5 encrypted.

(edit; found hash) 1a353063dbd2da7ba471849c35f90886 .. Any help decrypting it appreciated, I'll run my computers trying to do it during the night.

Does anyone have any previous experience with what you can do with EasyMod? Is it a viable method of extracting the remaining database?

Also, if I would to remove the ~40k posts from the forum, it's quite logical that both the wordlist_search tables would empty themselves as well as the massive lines of forumposts that make up the database?

(Sorry, bit of a spammer Smile)


Last edited by revulsion on Wed Apr 23, 2008 6:22 am; edited 1 time in total
View user's profile Send private message
PostPosted: Tue Apr 22, 2008 10:46 pm Reply with quote
gibbocool
Advanced user
Advanced user
 
Joined: Jan 22, 2008
Posts: 208




Yep if u get rid of the posts the database size will be much smaller Wink Of course this will quickly alert other admins that something is wrong.
Good work so far mate.. may i ask how you got into phpbb 2.0.22?

_________________
http://www.gibbocool.com
View user's profile Send private message Visit poster's website
PostPosted: Tue Apr 22, 2008 10:55 pm Reply with quote
revulsion
Beginner
Beginner
 
Joined: Apr 22, 2008
Posts: 4




gibbocool wrote:
Yep if u get rid of the posts the database size will be much smaller ;) Of course this will quickly alert other admins that something is wrong.
Good work so far mate.. may i ask how you got into phpbb 2.0.22?


Yeah that'll be my last resort then I guess, not really my intention to mess up their entire board either, though it's nearly their own fault if they don't backup :). Afraid me getting into the board wasn't too advanced, a large ISP where I live got hacked the other day, and their database was released. I had a database from five years back which I crosschecked with the new one.. Then I picked out the relevant stuff that I wanted (some specific accounts), found 10ish that matched what I wanted. Then on one of those I noticed he had a "you have a new reply" message on some forum, checked it and noticed he had userid #2 ..

Soon afterwards I noticed it was a pretty nice find since the forum was huge.. so, yeah, not exactly repeatable I'm afraid. Huuuuge luck factor other than this snag in the end.
View user's profile Send private message
PostPosted: Wed Apr 23, 2008 10:28 am Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Plaintext of 1a353063dbd2da7ba471849c35f90886 is torefors

Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Sun Oct 05, 2008 10:26 pm Reply with quote
kasykisgalva
Beginner
Beginner
 
Joined: Oct 06, 2008
Posts: 2




revulsion,
may you tell me which forum did u hack?

you can send me a pm Smile
View user's profile Send private message
PostPosted: Mon Oct 06, 2008 9:10 pm Reply with quote
lenny
Valuable expert
Valuable expert
 
Joined: May 15, 2008
Posts: 275




kasykisgalva:
1) Use correct grammar. Its "will you" not "may you"
2) You only want the URL so you can "hack" it using the cracked hash.

Sorry if that sounds blunt, but its got to be said.
View user's profile Send private message
phpBB 2.0.22 database too big?
  www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Post new topic  Reply to topic  




Powered by phpBB 2001-2008 phpBB Group






Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2020 Janek Vind "waraxe"
Page Generation: 0.206 Seconds