 |
|
 |
 |
Menu |
 |
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
 |
User Info |
 |
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 109
Members: 0
Total: 109
|
|
|
|
|
 |
Full disclosure |
 |
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
I have an SQL dump file which I want to exploit |
 |
Posted: Thu Jul 08, 2010 5:53 pm |
|
|
D1scord |
Regular user |

 |
|
Joined: Jul 08, 2010 |
Posts: 7 |
|
|
|
 |
 |
 |
|
I have successfully negotiated to the relevant tables and exported all of the 2000 usernames / passwords etc to an excel file.
The passwords are hashed (MD5) and salt. I have the salt information in a separate column.
Now I have a few questions (very n00bish so I apologise in advance).
1. Since I have the entire d-base can I just modify it in some way to reveal all of the hashed passwords into plain text?
2. I am getting my head around rainbow tables. I ran a sample of the MD5 hashes through some of the online crackers but had no luck. Because of the salt I assume?
How to incorporate the salt information stored in the relevant column to support the cracking process?
3. I also have all of the plaintext private messages that were sent via the bulletin board that the SQL file came from, approx 21,000. Is there a technique for searching this data for particular strings?
If anybody has any other ideas and what to do I would love to hear them.
 |
|
|
|
|
 |
 |
|
 |
Posted: Thu Jul 08, 2010 6:53 pm |
|
|
vince213333 |
Advanced user |

 |
|
Joined: Aug 03, 2009 |
Posts: 737 |
Location: Belgium |
|
|
 |
 |
 |
|
Question 1
You cannot modify the database to show the plaintext passwords. You need to crack the md5 hashes or install a logger on the site that logs the plaintext into a database/file/...
Question 2
Rainbow tables are meant to be used with unsalted hashes. The don't work unless you have a rainbow table for each specific salt (which I doubt). You need to import the md5 hash and the matching salt into a password cracker like the famous passwordspro.
Question 3
You can use an SQL query with the Like statement (Google is your friend). |
|
|
|
|
 |
 |
|
 |
Posted: Thu Jul 08, 2010 7:27 pm |
|
|
D1scord |
Regular user |

 |
|
Joined: Jul 08, 2010 |
Posts: 7 |
|
|
|
 |
 |
 |
|
vince213333 wrote: | Question 1
You cannot modify the database to show the plaintext passwords. You need to crack the md5 hashes or install a logger on the site that logs the
plaintext into a database/file/...
Question 2
Rainbow tables are meant to be used with unsalted hashes. The don't work unless you have a rainbow table for each specific salt (which I doubt). You need to import the md5 hash and the matching salt into a password cracker like the famous passwordspro.
Question 3
You can use an SQL query with the Like statement (Google is your friend). |
Thanks man - I really appreciate that.
The learning curve is steep and the time is finite! |
|
|
|
|
Posted: Thu Jul 08, 2010 8:17 pm |
|
|
vince213333 |
Advanced user |

 |
|
Joined: Aug 03, 2009 |
Posts: 737 |
Location: Belgium |
|
|
 |
 |
 |
|
My pleasure It's steep but not everything is easy. If you need help with anything, feel free to ask ^^ |
|
|
|
|
Posted: Fri Jul 09, 2010 12:06 am |
|
|
earthquaker |
Advanced user |

 |
|
Joined: Jun 02, 2008 |
Posts: 111 |
Location: q8 |
|
|
 |
 |
 |
|
why dont u post the hash's+salt here |
|
|
|
|
Posted: Fri Jul 09, 2010 4:45 am |
|
|
D1scord |
Regular user |

 |
|
Joined: Jul 08, 2010 |
Posts: 7 |
|
|
|
 |
 |
 |
|
earthquaker wrote: | why dont u post the hash's+salt here |
All 1500? |
|
|
|
|
Posted: Fri Jul 09, 2010 6:06 am |
|
|
earthquaker |
Advanced user |

 |
|
Joined: Jun 02, 2008 |
Posts: 111 |
Location: q8 |
|
|
 |
 |
 |
|
|
|
|
|
Posted: Sat Jul 10, 2010 9:39 pm |
|
|
D1scord |
Regular user |

 |
|
Joined: Jul 08, 2010 |
Posts: 7 |
|
|
|
 |
 |
 |
|
|
|
|
|
Posted: Fri Jul 16, 2010 11:50 am |
|
|
D1scord |
Regular user |

 |
|
Joined: Jul 08, 2010 |
Posts: 7 |
|
|
|
 |
 |
 |
|
Is nobody interested in this? |
|
|
|
|
Posted: Fri Jul 16, 2010 2:15 pm |
|
|
earthquaker |
Advanced user |

 |
|
Joined: Jun 02, 2008 |
Posts: 111 |
Location: q8 |
|
|
 |
 |
 |
|
have u got the whole .sql dump or just this piece ? if u have the whole thing then msg me |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|