 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
finding out what the salt is on smf |
 |
 Posted: Mon Sep 18, 2006 11:48 am |
 |
|
| ladylearner |
| Regular user |
 |
|
| Joined: Oct 23, 2005 |
| Posts: 21 |
|
|
|
 |
|
 |
|
hi, if you have a back up of an smf board, how can you find out what the salt is, where would I look:
example...
(please note NO details on this sample are real, the usernames, mails web addresses, ips , photobuckets are edited to fakes. for sample fake users called bob and bill.)
INSERT INTO `smf_members`
(`ID_MEMBER`, `memberName`, `dateRegistered`, `posts`, `ID_GROUP`, `lngfile`, `lastLogin`, `realName`, `instantMessages`, `unreadMessages`, `im_ignore_list`, `passwd`, `emailAddress`, `personalText`, `gender`, `birthdate`, `websiteTitle`, `websiteUrl`, `location`, `ICQ`, `AIM`, `YIM`, `MSN`, `hideEmail`, `showOnline`, `timeFormat`, `signature`, `timeOffset`, `avatar`, `im_email_notify`, `karmaBad`, `karmaGood`, `usertitle`, `notifyAnnouncements`, `notifyOnce`, `memberIP`, `secretQuestion`, `secretAnswer`, `ID_THEME`, `is_activated`, `validation_code`, `ID_MSG_LAST_VISIT`, `additionalGroups`, `smileySet`, `ID_POST_GROUP`, `totalTimeLoggedIn`, `passwordSalt`)
VALUES (1, 'bob', 1100828058, 89, 1, '', 1158576685, 'bob', 1, 0, '', 383a2cb1ad270625b3a521aea4fafd64 'bob@bob.com', '', 1, '1978-03-26', 'edited', 'http://www.bob.com', 'somewhere, someplace', '', '', '', '', 0, 1, '', '', 0, '', 0, 179, 102, '', 1, 1, '211.x.x.x', '', '', 6, 1, '', 22809, '', '', 5, 110341, ''),
(2, 'bill', 1100828832, 770, 9, '', 1158555771, 'bill', 1, 0, '', '249d87c627fe2b8c8f21907a1f1862e6', 'bill@bill.com', 'Born to be bob!', 0, '0000-00-00', '', '', '', '', '', '', '', 1, 1, '', ' ? [img]http://i7.photobucket.com/albums/bob[/img]<br />[img]http://i7.photobucket.com/albums/bill[/img]<br />[img]http://i7.photobucket.com/albums/bob[/img]', 0, 'http://i13.photobucket.com/bob', 1, 17, 19, '', 1, 1, '71.x.x.x', '', '', 6, 1, '', 22804, '', '', 6, 632211, ''),
where would I look for the salt?
TIP: for anyone who does not know, I found that the md5 for the secret question answers on these boards are not salted! |
|
|
|
|
|
|
Re: finding out what the salt is on smf |
|
| Posted: Wed Sep 20, 2006 2:36 pm |
|
|
| ToXiC |
| Moderator |
 |
|
| Joined: Dec 01, 2004 |
| Posts: 181 |
| Location: Cyprus |
|
|
|
|
|
|
| ladylearner wrote: | hi, if you have a back up of an smf board, how can you find out what the salt is, where would I look:
example...
(please note NO details on this sample are real, the usernames, mails web addresses, ips , photobuckets are edited to fakes. for sample fake users called bob and bill.)
INSERT INTO `smf_members`
(`ID_MEMBER`, `memberName`, `dateRegistered`, `posts`, `ID_GROUP`, `lngfile`, `lastLogin`, `realName`, `instantMessages`, `unreadMessages`, `im_ignore_list`, `passwd`, `emailAddress`, `personalText`, `gender`, `birthdate`, `websiteTitle`, `websiteUrl`, `location`, `ICQ`, `AIM`, `YIM`, `MSN`, `hideEmail`, `showOnline`, `timeFormat`, `signature`, `timeOffset`, `avatar`, `im_email_notify`, `karmaBad`, `karmaGood`, `usertitle`, `notifyAnnouncements`, `notifyOnce`, `memberIP`, `secretQuestion`, `secretAnswer`, `ID_THEME`, `is_activated`, `validation_code`, `ID_MSG_LAST_VISIT`, `additionalGroups`, `smileySet`, `ID_POST_GROUP`, `totalTimeLoggedIn`, `passwordSalt`)
VALUES (1, 'bob', 1100828058, 89, 1, '', 1158576685, 'bob', 1, 0, '', 383a2cb1ad270625b3a521aea4fafd64 'bob@bob.com', '', 1, '1978-03-26', 'edited', 'http://www.bob.com', 'somewhere, someplace', '', '', '', '', 0, 1, '', '', 0, '', 0, 179, 102, '', 1, 1, '211.x.x.x', '', '', 6, 1, '', 22809, '', '', 5, 110341, ''),
(2, 'bill', 1100828832, 770, 9, '', 1158555771, 'bill', 1, 0, '', '249d87c627fe2b8c8f21907a1f1862e6', 'bill@bill.com', 'Born to be bob!', 0, '0000-00-00', '', '', '', '', '', '', '', 1, 1, '', ' [img]http://i7.photobucket.com/albums/bob[/img]<br />[img]http://i7.photobucket.com/albums/bill[/img]<br />[img]http://i7.photobucket.com/albums/bob[/img]', 0, 'http://i13.photobucket.com/bob', 1, 17, 19, '', 1, 1, '71.x.x.x', '', '', 6, 1, '', 22804, '', '', 6, 632211, ''),
where would I look for the salt?
TIP: for anyone who does not know, I found that the md5 for the secret question answers on these boards are not salted! |
It seems that there is no salted value in it .. Are you sure you paste it correctly .. ? or by modifiing it you didnt distroy anything . ?
one easy way to do it .. is to count the names unltil the `passwordSalt` and do the same with inserted values...
I dont know if i am wrong ..
anyone else ? |
|
_________________
who|grep -i blonde|talk; cd~;wine;talk;touch;unzip;touch; strip;gasp;finger;gasp;mount; fsck; more; yes; gasp; umount; make clean; sleep;wakeup;goto http://www.md5this.com |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 65
Members: 0
Total: 65
