Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
firedemon666
Hangin' Around


Joined: Apr 28, 2006
Posts: 31

PostPosted: Mon May 01, 2006 9:42 pm Reply with quote

OK guys. I am relatively new to PHP nuke and could use just a tad bit of help here. After fumbling with MD5 hashes I realized how relatively easy they are to crack. If I wanted to up the ante on our site from MD5 to SHA256 encryption with this:
Only registered users can see links on this board! Get registered or login!



How would I go about implementing the files? Or if it is too much of a hassle, is it at least possible to change the encryption to SHA1?

Many thanks in advance Smile
 
View user's profile Send private message
Rumbaar
Regular
Regular


Joined: Apr 16, 2004
Posts: 78
Location: Melbourne, Australia

PostPosted: Tue May 02, 2006 2:12 am Reply with quote

Well I can't offer any implementation tips or info. But I have to say that currently on anything under a cluster server any password with 9+ character will be relatively un-crackable even for MD5 hash.

It's all about password size/combination that is ever the issue with MD5 hash.

_________________
Victim's aren't we all! 
View user's profile Send private message Visit poster's website
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Tue May 02, 2006 6:08 am Reply with quote

Yes, and stay away from passwords with words that can be found in the dictionary. Off combinations of lower case and upper case letters and numbers works best. You can also throw in a special character, but be forewarned that some will not work with Nuke.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
technocrat
Life Cycles Becoming CPU Cycles


Joined: Jul 07, 2005
Posts: 511

PostPosted: Tue May 02, 2006 12:04 pm Reply with quote

Here is a solution we have been using.

$password = md5(md5(md5(md5(md5($password)))));

Try breaking a two letter password that has been hashed 5x. Wink

Also I think sh1 has also been broken.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! / Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message
firedemon666
PostPosted: Thu May 04, 2006 8:22 pm Reply with quote

Hmmmm. What file would i modify with the 5x script?
 
technocrat
PostPosted: Thu May 04, 2006 11:23 pm Reply with quote

I dont remember the default place in standard nuke. It would be in YA, just look for MD5
 
firedemon666
PostPosted: Sat May 06, 2006 6:56 pm Reply with quote

YA?
 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Sat May 06, 2006 11:32 pm Reply with quote

Your_Account module

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
firedemon666
PostPosted: Sat May 06, 2006 11:32 pm Reply with quote

Ahhhhh I gotcha
 
Eagle2
New Member
New Member


Joined: Nov 02, 2005
Posts: 24

PostPosted: Sat Jun 03, 2006 7:56 am Reply with quote

technocrat wrote:
Here is a solution we have been using.

$password = md5(md5(md5(md5(md5($password)))));

Try breaking a two letter password that has been hashed 5x. Wink

Also I think sh1 has also been broken.


First of all, hello to all and thanks for all your help guys!

I don't want to open a new topic cuz you'll see two similar topic...and I know that it's not so good.

My question is simple:

I've the CNB_YourAccount 750 4.4.2...the latest, for what I know, and, as you well know, the YourAccount module is all different from the original one...so...where should I search to change the code that you wrote?

I searched in the index.php and I found it but...is it the only change to do? I mean...how the de-encryption works and... should I change something there too?

I really would thank you for all your help guys, you're a really great community. Smile

Best Regards.
 
View user's profile Send private message
firedemon666
PostPosted: Sat Jun 03, 2006 7:59 am Reply with quote

I only changed the code in one file and the site seems to work perfectly. I can't remember which file it was I modded but if you give me about a week until my PC is fixed I can help you out.

Best of luck.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©