GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Password hacking sites collecting log in info

V_RocKs · 05-15-2006, 09:01 PM

Where do these forums get the info?

#1 - Payment processors. Some are hackable or were hacked years ago. The nice thing for hackers is very few of you force the users to accept a server made password. So if they get to continuously use kobe08:lakers1 for years, hacking a processor 3 years ago is just as good as hacking it today.

#2 - Stealing your DB or passfiles via your sponsor program. Many of you have used forum software like phpBB which is notorious for having holes. Some of you have used affiliate software that had holes allowing for the downloading of your database (with unencrypted passwords) or your password files (with encrpyted passwords that are notoriously easy to decrpyt).

#3 - Your websites have scripting vulnerabilities.

index.php?page=templates/about.php

becomes,

index.php?page=../ccbill/private/.htpasswd

Or even more devistating, the hacker downloads the .htpasswd file located in your admin directory. Now he decrypts your passwords and then uses the banner uploading scheme to upload a shell. Now he has access to run commands on your server.

echo "select username,password from members" > /usr/bin/mysql/bin/mysql -u admin -pevil1man -D pa2

Now he has all of your unencrypted passwords... sweet.. And no need to crack them against your l33t login software like strongbox because these all work.... they are from your current DB...

#4 - The hackers all trade their DB's and passfiles with each other. Now when they steal your encrypted .htpasswd file they have no problem getting 90% of it cracked in less than an hour since they have 3 million porn surfers passwords to try it against...

So where do they get these passwords? NOT FROM THE SURFERS YOU FUCKING MORONS! THEY ARE GETTING THEM FROM YOU!

05-15-2006, 09:01 PM
V_RocKs Damn Right I Kiss Ass! Industry Role: Join Date: Dec 2003 Location: Cowtown, USA Posts: 32,422	Where do these forums get the info? #1 - Payment processors. Some are hackable or were hacked years ago. The nice thing for hackers is very few of you force the users to accept a server made password. So if they get to continuously use kobe08:lakers1 for years, hacking a processor 3 years ago is just as good as hacking it today. #2 - Stealing your DB or passfiles via your sponsor program. Many of you have used forum software like phpBB which is notorious for having holes. Some of you have used affiliate software that had holes allowing for the downloading of your database (with unencrypted passwords) or your password files (with encrpyted passwords that are notoriously easy to decrpyt). #3 - Your websites have scripting vulnerabilities. index.php?page=templates/about.php becomes, index.php?page=../ccbill/private/.htpasswd Or even more devistating, the hacker downloads the .htpasswd file located in your admin directory. Now he decrypts your passwords and then uses the banner uploading scheme to upload a shell. Now he has access to run commands on your server. echo "select username,password from members" > /usr/bin/mysql/bin/mysql -u admin -pevil1man -D pa2 Now he has all of your unencrypted passwords... sweet.. And no need to crack them against your l33t login software like strongbox because these all work.... they are from your current DB... #4 - The hackers all trade their DB's and passfiles with each other. Now when they steal your encrypted .htpasswd file they have no problem getting 90% of it cracked in less than an hour since they have 3 million porn surfers passwords to try it against... So where do they get these passwords? NOT FROM THE SURFERS YOU FUCKING MORONS! THEY ARE GETTING THEM FROM YOU!