Is your forum at risk being hacked? Or are you a member of a forum which is risk being hacked? If your answer is YES. Please go on reading, because I am going to revealed how hacker can hack a forum in just 5 minutes and download data from the forum including your password and how they decrypt it.
I would like to state this clear that I am not a hacker and i am not intend to do so. I am sharing this information for the sake of warning forum administrator and member of forum out there to be more caution.
The trick to hacking phpbb is simple as 1 2 3. Everyone can do it; it's a bug in phpbb. I got this piece of information through an underground forum which already been close down. Please refer to picture below, it's just a 9 step tutorial and you are in power to control the whole forum for only 5 minutes work.
Please do not ask me for further step because I am not going to give as this is just for informational purposes, sorry for that, I have personally sent out email to those forum which still risk being hacked about this piece of information and ask them to upgrade their version of phpbb.
Once hacker login to phpbb, they will do several thing, no doubt, they could just delete off the database or they can edit the template of phpbb or locked the forum. This could be done if these hackers have a bit knowledge about phpbb. For silent hacker, they could sneak in and retrieve information. They could get every password of member in the forum with just a few clicks. Phpbb do integrate an option to download a dump database of the forum through admin control panel. With the dump database, each member encrypted password could be decrypted with some tools found from the internet.
Please take a look on a cut out information store in the database dump:
er_phone) VALUES(’2′, ‘1′, ‘testing’, ‘12b3638553c1f4a535a047e7003d9ac4′, ‘114568454′, ‘0′, ‘1
Phpbb store password in MD5 format.MD stands for message digest. As refer to above database cutout information. The MD5 hash of testing is ‘12b3638553c1f4a535a047e7003d9ac4′. This will be the encrypted password, the only way to decode the password is to use MD5 Hash Lookup Tool.
Does MD5 Hash decode able? This is what I get in phpbb knowledge base site:
“The only known way of getting the original string is by brute force cracking. This means going through many combinations of characters until the message digest outputted by one of them equals the message digest that you are trying to match. However, with our computer power at the moment, doing something like this on a long enough string would take years, and by that time you (and possibly your computer) would have died of boredom.”
So, how MD5 Hash Lookup Tool able to decode while phpbb knowledge base say it couldn’t. Yup, for sure it couldn’t if you done it alone. MD5 Hash Lookup site could have a list of database of combination of MD5 Hash which contributes by hacker community out there to form an absolute database for this purpose. The database could be sharing around for year and keep growing.
The risk is there, to prevent yourself, please do not use password for forum same as your email or your other financial account. Please do bear in mind, when you register a forum, your email will also be stored in the database and at the same time hacker could try to login your email with password got from the forum.
Also, since MD5 hash reverse tool available out there is a database dictionary and collection of MD5 hash, you can safeguard yourself by choosing a good password which is hard to crack.
For admin of forum, please upgrade your forum frequently and get update from your forum script provider to patch all security loopholes which may still at risk. For better security lock your admin folder path.
Recommended product:
Hackers guidebook - The Very Best Resource For Computer Security & Internet Security. Written For Novices & Experienced Users.
November 13th, 2006 at 2:57 am
This is a good piece of information. Thanks for sharing.
December 24th, 2007 at 8:53 am
OMG YOU STUPID IDIOT GIVE US THAT FRIGGING TEXT FILE OR ACTUALLY EXPLAIN YOU RETARD!!
January 23rd, 2008 at 2:03 am
You are a complete stupid run off at the mouth dumb retarded idiot.
This is more like a how to fill a web page full of stupid unrelated advertisements and clutter. This entire site is a joke. The hacker that takes down this place ought to be crowned a hero, embellished, and noted in history for playing the role of the exterminator stupid assholes.
March 17th, 2008 at 8:08 pm
i don't completely agree with that.. I'm a pro hacker.. And this piece of information is very useful but you should not post this kind of things here.. If the black hats find out they can take this place down.. So you should post that information in a very protected forum… this place is like shit.. i can hack this place in two minutes.. so be careful from now on.. don't just post stuff like that..
April 9th, 2008 at 4:21 pm
LOL Pro Hacker! Suck my internutz.
May 9th, 2008 at 5:03 am
BRAVO. … UPLOAD THE TEXT PLEASE AND GIVE THE LINK… THERE ARE ONLY 6 STEPS HERE AND ITS REALLY HARD TO READ!!! PLZ
May 16th, 2008 at 2:36 am
Foul mouth degenerates always present themselves as intellectually deprived individuals who have me completely amazed that their skull cavity contains enough brain cells to even function. My suggestion would be to crawl back under the rock you all came from and join the single celled organisms that you can better relate too.
June 3rd, 2008 at 10:49 pm
Thanks for sharing, but I don't really agree, no one can hack phpbb, except if the admin was stupid, or some kind to know the password by making fake pages, by knowing the md5, you must know something about admin or the member that you want to hack, so its not about phpbb
June 3rd, 2008 at 10:50 pm
maybe also by a new script, that phpbb doesn\'t know.
June 20th, 2008 at 2:14 pm
Hello,
I'm newer here and stopping in to say hi.
I hope everyone has a good day.
Jaeric
July 5th, 2008 at 7:46 pm
How is you?
July 29th, 2008 at 9:02 am
I've recently joined and wanted to introduce myself
July 29th, 2008 at 8:19 pm
is a good shared
November 7th, 2008 at 5:34 am
Thanks man! a good sharing..
November 16th, 2008 at 7:20 am
I have a flash website
i'm looking for the script who makes google adsense in flash.
do you know this script?
December 21st, 2008 at 3:44 am
Hi! i`m From Kosovoo.. And i Dont understen cann you help me in messenger
ContacT: dimi_m.e@hotmail.com please …
January 12th, 2009 at 12:15 am
Sorry about that, but we need very urgently to contact the administrator http://www.millionringgithomepage.com. There has not been able to find the feedback. Thank you!
January 16th, 2009 at 10:27 am
I have recently lost a good amount of weight using acai berry and colon cleanse pills and have created a blog documenting my use of it.
However, I would also like to try out the Wu-Yi weight loss teas and document my progress with that as well.
The problem is i have heard some bad things about these teas. Has anyone tried them? Did you suffer from any of the side effects?
February 7th, 2009 at 3:14 pm
Hello All,
I am new here and just wanted to introduc myself.
I have a few questions but I will first search for the answers before asking them just in case they have been asnwered.
THanks!
March 4th, 2009 at 7:00 pm
It's really a grainy photo, No way to read the photo!