Is your forum at risk being hacked? Or are you a member of a forum which is risk being hacked? If your answer is YES. Please go on reading, because I am going to revealed how hacker can hack a forum in just 5 minutes and download data from the forum including your password and how they decrypt it.

I would like to state this clear that I am not a hacker and i am not intend to do so. I am sharing this information for the sake of warning forum administrator and member of forum out there to be more caution.

The trick to hacking phpbb is simple as 1 2 3. Everyone can do it; it's a bug in phpbb. I got this piece of information through an underground forum which already been close down. Please refer to picture below, it's just a 9 step tutorial and you are in power to control the whole forum for only 5 minutes work.

Please do not ask me for further step because I am not going to give as this is just for informational purposes, sorry for that, I have personally sent out email to those forum which still risk being hacked about this piece of information and ask them to upgrade their version of phpbb.

Once hacker login to phpbb, they will do several thing, no doubt, they could just delete off the database or they can edit the template of phpbb or locked the forum. This could be done if these hackers have a bit knowledge about phpbb. For silent hacker, they could sneak in and retrieve information. They could get every password of member in the forum with just a few clicks. Phpbb do integrate an option to download a dump database of the forum through admin control panel. With the dump database, each member encrypted password could be decrypted with some tools found from the internet.

Please take a look on a cut out information store in the database dump:

er_phone) VALUES(’2′, ‘1′, ‘testing’, ‘12b3638553c1f4a535a047e7003d9ac4′, ‘114568454′, ‘0′, ‘1

Phpbb store password in MD5 format.MD stands for message digest. As refer to above database cutout information. The MD5 hash of testing is ‘12b3638553c1f4a535a047e7003d9ac4′. This will be the encrypted password, the only way to decode the password is to use MD5 Hash Lookup Tool.

Does MD5 Hash decode able? This is what I get in phpbb knowledge base site:
“The only known way of getting the original string is by brute force cracking. This means going through many combinations of characters until the message digest outputted by one of them equals the message digest that you are trying to match. However, with our computer power at the moment, doing something like this on a long enough string would take years, and by that time you (and possibly your computer) would have died of boredom.”

So, how MD5 Hash Lookup Tool able to decode while phpbb knowledge base say it couldn’t. Yup, for sure it couldn’t if you done it alone. MD5 Hash Lookup site could have a list of database of combination of MD5 Hash which contributes by hacker community out there to form an absolute database for this purpose. The database could be sharing around for year and keep growing.

The risk is there, to prevent yourself, please do not use password for forum same as your email or your other financial account. Please do bear in mind, when you register a forum, your email will also be stored in the database and at the same time hacker could try to login your email with password got from the forum.

Also, since MD5 hash reverse tool available out there is a database dictionary and collection of MD5 hash, you can safeguard yourself by choosing a good password which is hard to crack.

For admin of forum, please upgrade your forum frequently and get update from your forum script provider to patch all security loopholes which may still at risk. For better security lock your admin folder path.

Recommended product:

Hackers guidebook - The Very Best Resource For Computer Security & Internet Security. Written For Novices & Experienced Users.