Vbulletin dating software

These are just plain text strings that people have used as passwords in other systems and the output looks something like this: There’s more variety in a dictionary of this nature and because it’s put together with passwords that people typically use (often these are constructed from breaches where there was no cryptographic storage), the hit rate per hash is much higher then the auto-generated stuff.On the flip side, the rate here is much slower at “only” 586 million hashes per second as the GPU now needs to be fed in values to hash rather then just working through a character range as it did earlier.Let me round out on a more positive note though and it’s about where we’d like to see password storage moving to.

Those earlier v Bulletin passwords have two MD5 hashes each according to the hash identification service above too.Let’s take the Gamerzplanet breach which had over 1.2M accounts in it with the first ten passwords appearing as follows:af48332ec7bae3b43c2f8c28f1b6479e:f\u befd08dfd48fc13a47f5dcd467f4964f:$:}c L1SDYX$s vi F%MJ{w(W|nm G%IS a92f7415b68d649f0e0314b149a8bc0a:5ze 10a9ef2ec83234eec337e557333f78f5:/Do 2fc88d6b7b827bec242a307604c1c1L 0101a55a81ff2a185d6a758ab0bce632:4f WN2/ I~&AW]Ur Mw\AM3p ZJR55b#O cb574910766230d9e4bfa979110b26e2:~KJ 504661de0decb40df6feaac4eed46884:|p| 618fbea1123e82ff547274e3134c0731:0 c 5e155f2a3b61528bd2c772ce7230ce35:@9] The first thing you’ll notice here is that two of the rows are much longer than the others.What we’re actually seeing here is fixed length MD5 hashes on each row then a colon delimiter between the hash and the salt.There’s a thread over on the hashcat forums which talks about a bunch of different approaches and it’ll give you an idea about how the process works.(Incidentally, it also demonstrates that I should have done the dictionary attack first given it’s much higher success rate and shorter duration.) For now though, this pretty much makes the point – over 135k password hashes cracked in less than a day by me casually throwing hashcat at it.This meant I could then dump the hashes out from the source file (I use Log Parser for this sort of activity) and proceed to crack them which would verify that they did indeed originate from v Bulletin.I grabbed hashcat (which is now open source, by the way) and then checked out the example hashes page and found v Bulletin with the hash modes 26 for the older and newer versions respectively.Hashcat also knows which passwords have been cracked already and the results are simply appended to that.Once it finishes, we’re at a total of over 60% cracked: You can go on and on with various other types of attack and keep chipping away at the remaining hashes.I doubt very much that many are actually maintained too; certainly v Bulletin issue patches when bugs are identified, but how many of these installations are actually kept up to date?Even v Bulletin themselves were hacked a few months ago so what chance do others running the forum software have at protecting themselves?

Leave a Reply

Your email address will not be published. Required fields are marked *

One thought on “vbulletin dating software”

  1. continue reading » Som de fleste nok ved, så er sexchat også meget ofte forekommende i almindeligt chatrum, men hvis man er ude efter mere end en snak om vejret, så bør man faktisk styre uden om dem og videre til de frække.…