usko database rehacked

[Yun_Yuuzhan]

Originally posted by Vlein

Code:

<?php

$lib = 'big.txt'; //plug an option custom wordlist here

$link = mysql_connect("aonic.net", "fuck", "gaming");

mysql_select_db("gaming");



if(is_numeric($argv[1])){

	$query = "SELECT converge_id AS id, converge_pass_hash as hash, converge_pass_salt as salt, m.name as name 

 * * FROM ibf_members_converge, ibf_members AS m 

 * * WHERE converge_id = '{$argv[1]}'

 * * AND m.id = converge_id";

}else{

	$query = "SELECT converge_id as id, converge_pass_hash as hash, converge_pass_salt as salt, m.name as name 

 * * FROM ibf_members_converge, ibf_members AS m 

 * * WHERE name = '{$argv[1]}' 

 * * AND converge_id = id";

}

$result = mysql_query($query) or die("Query failed : " . mysql_error());

$r = mysql_fetch_assoc($result);



echo "Running $lib on $r['hash']...";



if(isset($r['salt'])){

	foreach(file($lib) as $x){

 *$y = md5( md5($r['salt']).md5(trim($x)) );

 *

 *if ( $y == $r['hash'] ){

 *	die("nrResult:nr$y === $xnr");

 *}/*else{

 *	echo "nr".trim($x)." !== $hash";

 *}*/

	}

}



?>

Code:

e540211aa60e3e20014038a3de8a94f8

^thats all a "md5 hash" is

That's as useful as knowing that a car is made of metal.

I'd like to see it reverse engineered so you produce a plaintext password when given the MD5 hash.

[Devile]

Originally posted by Vlein
u can make a php script that reads thru a big list of "word list" (password list for brute force) for the md5, we did this to fuckgaming before, we downloaded their database thru their root admin, and made a php script read thru the word list. so people with passwords that were common in the english language would pop up.

Try cracking this hash:

5c5be57882b89582c26ef05907f95f93

and tell your grand grand grand sons to call my grand grand grand sons with the answer.

Bruteforcing will only pick dictonary based passwords. A 12 characters password with uper/lower cases, numbers and letters will take AGES to crack. Even something as simple as the word Knight2000 (b1f0d349f7824276264ffc20b7050cee) will take lot of time to find. U will have more luck with online md5 hash databases. Not to mention all the different languages there are so password can be based in lots of dictionaries.

Besides, what makes u think KO passwords are MD5 hashes? Maybe they are encrypted with a different algorithm or even in plain text I'm 99% sure they are in plain text.

PS: K19FaVckyztZ

[Yun_Yuuzhan]

Originally posted by Devile
Besides, what makes u think KO passwords are MD5 hashes? Maybe they are encrypted with a different algorithm or even in plain text I'm 99% sure they are in plain text.

I really hope you're wrong about that, Devile.

[OohYouTouchedMyTraLa]

Not to mention all the different languages there are so password can be based in lots of dictionaries.

or made up words

[PopTart]

i think its bullshit cuz K2 related people use a @k2networks.com email not @knightonlineworld.com

[festo]

5c5be57882b89582c26ef05907f95f93

pw = burrito

[Devile]

Originally posted by Yun_Yuuzhan+--><div class='quotetop'>QUOTE(Yun_Yuuzhan)</div>

<!--QuoteBegin-Devile

Besides, what makes u think KO passwords are MD5 hashes? Maybe they are encrypted with a different algorithm or even in plain text I'm 99% sure they are in plain text.

I really hope you're wrong about that, Devile.[/b]

It's either plain text or an algorithm they can encrypt and decrypt. My guess, plain text. Also, didn't few months a ago a hacker post a list of accounts/passwords supposedly from a hacked DB? That kinda supports the idea of plain text.

[festo]

Well it used to be plain text but in january, a memo was sent to everyone. Which stated what desired additions we would like;

Desired Additions
• Expand game chat limit for game masters to 256.
• Add more levels of gm privileges.
• Detailed GM command list
• Recompile Knight tools so that our version of our tool is unique only to USKO.
• Encrypt the game database password and account ID fields.
• New boss - We need detailed requirements to design these boss’s ourselves.

So
B)

[Devile]

Ok, memo was sent. Question is, did they do it?

Since that small change requires prolly big changes everywhere. I mean about the accountid/password fields. Game servers, GM tools, website, etc.

[festo]

lol nothing that was in the memo that i know of got changed

[HeLLorY]

i just investigate the link that u gave, and i saw nothing in that forum... just a man claiming that hacked k2network db but there is no evidence rather than msn logs. also we know that these msn logs can be easily repaired by potoshop or other types of the programs. i do not want to say that these r remaked pictures, but i can not really believe that k2network admins use msn to contact the hacker or whatelse.. the hacker says i sent them e-mail and they invited me msn... etc.. it is not really seems true :unsure: also, as i see that man in his own website, he wrote that he is from samsun/turkey where i was born in :P and i can't believe that there exist a hacker from samsun ^_^ it is unbelievable so, i am pretty relaxed when i saw him from samsun... go go go lvl 70 :rollseyes:



HeLLorY/ares/68 lvl kassar hood...

[00:00]

true or not i dun care .. but if he say true we see after 7 days :wub: gn

[0wnoR]

oke :lol:

[userbin]

its possible to crack md5's

we used to do it back when i was a warez monkey, stealing other irc channels ftp's ;/


although im with devile... k2's security is so shit its not funny... ther's probably a master pass list on a plain text file some where...

[Flippy]

Originally posted by userbin
its possible to crack md5's

we used to do it back when i was a warez monkey, stealing other irc channels ftp's ;/


although im with devile... k2's security is so shit its not funny... ther's probably a master pass list on a plain text file some where...

maybe its possible , im never tryed cuz i dont need to but i believe its one of the hardest so far