GHDB
GHDB
|
Google Search: “Powered By Elite Forum Version *.*”
murfie rates this entry 8 out of 10. Submitted: 2004-09-24 07:38:18 Added by: murfie Hits: 11728 Score: 8 Elite forums is one of those Microsoft Access .mdb file based forums. This one is particularly dangerous, because the filename and path are hardcoded in the software. An attacker can modify index.php for ./data/users/userdb.dat, open the file and see something like this:<#!LNUM!#>4<#!ENDLNUM!#><#!MAXID!#>2<#!ENDMAXID!#><#!USER!#><#!UNAME!#>administrat<#!ENDUNAME!#><#!PWORD!#>4571XXX367b52XXXb33b6ce74df1e017<#!ENDPWORD!#><#!DBID!#>0<#!ENDDBID!#><#!ENDUSER!#>(data was xx’d)These are MD5 digests and can be brute forced (with enough time) or dictionary cracked by a malicious user, thus giving adminstrator access to the forum. Comments: 2004-09-24 09:54:52 (Rj4): Hi nice nice But can find cracker !! I have John the Ripper But DOnr know how tu use!?! LOL BUT GIVE YA 10 VERRY GOOD POST 2004-09-26 11:57:02 (murfie): Incremental cracking these encryptions can take a long time.. :( But you can allways try a dictionary attack, in fact, for educational purposes I have written this perl scripplet: http://murfnet.xs4all.nl/public/scripts/perl/smash.txt 2005-02-15 14:26:46 (Anonymous): u could use http://passcracking.com/Good_values_list.asp to crack MD5 values, it has a prerecorded database of hashes and it will process urs! but u have to weight 2 weeks, long line to crack! |
Does GHDB still updates for now?
The GHDB is alive and well, updated through the ExploitDB: http://www.exploit-db.com/google-dorks.
Hi Johnny,been a while since I’ve came last. Aren’t you gonna update this website anymore???
The GHDB is not updated and lives with the exploitdb: http://http://www.exploit-db.com. Please check out the awesome folks at Offensive Security as well: http://www.offensive-security.com!
Is any offline view-able resources is available of this product ?