Passwords and stuff

2008-05-13 10:33:56

#1

Toilet Sex: one love, one pig; +1,775|6842

Okay so a password on a forum I visit was possibly (likely) to have been found out but I have no idea how and what to do about it. The password was 19 characters long, contained uppercase, lowercase, ALT codes and symbols. No way could anyone have guessed it, so I'd like to know how they got it, what I should and can do to stop it again.

I never used the password for any other site or anything at all, so I was wondering what the hell it is. Is it possible that by visiting another forum, my cookies could be stolen or something and they get the password from there?

FYI:

Firefox 2.0.0.4 with NoScript

Anyone know the cause? If so, what can I do to protect myself more?

♥

2008-05-13 10:41:30

#2

naightknifar: Served and Out; +642|6832|Southampton, UK

Toilet Sex wrote:
Okay so a password on a forum I visit was possibly (likely) to have been found out but I have no idea how and what to do about it. The password was 19 characters long, contained uppercase, lowercase, ALT codes and symbols. No way could anyone have guessed it, so I'd like to know how they got it, what I should and can do to stop it again.

I never used the password for any other site or anything at all, so I was wondering what the hell it is. Is it possible that by visiting another forum, my cookies could be stolen or something and they get the password from there?

FYI:

Firefox 2.0.0.4 with NoScript

Anyone know the cause? If so, what can I do to protect myself more?

Keylog / Cookie Tracker.

My guess anyway.

2008-05-13 10:55:54

#3

02fxnmaurer: Member; +75|6753|Birmingham UK

key logger

2008-05-13 10:57:22

#4

utchin: Member; +8|6185

how do you know they found out?

And... it does depend on what site it is, what software the website is using, it may not encrypt the password ( like most forums have to) and is just stored in the database as your password, not 3df3534fcf4f34r3f4tf3ddd (eg)

can i see the site?

Last edited by utchin (2008-05-13 10:58:02)

2008-05-13 11:02:31

#5

Toilet Sex: one love, one pig; +1,775|6842

utchin wrote:
how do you know they found out?

And... it does depend on what site it is, what software the website is using, it may not encrypt the password ( like most forums have to) and is just stored in the database as your password, not 3df3534fcf4f34r3f4tf3ddd (eg)

can i see the site?

http://forums.ifskinzone.net/index.php?act=idx

I'm not certain they did, but stuff is being leaked out (of hidden forums) by someone with either a cracked password or an exploit with InvisionFree/IPB 1.3. I was told by an admin that it's likely to be my account. I asked why he thinks it is but no reply yet, and I want to know if it's possible and likely before I go and do scans and password changes.

This make any sense?

-- says:
I believe it's a cookie-related exploit, but I can't say I understand that stuff all too well.
-- says:
Something about grabbing your sessions.

Last edited by Toilet Sex (2008-05-13 11:18:14)

♥

2008-05-13 11:48:08

#6

steelie34: pub hero!; +603|6652|the land of bourbon

how do you access the site? over a wireless connection with cached credentials? if so, it would take mere minutes to steal your logon info.

Last edited by steelie34 (2008-05-13 11:49:37)

https://bf3s.com/sigs/36e1d9e36ae924048a933db90fb05bb247fe315e.png

2008-05-13 11:51:19

#7

Toilet Sex: one love, one pig; +1,775|6842

steelie34 wrote:
how do you access the site? over a wireless connection with cached credentials? if so, it would take mere minutes to steal your logon info.

Yeah, but what about someone outside the network? This was 100% someone outside my network.

♥

2008-05-13 11:54:56

#8

steelie34: pub hero!; +603|6652|the land of bourbon

remember all traffic sent over wireless can be captured by a sniffer inside the range of the router. it's then up to your wireless security for protection. WEP fails btw...

what makes you certain they were "outside" the network?

Last edited by steelie34 (2008-05-13 11:55:47)

2008-05-13 12:00:14

#9

Toilet Sex: one love, one pig; +1,775|6842

The things leaked out of our moderator forums are on another board (screenshots) which has happened to many others with InvisionFree boards. The reason the admin thinks it's my account is because although I don't have mod powers in the hidden forum, but we can edit our own posts and no one elses. The kid who took the screenshot, the one who's using my account, left a line of pixels of the edit button which should only be visible to me.

But this has happened around the InvisionFree network and has been for a while. I'm positive it's not someone with a laptop outside.

Last edited by Toilet Sex (2008-05-13 12:00:53)

♥

2008-05-13 12:03:04

#10

steelie34: pub hero!; +603|6652|the land of bourbon

well, the only real solution on your end is to change your password. if this person is making use of an exploit against invisionfree, the admins need to clamp down on the security and start logging access attempts to see if someone is brute-forcing or gaining unauthorized access. and tell them to suck a fat one for being dicks (its like they are blaming you for their failed security.) its not like you just gave your password to someone...

Last edited by steelie34 (2008-05-13 12:05:27)

2008-05-13 12:06:16

#11

Toilet Sex: one love, one pig; +1,775|6842

Yeah, my password's been changed, but I was just worried that if they could steal my password for one site, how safe are others? If it's an exploit then that's fine, the InvisionFree guys are the only ones who can fix it and I believe it's regularly patched but not 100% sure.

Thanks for the help, hopefully it's an exploit of IF.

♥

2008-05-13 12:13:21

#12

steelie34: pub hero!; +603|6652|the land of bourbon

the usual anti-virus/spyware scans should point out anything sketchy on your side. if you are really paranoid you can always run rootkit revealer, to find any truly dangerous remote access to your computer. if someone has compromised your PC, and is stealing your password and going after information relevant to their interests, it indicates that this would not be your typical virus or spyware, but instead a targeted attempt specifically against you. chances are pretty small (unless you can think of anyone who has it out for you) considering most hackers of that skill will go after financial gains, not just forum bs. have fun!

Last edited by steelie34 (2008-05-13 12:22:40)

2008-05-13 12:20:34

#13

Toilet Sex: one love, one pig; +1,775|6842

Thanks, done an Ad-Aware scan which just turned up what looked like nothing of interested, AVG scan almost done now. I'll try your suggestion too, because I want to be sure.

Thanks for the info again. We know who's doing it, and they're still in school, so it's most likely just script kids. Still, I want to be sure it isn't that.

♥

2008-05-13 14:00:24

#14

utchin: Member; +8|6185

Toilet Sex wrote:
I'm not certain they did, but stuff is being leaked out (of hidden forums) by someone with either a cracked password or an exploit with InvisionFree/IPB 1.3. I was told by an admin that it's likely to be my account.

So your saying you are on a forum and someone within the forum has access to a hidden forum which they shoundt have, and the admin has a theory its your account, somehow. ???

2008-05-13 14:47:42

#15

Toilet Sex: one love, one pig; +1,775|6842

I'll try to explain it simply because it's confusing (obviously) for someone not involved but:

I'm a moderator at the biggest forum on InvisionFree

Biggest forum = a lot of banned members, it's these causing the trouble. The board the leaked screenshots originated on is run by some of them

They're using either an exploit or something to get into my account (and maybe others) who are mods and take screenshots of the hidden forums where the moderators/admins discuss things we don't want members to see and such.

Moderators (except global mods) can't edit anyone else's posts in the hidden forums but their own, and like here it shows an 'edit' button.
The people who took the screenshit didn't hide the edit button well, and the screenshot was of one of my posts. So, it's more than likely it was my account.

I say I'm not certain because global moderators can edit posts in there so would see the edit button too.

Hopefully you can follow that an it makes sense.

Last edited by Toilet Sex (2008-05-13 14:48:37)

♥

2008-05-13 14:51:10

#16

utchin: Member; +8|6185

yeah i see what you mean, only thing you can do is see they have last logged in IP which might show theirs instead of yours..

I understand, I work with forum scripts

2008-05-13 15:19:56

#17

(T)eflon(S)hadow: R.I.P. Neda; +456|7100|Grapevine, TX

What OS is the server running UNIX or Windows?

ideas...
brute force hack
packet sniffer
weak passwords

2008-05-13 16:09:52

#18

CrazeD: Member; +368|6944|Maine

(T)eflon(S)hadow wrote:
What OS is the server running UNIX or Windows?

ideas...
brute force hack
packet sniffer
weak passwords

There's no way you're going to brute force a random 19 character password. That would take years to crack.

2008-05-13 19:15:47

#19

steelie34: pub hero!; +603|6652|the land of bourbon

CrazeD wrote:
(T)eflon(S)hadow wrote:
What OS is the server running UNIX or Windows?

ideas...
brute force hack
packet sniffer
weak passwords
There's no way you're going to brute force a random 19 character password. That would take years to crack.

unless the hacker stole the hash, and used a rainbow table to crack it. would take minutes. (please mods no AWMs, this is as vague as i can get...)

2008-05-13 21:01:59

#20

CrazeD: Member; +368|6944|Maine

steelie34 wrote:
CrazeD wrote:
(T)eflon(S)hadow wrote:
What OS is the server running UNIX or Windows?

ideas...
brute force hack
packet sniffer
weak passwords
There's no way you're going to brute force a random 19 character password. That would take years to crack.
unless the hacker stole the hash, and used a rainbow table to crack it. would take minutes. (please mods no AWMs, this is as vague as i can get...)

Provided that the hash is IN the rainbow table. A randomly generated password won't be.

2008-05-14 03:04:15

#21

De_Jappe: Triarii; +432|6798|Belgium

CrazeD wrote:
steelie34 wrote:
CrazeD wrote:

There's no way you're going to brute force a random 19 character password. That would take years to crack.
unless the hacker stole the hash, and used a rainbow table to crack it. would take minutes. (please mods no AWMs, this is as vague as i can get...)
Provided that the hash is IN the rainbow table. A randomly generated password won't be.

That depends on the type of protection they are using. If it's a MD5 hash or older, even a 19 char can be bruteforced relative fast.

2008-05-14 05:25:53

#22

steelie34: pub hero!; +603|6652|the land of bourbon

CrazeD wrote:
steelie34 wrote:
CrazeD wrote:
There's no way you're going to brute force a random 19 character password. That would take years to crack.
unless the hacker stole the hash, and used a rainbow table to crack it. would take minutes. (please mods no AWMs, this is as vague as i can get...)
Provided that the hash is IN the rainbow table. A randomly generated password won't be.

i see you're not familiar with a rainbow table? a randomly generated password would absolutely be in the table. i didn't say dictionary attack, i said rainbow table, which is a precomputed list of all possible hashes for a given character set and length. length helps defeat rainbow methods (but not very well), but a random password of just lowercase letters is just as vulnerable as a real word with just lowercase letters. salting the hash before the exchange is the only true way to protect a hash, but if the hash was harvested from a user's computer, there won't be a salt applied to it.

Last edited by steelie34 (2008-05-14 05:32:35)

2008-05-14 12:48:52

#23

CrazeD: Member; +368|6944|Maine

steelie34 wrote:
CrazeD wrote:
steelie34 wrote:

unless the hacker stole the hash, and used a rainbow table to crack it. would take minutes. (please mods no AWMs, this is as vague as i can get...)
Provided that the hash is IN the rainbow table. A randomly generated password won't be.
i see you're not familiar with a rainbow table? a randomly generated password would absolutely be in the table. i didn't say dictionary attack, i said rainbow table, which is a precomputed list of all possible hashes for a given character set and length. length helps defeat rainbow methods (but not very well), but a random password of just lowercase letters is just as vulnerable as a real word with just lowercase letters. salting the hash before the exchange is the only true way to protect a hash, but if the hash was harvested from a user's computer, there won't be a salt applied to it.

Ah, okay then. I thought a rainbow table was a list of hashes that just cross-referenced. Good to know.

Still though, with good encryption methods (such as that of IPB) it's still very hard to obtain.

And no, you cannot bruteforce a 19 character password with such combinations of characters. There are simply way too many possible combinations, it would take a LOOOOOOOOOOOOOOONG time.

2008-05-14 13:51:13

#24

steelie34: pub hero!; +603|6652|the land of bourbon

CrazeD wrote:
steelie34 wrote:
CrazeD wrote:

Provided that the hash is IN the rainbow table. A randomly generated password won't be.
i see you're not familiar with a rainbow table? a randomly generated password would absolutely be in the table. i didn't say dictionary attack, i said rainbow table, which is a precomputed list of all possible hashes for a given character set and length. length helps defeat rainbow methods (but not very well), but a random password of just lowercase letters is just as vulnerable as a real word with just lowercase letters. salting the hash before the exchange is the only true way to protect a hash, but if the hash was harvested from a user's computer, there won't be a salt applied to it.
Ah, okay then. I thought a rainbow table was a list of hashes that just cross-referenced. Good to know.

Still though, with good encryption methods (such as that of IPB) it's still very hard to obtain.

And no, you cannot bruteforce a 19 character password with such combinations of characters. There are simply way too many possible combinations, it would take a LOOOOOOOOOOOOOOONG time.

im not sure if you are agreeing with me about rainbow methods or not, but i'll explain in detail at the risk of AWMs and post deletion. the whole idea behind the process is a time/memory tradeoff. once you've compiled a rainbow table, you have basically computed every possible hash of every possible combination of characters. it takes a long time to compute a rainbow table, and the size is rather large depending on how many characters you want to create the table for (some are 80+ GBs) but once that has been done, all you need to do is obtain a hash, cross-reference the table, and bingo! you have a cracked password. so regardless of how random your 19 character password is, the table would already contain every hash that the password could possibly be. the combination of characters is moot, it would merely take as long as it takes the computer to find the matching, pre-decoded hash in the table, which is usually minutes.

BF2S Forums Passwords and stuff

Toilet Sex wrote:

utchin wrote:

steelie34 wrote:

Toilet Sex wrote:

(T)eflon(S)hadow wrote:

CrazeD wrote:

(T)eflon(S)hadow wrote:

steelie34 wrote:

CrazeD wrote:

(T)eflon(S)hadow wrote:

CrazeD wrote:

steelie34 wrote:

CrazeD wrote:

CrazeD wrote:

steelie34 wrote:

CrazeD wrote:

steelie34 wrote:

CrazeD wrote:

steelie34 wrote:

CrazeD wrote:

steelie34 wrote:

CrazeD wrote:

Board footer