Power Admin
+ Reply to Thread
Results 1 to 7 of 7

Thread: Social Engineering - using a forum

  1. #1
    Join Date
    Sep 2006
    Posts
    6

    Social Engineering - using a forum

    Hello. I've recently been looking at the phenomenom of hacking passwords from someone.

    I'm aware of the phishing method, but was wondering if it could be even simpler than that. If all you need is the password of this person, you could set up a forum somewhere where you are the administrator. It shouldn't be too difficult to anonymously or however, intrigue this person to go to this forum to read something important about them or someone else they know.
    They will sign up and likely you will have their main password now.

    I know you guys are the experts so I wanted your opinion and if you knew of any independent message ***rds that allow you to see the passwords and such.

  2. #2
    Join Date
    Sep 2005
    Posts
    2,050
    Quote Originally Posted by 607*
    Hello. I've recently been looking at the phenomenom of hacking passwords from someone.

    I'm aware of the phishing method, but was wondering if it could be even simpler than that. If all you need is the password of this person, you could set up a forum somewhere where you are the administrator. It shouldn't be too difficult to anonymously or however, intrigue this person to go to this forum to read something important about them or someone else they know.
    They will sign up and likely you will have their main password now.
    Yeah, this is a good method of stealing someone's password, providing they use the same password for everything and believe the trap.

    What you would do is sign up a free hosting account, install a forum on it, make the forum register-only, and then edit the main login script so it writes passwords to a file before authenticating them. Then simply tell people to register. OR, you could do things normally, download the forum database, and then crack the hashes (takes a long time).

    The problem is that a lot of people (I for one) use different passwords on almost every website they use.

    But yeah, it is a dangerously easy way to steal passwords if they use their 'main' password on the forum. People overlook the risks of entering their password into an unknown site if it is a friendly vbulletin, IPB, or phpbb forum.

    Note: This can't be done with invisionfree or any other forum-only service. You have to have real ftp access.

    I know you guys are the experts so I wanted your opinion and if you knew of any independent message ***rds that allow you to see the passwords and such.
    No forums are going to be pre-made to allow passwords to be viewed. But it would be easy to modify the script to write all passwords to a file - all it takes is a couple lines of php.

  3. #3
    Join Date
    Sep 2006
    Posts
    6
    I did some searching. The VBulletin message ***rd has a mod someone made that allows the administrator to see the password. That is a fee based service, though.

    So I found yabb.com. The first version simply allowed the admin to see all the passwords. I haven't got it entirely uploaded yet. The free web hosts are making it very difficult on me to use an FTP manager, although I'd never used one before this, I think they're making it worse.

    I'm thinking you could make a mod that tells the user to use their .NET passport user and password. Though it's bullshit, once they register, it doesn't matter. You've got what you wanted.

  4. #4
    Join Date
    Sep 2005
    Posts
    2,050
    Quote Originally Posted by 607*
    I did some searching. The VBulletin message ***rd has a mod someone made that allows the administrator to see the password. That is a fee based service, though.

    So I found yabb.com. The first version simply allowed the admin to see all the passwords. I haven't got it entirely uploaded yet. The free web hosts are making it very difficult on me to use an FTP manager, although I'd never used one before this, I think they're making it worse.

    I'm thinking you could make a mod that tells the user to use their .NET passport user and password. Though it's bullshit, once they register, it doesn't matter. You've got what you wanted.
    Why install a mod to do this? All you've got to do is add a few lines of code and usernames + passwords can be logged.

    Also, you will need a php/perl/cgi host for forums to operate. Crappy hosts like freewebs are not good enough.

  5. #5
    Join Date
    Aug 2006
    Posts
    233

    Cool if i may!

    the idea of the forum is a good one,just install a link from the registration obligating registers to clink(download) a nice keylogger.
    just my 2cents.

  6. #6
    Join Date
    Sep 2006
    Posts
    6
    Quote Originally Posted by mike*0*
    Why install a mod to do this? All you've got to do is add a few lines of code and usernames + passwords can be logged.

    Also, you will need a php/perl/cgi host for forums to operate. Crappy hosts like freewebs are not good enough.
    What would this code be or where could I find out how to write it?
    It's just a simple yabb message ***rd. But I don't know how to do this yet.

  7. #7
    Join Date
    Sep 2006
    Posts
    6
    Nevermind. The earlier version of this ***rd is so fucking weak. Just viewing the source code displays the password. Unbelievable.

+ Reply to Thread

Similar Threads

  1. Top Social Media Profiles Research
    By lextimmulty in forum General discussion
    Replies: 0
    Last Post: 08-24-2012, 08:07 AM
  2. Successful Ways of Social Engineering?
    By trickytap in forum Internet Privacy
    Replies: 10
    Last Post: 04-26-2007, 01:44 PM
  3. Social engeneering Explained.
    By carlo in forum Internet Privacy
    Replies: 0
    Last Post: 10-24-2005, 08:34 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts