Sup forum scrubs
I'm back for 1 post
. Anyway, if he had ANY read access to the PVPGN DB (either his own, or war2ru) there is a very well known hash reversal tool that can be used to decrypt ANY pw in that DB and it will take less than 1sec to decrypt even a 128 character pw. The problem is with PVPGN's attempt to recreate the wheel (AKA they tried to make their own a pw hash rather than use an industry standard one like 99% of all other apps) because it has a bug in it that has NEVER been fixed. As someone who has done this myself, I can say without certainty that what I've read here, he likely has everyone's pw. He'll continue to be a pain for many years to come as the DB has many inactive accounts that will not have their pw's reset for quite some time. As for why he's not using administrative accounts, there is only 1 reason. He thought he was being stealthy and didnt want it to be obvious that he had the DB and was decrypting pw's. He knows that once the SQL injection is fixed, he'll lose access to it. First order of business should be to check the website's DB, the game's DB, and all the files on the server for anything that looks like a PHP shell or runs a query.
For those that dont believe a word I say......
http://www.tobtu.com/revxsha1.php <--- this is all you need to read to know that he likely has the entire user db and is simply using this website to decrypt them one or even 10 at a time. It's childs play to take this guy's work and make your own mass decrypting tool. I've done it, so can anyone else.
BTW, until his access to the DB is cut, no amount of changing pw's on anyones account is going to stop him from using them. I did a quick check of the ladder site and the SQL injection vulns that use to be there are not there now. I do not know when they were patched but they existed for a very very long time. I suspect he may be using game names OR map names as the injection point. If game names are not sanitized, it's completely possible that the server could run any code in it. Did any of his games begin with a ' or perhaps <?php or something of that nature? Map names maybe? All of those are possible SQL injection vector points. Actually any user input is subject to that which includes game names, map names, passwords, usernames, or any combination of them. There is also the WP site itself as well. I havent looked at the game logs myself so IDK what maps he was playing or the game names. So these are just some best guesses atm. I dont read these forums very often right now, been pretty busy lately, but mousetopher said I should read the forums and now I see why
