07-12-2019, 10:27 AM
(07-12-2019, 08:00 AM)Kingpin007 Wrote: Generally passwords are not stored in plaintext (if they are stored in plaintext then delete your account from that website). Usually the password dumps that occur are just password dumps. Usernames are not dumped.
If you look the at database of a generic CMS, the username is linked to a password that is stored in a different table. The password itself is not stored rather a hashed form of the password (sha2) is stored.
If the hacker managed to get a database dump then he will be able to access each username as well using reverse mapping (each username has 1 password). This is the generic way of doing stuff and varies from 1 implementation to the other
But generally speaking without a database dump it will be hard for a hacker to map all passwords to every username.
But given a username it will be very easy to brute force a login.
They can technically bruteforce it by reverse engineering the hash process (which is easier if you already hacked the website and have the access to source code ) and hash the plaintext password and then fond it in database
humanpuff69@FPAX:~$ Thanks To Shadow Hosting And Post4VPS for VPS 5