arrow_upward

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Is it possible for hackers to identify accounts by password?
#3
(07-12-2019, 08:00 AM)Kingpin007 Wrote: Generally passwords are not stored in plaintext (if they are stored in plaintext then delete your account from that website). Usually the password dumps that occur are just password dumps. Usernames are not dumped.
If you look the at database of a generic CMS, the username is linked to a password that is stored in a different table. The password itself is not stored rather a hashed form of the password (sha2) is stored.
If the hacker managed to get a database dump then he will be able to access each username as well using reverse mapping (each username has 1 password). This is the generic way of doing stuff and varies from 1 implementation to the other
But generally speaking without a database dump it will be hard for a hacker to map all passwords to every username.
But given a username it will be very easy to brute force a login.


They can technically bruteforce it by reverse engineering the hash process (which is easier if you already hacked the website and have the access to source code ) and hash the plaintext password and then fond it in database
Terminal
humanpuff69@FPAX:~$ Thanks To Shadow Hosting And Post4VPS for VPS 5


Messages In This Thread
RE: Is it possible for hackers to identify accounts by password? - by humanpuff69 - 07-12-2019, 10:27 AM

Possibly Related Threads…
Thread
Author
Replies
Views
Last Post
2,990
07-05-2019, 04:45 PM
Last Post: deanhills

person_pin_circle Users browsing this thread: 1 Guest(s)
Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting