arrow_upward

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Is it possible for hackers to identify accounts by password?
#1
I've got a question to the experts here on password detection. We've heard of successful hack-ins in large corporations where passwords have been compromised. So OK let's say they now have a password, would the hackers be able to track all of the accounts that are connected with the password or only the account of the corporation that they hacked into?
Terminal
Thank you to Post4VPS and VirMach for my awesome VPS 9!  
#2
Generally passwords are not stored in plaintext (if they are stored in plaintext then delete your account from that website). Usually the password dumps that occur are just password dumps. Usernames are not dumped.
If you look the at database of a generic CMS, the username is linked to a password that is stored in a different table. The password itself is not stored rather a hashed form of the password (sha2) is stored.
If the hacker managed to get a database dump then he will be able to access each username as well using reverse mapping (each username has 1 password). This is the generic way of doing stuff and varies from 1 implementation to the other
But generally speaking without a database dump it will be hard for a hacker to map all passwords to every username.
But given a username it will be very easy to brute force a login.
#3
(07-12-2019, 08:00 AM)Kingpin007 Wrote: Generally passwords are not stored in plaintext (if they are stored in plaintext then delete your account from that website). Usually the password dumps that occur are just password dumps. Usernames are not dumped.
If you look the at database of a generic CMS, the username is linked to a password that is stored in a different table. The password itself is not stored rather a hashed form of the password (sha2) is stored.
If the hacker managed to get a database dump then he will be able to access each username as well using reverse mapping (each username has 1 password). This is the generic way of doing stuff and varies from 1 implementation to the other
But generally speaking without a database dump it will be hard for a hacker to map all passwords to every username.
But given a username it will be very easy to brute force a login.


They can technically bruteforce it by reverse engineering the hash process (which is easier if you already hacked the website and have the access to source code ) and hash the plaintext password and then fond it in database
Terminal
humanpuff69@FPAX:~$ Thanks To Shadow Hosting And Post4VPS for VPS 5
#4
Well fortunately my user name is completely different. But I'm in the process anyway of changing the compromised password in all of the accounts as I come across them. There are quite a few of them.

I guess there is something to say for changing one's passwords regularly. Particularly the sensitive accounts.
Terminal
Thank you to Post4VPS and VirMach for my awesome VPS 9!  
#5
Well, there can be scenarios. Let's begin.

Let's say you have a password "ilovemypotato011". And as a hacker, you want to check how many accounts are being used with this password. So in order to accomplish your mission, there are two possible ways you can do it. (that's how much I figured out). The two ways are as follows:-

1)The hacker(you), must have access to the database.
2)The website must be vulnerable to SQLi in order to run queries and strings included in it via URL parameters.

So for this scenario, you have the database access(won't take point two because it would be too complicated to explain). Now in order to find all the usernames/emails/login ids which use "ilovemypotato011" as their password, you would need to run a query on the database.

But as @Kingpin007 mentioned above, the passwords are encrypted. So we'll dump all data in the "users" column and check for passwords. As they're hashed, we'll have to detect the hash type by your own skill or let the tool do it for you. https://www.tunnelsup.com/hash-analyzer/.
Let's say all the passwords are in MD5 form. Now you would need to run up a lookup of password with "ilovemypotato011" into the database. How would you do that if the password we have is in plain text? Well, you guessed it right(or may not). Hash/encrypt the plain text in MD5 form using an online tool. We'll use ShadowCrypt MD5 encryptor. 


For the password "ilovemypotato011", the salt is "9e79b7aa6a12e41faa58beacf8b73026". So we will need to run a query into the database which matches the value of the row with "9e79b7aa6a12e41faa58beacf8b73026". To do so, run this query.

SELECT * FROM user_table WHERE password = 9e79b7aa6a12e41faa58beacf8b73026; 

Now you will have a list of all data matching with the password "9e79b7aa6a12e41faa58beacf8b73026". With this, you will have a list of all usernames/email/user ids you wanted.

Thank you for reading this Smile

PS - There might be possible grammar and syntax errors and I apologize for it. I'm not an expert hacker, just found a way you can do it. Suggestions and edits are welcomed.
Premium Web Hosting | ShadowCrypt | Manal Shaikh Official Website
If you find my post/thread useful, you're supposed to +rep me. 


Possibly Related Threads…
Thread
Author
Replies
Views
Last Post
2,989
07-05-2019, 04:45 PM
Last Post: deanhills

person_pin_circle Users browsing this thread: 2 Guest(s)
Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting