Cracking Wapdesire V2 Simple Md5 Passwords !!!!!!!!

u probably using password logs

btw dnt b cnfident dat ur nt prone 2 any forms of hacking. think out of da box.

i dont use any kind of logs

Based on wat u post. hirs my conclu.. 1. sHELL 2. sqli 3. pw logs stil thnk isnt it? sort it out ya slf

are you properly salting your session id ??
Md5 is a one way hash and there is no such md5 decrypter which has the complete database of md5 hashed words ever typed by humans, bots etc
You are either having password logs , or somebody is initiating a javascript on your main page in order to get passwords.

no i have protected all kind of injections,sid hack(auto logout if ip change),no logs of pass,
md5 is decodable,search on google(simple passwords only)
how can he query then?

You still not scured it not at all pmpl lmao lmao


You forgotten images link and avatar's you think ppl are stupid not to use hotlinks to there server when a user looks boom i have your md5 *sid*

yeah...thers still a chance to get password.hotlinking image.

no, it is NOT decodable
md5 hash can be cracked ONLY,
which is NOT the same

yes,it is crackable.hacker does not get my pass.because its hard pass and it is not in someone's md5 cracker database...

*******hacker said that he is injecting me.*****
but i have already used this injection replacer:

foreach($_REQUEST as $key => $value) {
$value=mysql_real_escape_string($value);
$$key=$value;
}

foreach($_GET as $key => $value) {
$value=mysql_real_escape_string($value);
$_GET[$key]=$value;
}

foreach($_POST as $key => $value) {
$value=mysql_real_escape_string($value);
$_POST[$key]=$value;
}


still how can he inject me????????????

can you post your site link ? also do you you allow external links for download or images ? does your site allow iframe etc tag ? they could use send hidden image links by inbox mail system and it work like hotlinks and they save your all link log and then crack your md5 i am not familiar with script also they might inject by changing user agent and put string in it which update data in like cross site scripting etc

1. md5 is a one way hashing algorythm, there is a max of a 32 character combinations with a infinate number of possibile strings to encode, therefore decoding or cracking it back from the hash is impossible. Simple, theres no grey area, as long as you use a decent password a dictonary or brute force attack that encodes strings to md5 and compares for a result will not work. Use a random salt containing all the possible character types (or even binary/hex/oct data as theres ararely anyone that does brute force containing these) and using any method will be frtless. Rainbox tables contain millions of records, and lot work by user input (you go to a website and type in your password to copy and paste the hash and they will store that encryption for a rainbox table) so dont ever do that.

2. without seeing your site and having a little mess myself i couldnt say, maybe your file uploader allows scripts to be uploaded and run (mind you hacking a password would be the bottom of his fun list if he did it that way), or maybe your file containing your database details can be accessed somehow. Or maybe that code is useless or not working somewhere

hai djlee and Gill,

my site is Dhakawap.com
will u plz see my site ?
i am really in tense for this
the hacker can hack any of my staff's pass

i dont know really how the hacker is cracking or getting in my db!

do you know the username of the user who is doing it