How to hack EQdkp database for accounts

[Yo Dawg]

i have the backup file, but the guide on the other link does not tell me how to get the hashes. The file just gives me numbers like 1126056609

In front of the mailadresses are the hashes, they got 32 Numbers like ea323b15d25c199e8e2038907ddf7b66. Decode these and you get passwords.

[Cryptoz]

When I open my cmd it already has things typed in, like C:\Documents and Settings\(my name here)>. Where do I add the data.pl and does the site come right after or is there a space between?

[Propellerhead]

hi there, hm I am quite ashamed that I am now registered for nearly a year and did not even post a single reply or anything. (zomfg olol teh leecher ...6)

,btt: I setup everything yesterday, and after screwing some us gmail accs, I tried this here to get some EU ones. germans du be honest. Everything works quite well in theory but the 1.3.1 spoof method does only work for me in 1 of 10 pages. Most of them give me a "You are not logged in" msg after spoofing to the "greypage" and hitting backup.

Am I doing something wrong or are some eqdkp 1.3.1 patched and some not?

sry for my overleecherness_

EDIT: I worked through I think ~30 dkp sites now with firefox spoofer and got about 5 dbs. 1 BTclear, 1?, 3 Oldschools with progress in BC

Just for people new to this whole db hacking thing, if you ask you self "How much potential does this have?" or "Isn't markedragon scaming easier and faster". I tell you WHAT THE **** this shit has the potential to hack half of all accs there are. Understand, Try, Own.

[baichii]

Awesome guide got it to work almost -.-, just that i get
C:\usr>data.pl Sacred DKP: Member Standings
-------------------------------------------------------------------------
EQdkp <= 1.3.2 SQL Injection Exploit
-------------------------------------------------------------------------
[+] Admin User : Cade

[-] Unable to retrieve admin hash...
[+] Admin SessionID : Cade

any idea why i dont get the hash ? +rep when i can

[bobbully]

so is this method still good or not?

[Yo Dawg]

Awesome guide got it to work almost -.-, just that i get
C:usr>data.pl Sacred DKP: Member Standings
-------------------------------------------------------------------------
EQdkp <= 1.3.2 SQL Injection Exploit
-------------------------------------------------------------------------
[+] Admin User : Cade

[-] Unable to retrieve admin hash...
[+] Admin SessionID : Cade

any idea why i dont get the hash ? +rep when i can

Because they updated their site, it won´t work there.
You see the username because he´s online.

When I open my cmd it already has things typed in, like Cocuments and Settings(my name here)>. Where do I add the data.pl and does the site come right after or is there a space between?

Just type cd C:\usr\ or w/e path u use.
After that "data.pl site" with a space between.

[DeMoN]

yes this method works, but is old (about a year or more), chance of success is about 1 in 20...maybe higher this is not the only type of exploit like this...it is just a simple sql injection...theoretically it is possible to hack the site by just knowing the admin account name by intercepting the packet & editing the field requests in the form befor returning...there are tons of scripts on POC's over at milw0rm - exploits : vulnerabilities : videos : papers : shellcode or any of the other security sites...

this guide is more of a super noobs introduction to sql injection with a small reward for practice and patience. do not expect that this will work 100% of the time or that you will get tons of crazy accounts out of this...chances on cracking a 8 digit alphanumeric md5 hash with the current largest rainbow tables is about 43-47% next to none if the hash is salted and you dont know the salt. (a salt is where a phrase is added to all passes before they are hashed thus giving it a different value then its unsalted counterpart.)

in the end this is terrific fun and a real thrill when you succeed.

@Cryptoz - easiest thing to do is put your data.pl in C:\ then when you open up cmd type cd/ it will take you to c:\ in the console...

-DeMoN

[brayden]

Thanks +rep

[Yo Dawg]

Yes, this is good to find access to the harder things.

[Despara]

help when i go into CMD and type data.pl it says data.pl did not get reconised as a program or a batchfile

[Hofan]

@despara: you need apache and pearl installed and if you haven't already made the data.pl file you'll need to make that (copy n pasting the code into a txt file and saving it as a .pl) then put it somewhere (C:\)

*edit* saw your post in my thread: well you got to make sure you get the right files for vista installed (I think the only file that varies is apache for vista) and also if you are having problems with the installation of apache check my thread it has a couple tips on how to get past some of the problems that may come up.

[Despara]

.[/COLOR][/QUOTE]
*edit* saw your post in my thread: well you got to make sure you get the right files for vista installed (I think the only file that varies is apache for vista) and also if you are having problems with the installation of apache check my thread it has a couple tips on how to get past some of the problems that may come up.[/COLOR][/QUOTE]




well its more the Pearl wich is the problems when i install it says some error when i finnish it

[Hofan]

can you give me the error you're getting? and if youre using vista are you sure youre downloading the x64 version of perl?

[Despara]

might be because im downloading the wrong version let me try and see

[Despara]

ActivePerl-5.10.0.1003-MSWin32-x64-285500.msi i need to download that one?