HDBits Bitmetv exploit

**Sentient** · 02-28-2007, 05:18 PM

Originally Posted by kalpesh

By Hdbits
In response to the random claim that we know all your passwords and can/will use them on bitmetv if you have the same password there, I would like to point out that the only trace of your password stored in the database is your passhash.
This is a 128bit md5 hash of your password and a 20 character long random string.
For those of you who that makes no sense to, it means all that is stored is something like 1055d3e698d289f2af8663725127bd4b....which cannot be reversed back into your password.

Yes, I already did it for one doubter here: https://filesharingtalk.com/vb3/p-ple...39/postcount22

Quote:
Originally Posted by zaguar

Really? So you've magically found a way to reverse the MD5 hashing process? If so, tell me what this string is: 1cbd3b9800b88f9cb98755e40a15c813 . Thanks.

It reverses to Liar. Found with the help of the first google hit on the search "reverse md5 hash": http://md5.benramsey.com/

On topic: I think a lot less of HDBits that they didn't come clean about what Valerio was doing.

**kayvanblue** · 02-28-2007, 05:29 PM

i hope it s not true

**maxpower76** · 03-01-2007, 12:09 AM

how do i found out about my hash password

**Melvinmeow** · 03-01-2007, 03:38 PM

Originally Posted by maxpower76

how do i found out about my hash password

You cant get what it is. Its only stored on the sites database itself it isnt shown to anyone for the most part unless they have db access.
Or if they find a exploit on the site like someone else who posted in this thread does to other sites.

BTW They were hacked by the clown in refrence. There was about 4 pages of logs to confirm what was said. I however will not repost anything said.
And in responce to the passhash comment I made a similiar statement in another thread about how easy that was about 2 days ago.

**Jaits** · 03-01-2007, 04:32 PM

Originally Posted by maxpower76

how do i found out about my hash password

if they dont use salting, from ur cookies... if they do its impossible to get the passhash from the cookie...

**tintin123** · 03-01-2007, 08:10 PM

why they do this? sounds daft

i have never had an account with them but do have lots of sites with same username

**maseunit** · 03-01-2007, 10:34 PM

Yeah sketchy

**Sentient** · 03-04-2007, 09:33 PM

New info I just happened upon on this. Matt865, an admin at x264 posted the following about the situation:

Originally Posted by Matt865

They may or may not store your passwords insecurely and use them, but what is true is that their admin Valerio (quoting him), "Made a rss feed for bitmetv so you can download stuff from there without an account." This caused a few members to loose their accounts there. [IMG]https://f******.net/pic/smilies/no.gif[/IMG]
I don't see why anyone should trust their word on security if the whole staff feels it is ok to exploit other sites in this way.

I lost my account at x264, so I don't know what they're saying on the site, but he seems to be one of the few admins anywhere in the torrent world to take a responsible position on this. Bitmetv went out of their way to push the news off their front page after only a day. FTN just locked the thread discussing this. HDBits itself refused to even admit any wrongdoing, let alone apologize and take responsibility.

To me, the only fair way to interpret this is that it's more important to most site staff to keep HDBits staff from looking bad than to protect users (and ultimately the integrity of their own tracker).

**RedRansom** · 09-17-2008, 05:08 PM

wtf?

**becomehokage** · 09-17-2008, 05:17 PM

I got an infraction once for bumping an old thread...And you know what? That was absolutely right and fair...You shouldnt bump ancient threads its just...pointless...

Thread: HDBits Bitmetv exploit

Thread Tools

Bookmarks

Bookmarks

Posting Permissions