habohut forums hacked

Printable View

01-07-2009, 10:27 PM
Pyroka

habohut forums hacked

basically if you had a username with the same pw as your habbo on habbohut forums then best changhe it, just got this through from habbohut:

Quote:

GG HabboHut,

Owned by the JpK crew.

- Forum has been mysql injected
- administration has been logged
- forum database has been downloaded

GG

[JpK];;

FOR THE LULZ. i dont think anyone goes on habbohut so like what the hell lol. AND IT IS NEWS CUZ... NOBODY KNEW

Edited by Catzsy [Forum Super Moderator]: Moved from Habbo News to Habbo in General as it not actual news about the hotel. Thanks.
02-07-2009, 12:35 AM
Kieeran

habbohut was big like 4 years ago its not as big as it used to be i didnt even know it had a forum
02-07-2009, 12:40 AM
Common

Yeah the forums pretty dead beat anyway, but its a damn shame.
02-07-2009, 12:43 AM
Immenseman

didnt even know it was still open, lol.
02-07-2009, 01:48 AM
lick

yeah thought they closed last year lol?
02-07-2009, 05:37 AM
Ardemax

hackers r so cool these days
02-07-2009, 08:00 AM
user130523

habbohut is open? lmao
02-07-2009, 08:58 AM
Kyle

oh well everyone on there was obnoxious anyway
02-07-2009, 09:41 AM
Axed

Oh bless their cotton socks.

Quote:

Originally Posted by hackers

- Forum has been mysql injected
- administration has been logged
- forum database has been downloaded

vBulletin has no exploit in which you can MySQL inject, unless HabboHut have coded some rubbish. system which went vulnerable. Administration has been logged? The only way you can keylog through a website, is keylog the login box - which would mean, it's not the Administration being logged, it's the whole of the website's login? Forum Database, whoop de doop. They can do nothing with the database, due to the fact all your passwords are encrypted and they seem too nooby to decrypt passwords. :eusa_danc

My guess is, they somehow got access to the website (maybe an exploit on the actual fansite, not the forum) or something, uploaded a shell and kept it there. Went on the shell, got the configuration details, entered the MySQL password, made their user administrator and 'hack' the Forums. JpK? They're not hackers. SIMPLE.
Exploiting is not the same as hacking, idiots.
02-07-2009, 09:51 AM
Jxhn

Quote:

Originally Posted by Axed

Oh bless their cotton socks.

vBulletin has no exploit in which you can MySQL inject, unless HabboHut have coded some rubbish. system which went vulnerable. Administration has been logged? The only way you can keylog through a website, is keylog the login box - which would mean, it's not the Administration being logged, it's the whole of the website's login? Forum Database, whoop de doop. They can do nothing with the database, due to the fact all your passwords are encrypted and they seem too nooby to decrypt passwords. :eusa_danc

My guess is, they somehow got access to the website (maybe an exploit on the actual fansite, not the forum) or something, uploaded a shell and kept it there. Went on the shell, got the configuration details, entered the MySQL password, made their user administrator and 'hack' the Forums. JpK? They're not hackers. SIMPLE.
Exploiting is not the same as hacking, idiots.

Hacking is a loose term for many things today, including social engineering which is how access to the site was obtained.
02-07-2009, 10:00 AM
Axed

Quote:

Originally Posted by Jxhn

Hacking is a loose term for many things today, including social engineering which is how access to the site was obtained.

Lol. Are the Management that stupid to be fooled by Social Engineering?