The sha1(lowercase_username.password_guess) is at least supported by these:
- There's a lot of userids/password hashes in the carders_smf_members table that did not appear in the write-up.
- The MD5 hash is salted, but at least the salt is also available in the carders_smf_members table. The hash itself is a vBulletin3 hash type, MD5(MD5(Password).Salt). Both John the Ripper and Hashcat support this hash type.
- I'm not sure if the IP addresses stored in the table are accurate or not, since it looks like the site admins tried to obscure it in the webserver logs, but if they are, the database stores the last two ip addresses used.
- Other interesting fields include date joined, number of posts, karma level, last login date, etc.
- The above doesn't even begin to get into all of the data contained in the actual posts themselves...
Another interesting factoid:
Last MD5 password: 2010-01-10 21:54:01
First SHA1 password: 2010-01-10 22:40:16
So it was on January 10, 2010, later in the evening (in CDT) that they upgraded from vBulletin 3 to SMF.
*shrug* the more you know!