0

I have a website that uses an "in-house" cms and I don't know the login details. The platform itself doesn't have the "reset your password" functionality. I do have access to ftp and phmyadmin and I found the SQL table containing the user details, but of course the password is MD5 encryption. I tried manually creating a user in php my admin and filling in a password encrypted in MD5 (used a md service online for that), but it still doesn't work. Does anybody know other tricks I can use?

pb2q
  • 58,613
  • 19
  • 146
  • 147
user1741615
  • 11
  • 1

3 Answers3

0

you can md5('your_pass') for an existing user in user table but are you sure password is md5 encrypted?

simply-put
  • 1,068
  • 1
  • 11
  • 20
  • Well, when I use an online md5 encryption service it spits out a similar string and equal in length with what I see in the database. The table only has one user and I have no idea of the original password. – user1741615 Oct 12 '12 at 15:38
  • thats why i am saying that you can try to reset that one user password via phpmyadmin first copy original password in a text file – simply-put Oct 12 '12 at 15:39
  • I tried creating another user by duplicating the first user entry inside the Db table. That didn't work. I think lynks is right. There can be more added to the md5 encryption. I will also try your idea though. – user1741615 Oct 12 '12 at 16:23
  • yes salt may be added to password thats y i asked you that you are sure or not? looking at code will help you mostly salts are kept in config file where you can easily check if its using or not – simply-put Oct 12 '12 at 16:28
0

If you have FTP access you can look at the app sources, and see how they store and check passwords. Then you can see how it stores and verifies passwords and update database table accordingly.

Or, you can turn bypass the authentication altogether.

che
  • 12,097
  • 7
  • 42
  • 71
0

You need to look at the CMS source. There will likely be some kind of salting/other process involved in hashing the passwords. A quick glance at the source will tell you everything you need to know to generate your own password. Guessing that its undecorated MD5 is a longshot...

lynks
  • 5,599
  • 6
  • 23
  • 42
  • I found this in config.php: define('SALT_LENGTH', 10); . Not sure what SALT_LENGTH does however. – user1741615 Oct 12 '12 at 16:22
  • run a `find | xargs grep -s "SALT_LENGTH"` to find which lines of which files use that constant. it's just a case of tracking down *how* passwords are generated/verified. – lynks Oct 12 '12 at 16:31
  • Is there anyway to remove that SALT_LENGTH function so that I can add manually a user with a standard MD5 encrypted password ? I found this: if ($row['password'] === $this->passwordHash($pass, substr($row['password'], 0, SALT_LENGTH))) { ... and then it logs in, sets cookies, etc. – user1741615 Oct 12 '12 at 16:53
  • you could just change that line to `if(true) {` for a few moments while you login and change the password... – lynks Oct 12 '12 at 17:00