PDA

View Full Version : Is there a hack to let me see users passwords


jambo310
11-15-2007, 05:06 PM
And if so were can I find it

deezelpope
11-15-2007, 05:20 PM
<i>Nope, I believe passwords are encrypted in the database.</i>

Andrew Green
11-15-2007, 05:27 PM
They are encrypted, and I think that's a good thing. I imagine most users use the same password for most of there accounts, and personally, I'd rather admins on all the boards I've signed up on not be able to get my password.

Opserty
11-15-2007, 05:39 PM
Why would you want to do such a thing anyway?

Analogpoint
11-15-2007, 08:51 PM
I would suggest closing this thread, since the OP is requesting information to commit an "unethical act" :)

Paul M
11-15-2007, 10:49 PM
You have no evidence of what he intends to do ;)

The answer however is no, it can't be done.

deezelpope
11-15-2007, 10:50 PM
Didn't I already say that?;):D

Paul M
11-15-2007, 10:51 PM
Not if I choose to remove your post :p

deezelpope
11-15-2007, 10:53 PM
HEY...lmao...you're sassy!:Dhttps://vborg.vbsupport.ru/external/2007/11/19.gif

Nickbe
11-15-2007, 10:54 PM
I disagree Paul M, everything can be done, you just got to know how.

Paul M
11-15-2007, 10:58 PM
You can disagree all you want, but you still can't display something that does not exist.

Awjvail
11-15-2007, 11:04 PM
you could probably remove all encryption from every page which is effected by encryption and then newly registered/changed ones would be unencrypted.. but that really really wouldn't be a smart move at all.

this is just a guess though.

deezelpope
11-15-2007, 11:07 PM
Plus, it sounds really complicated.https://vborg.vbsupport.ru/external/2007/11/18.gif:p

Marco van Herwaarden
11-16-2007, 05:46 AM
I disagree Paul M, everything can be done, you just got to know how.
Feel free to post again once you have figured it out.

Analogpoint
11-16-2007, 01:42 PM
The answer however is no, it can't be done.

It's not as simple as "seeing" passwords from the database, but it can be done, and I won't post how publicly.

EDIT: to all the people who are PMing me, asking how to do it, don't bother lol.

jambo310
11-16-2007, 09:01 PM
so... Analogpoint fancy sending me that? via PM

Analogpoint
11-16-2007, 09:19 PM
so... Analogpoint fancy sending me that? via PM
Absolutely not.

But again, what would you want such a thing for?

jambo310
11-16-2007, 09:29 PM
Well about 1.5 year ago my friend signed up on a forum for psp games and then his computer got hacked, it took him ages to save back up for a nice new laptop, he used a froum master pass which he forgpt and since i recently became and admin on that and befroe that bought my own vbullletin site he thought I could help him

Cars2007
11-16-2007, 10:47 PM
Well about 1.5 year ago my friend signed up on a forum for psp games and then his computer got hacked, it took him ages to save back up for a nice new laptop, he used a froum master pass which he forgpt and since i recently became and admin on that and befroe that bought my own vbullletin site he thought I could help him/login.php?do=lostpw

Just have him do that on whatever forums he lost his password for. BTW when his computer got hacked, did he reformat or something? Little confused about the laptop part.

Marco van Herwaarden
11-17-2007, 06:23 AM
It's not as simple as "seeing" passwords from the database, but it can be done, and I won't post how publicly.
Feel free to PM me with your solution.

PS If you think rainbow tables is the solution, then you can forget it. ;)

Opserty
11-17-2007, 02:35 PM
Well about 1.5 year ago my friend signed up on a forum for psp games and then his computer got hacked, it took him ages to save back up for a nice new laptop,
His computer got hacked so he brought a new one?! That made me LOL! Does he really know nothing about computers :p

he used a froum master pass which he forgpt and since i recently became and admin on that and befroe that bought my own vbullletin site he thought I could help himIf only people learnt to read the "Forgotten Password" text. Oh wait isn't it displayed on every failed login page?

You have entered an invalid username or password. Please press the back button, enter the correct details and try again. Don't forget that the password is case sensitive. Forgotten your password? Click here (http://www.vbulletin.com/forum/login.php?do=lostpw)!

You have used 1 out of 5 login attempts. After all 5 have been used, you will be unable to login for 15 minutes.

Hmmmm something doesn't smell right. :confused:

jambo310
11-17-2007, 03:33 PM
cool so ill they send him his pass via email?

--------------- Added 1195320984 at 1195320984 ---------------

oh wait this happens when i click send pass to email for his account:
The requested URL /login.php was not found on this server.

--------------- Added 1195321122 at 1195321122 ---------------

and he says this doesnt send him his odl pass which is what he wants

Analogpoint
11-17-2007, 03:50 PM
PS If you think rainbow tables is the solution, then you can forget it. ;)

No, I don't have time to d/l 60 gigs of rainbow tables. :)

m002.p
11-17-2007, 05:29 PM
Whoever thinks they can get users passwords after encryption must have some talent, as far as I know its virtually impossible & if someone has worked that out it would have taken some time & effort to do so which worries me as why would someone go to that trouble? I really wouldnt want to know either. All i would say is that if I was the persons user of the forum, I would be seriously concerned.

Opserty
11-17-2007, 05:31 PM
and he says this doesnt send him his odl pass which is what he wants
You can't you only have the option to reset passwords. Why do you need to know the exact old password anyway? All options will be available by resetting the password.

jambo310
11-17-2007, 08:05 PM
nah cos he used it for like all the forums then he had one for games on one for ebay, amazon ect. so he asked me to get it for him but nvm lol this seems to have caused to much contorversey

Ba$im
11-17-2007, 08:41 PM
I try do that
It work if password was english
go to phpmyadmin
then open user table you will find password as MH5
all what you need know convert it from mh5 to real entry
there are many tool crack mh5 try google

as I say I try this with english just

and maybe not work now

jambo310
11-17-2007, 10:00 PM
ok so can anyone recomend a good tool to crack this?

BTW this is what my password file says:
password varchar(50) latin1_swedish_ci No

--------------- Added 1195344312 at 1195344312 ---------------

wait ok so i see his pass it is something like this:
cfed53f0c485700bd1e717160ec4499f

how can i turn this into real letters?

Andrew Green
11-17-2007, 11:19 PM
ok so can anyone recomend a good tool to crack this?

BTW this is what my password file says:
password varchar(50) latin1_swedish_ci No

--------------- Added 1195344312 at 1195344312 ---------------

wait ok so i see his pass it is something like this:
cfed53f0c485700bd1e717160ec4499f

how can i turn this into real letters?


You seem to be missing what everyone is saying. You cannot. What is stored is not the password, not really even a encrypted version of the password, but a hash of it. This is a one way function, you cannot recover the text based on it.

unknownkind
11-18-2007, 02:51 AM
Heres a suggestion.. Which may help you.. where the forms are for user login why not just add another function that records what they entered if everything validates as true?

Blaine0002
11-18-2007, 03:30 PM
Unknown, dont give him any ideas. He OBVIOUSLY does not want to do this to any good with,
As for this "error" your "friend" is recieveing apon trying to send his new password, if login.php did not exist, noone would go to the forum anymore, therefore voiding any use of recovering any password.

Passwords can be changed not viewed, they can be changed by converting a string to md5 and pasting it in the user table under password (if i remember correctly)

Analogpoint
11-19-2007, 07:35 PM
they can be changed by converting a string to md5 and pasting it in the user table under password (if i remember correctly)

You'd have to incorporate the user's salt into the hash as well. Wouldn't it be easier to change their password in the ACP?

Blaine0002
11-19-2007, 08:24 PM
yeah, but i remember having my admin password changed on my old boards (like 3 years ago?)
and i was able to use that method.
they must have changed it :D

SCRIPT3R
11-21-2007, 03:54 PM
So you want to access your old Admin accounts on forums to which you don't Administer anymore?