If so can you point me in the right direction?

edit: Also, could someone not draw up a dummy request for the members name and password. I know nothing about hacking, but how hard would it be to create a section within VB in which upon the member clicking they would be prompted to enter their member name and pw for confirmation. This of course not being encrypted, and either logged or emailed to the admin.

First, how come you want your members passwords?

No, because members may use the same password for other forums or sites - it would be bad for an admin to abuse that.

not necessarily.....

why do you assume it is necessarily for a negative reason.

if an admin wanna abuse his users, he could sell the email list he has to any porno site, or could do any other thing that might cross your mind.

I still would like to ask for this hack.

if an admin wanna abuse the user and see his or her password, he could always change the email address of that user in the control panel, to his own email, and send the password to the user.

it is that easy.

Originally posted by Learner29
I still would like to ask for this hack.

How many times do you need to be told that this is IMPOSSIBLE?

He can't change their email to his own email and get the password sent, as it resets the password when being sent.

Also, to answer the thread starters question: vBulletin uses a MD5 hash technology and it's next to impossible to decode it...

Originally posted by Learner29
not necessarily.....
why do you assume it is necessarily for a negative reason.

Here is the deal: Tell me a good reason you need to know your users' board passwords, I'll tell you how to grab some of them..

Here's some general advice: Use a different password at every forum you go to, because some people might want it for malicious uses and if ever a hack is released, or they get their hands on a MD5 decoder, you're screwed ;)

The only good use I think think for finding/knowing users passwords is for finding people who have registered dublicate times, in which case there is already a hack that does this, it will compare all the MD5 hashes for duplicate passwords. There is never any need to know what the users password is.

However when people register multiple times, they still could be using a different password, which means there are no uses :p

i believe that Logician made a hack for users with similiar passwords :p but i know how to easily grab the passwords as well... but like Logician says if its not a valid reason then why do you need it? besides you can do most anything through phpmyadmin... so its not like they have much to hide... regards... just my input ;)

g-force2k2

Basically you can go into phpmyadmin into your database and somehow get their sessionhash and decode it?

I'll say it again, you can't decyrpt users passwords, at all. The sessionhash only identifies users.

All you can do is try to match 2 MD5 hashes, if they are the same its the same password.

Originally posted by NTLDR
All you can do is try to match 2 MD5 hashes, if they are the same its the same password.

No there is an easier way... you're correct about md5 passwords though... they can't be reversed... and they're always the same meaning... if you input the same word as md5 it'll always come up the same after being md5'd...

g-force2k2

this is very interesting.... please dont release the hack though.....