The Arcive of vBulletin Modifications Site.

Keyser S?ze · #1 05-29-2002, 05:43 PM

u wouldnt think this was needed, but i swear it is, for some reason in 2.0.3 i could see the users password, but now in 2.2.5 i cant, and i use to have this user that kept re-registering, just to bug ppl, and he ALWAYS used the same password, wutang,

also has been helpful in other cases, but not used for anything bad

does a hack like this exsist where admins can see users passwords in the admin cp?

thanks

Xenon · #2 05-29-2002, 06:38 PM

passwords are md5 encrypted, you cannot decrypt it anymore, its not possible to decrypt md5.

as i know there was a hack wich saves the passwords unencrypted for 2.x.x, but not sure

try the search function.

also it's not so hard to write a hack, wich will save pw's after login in uncryptet version into the DB, but i don't think its a good thing to do so

scsa20 · #3 05-29-2002, 07:00 PM

Quote:

Originally posted by IceMalee
u wouldnt think this was needed, but i swear it is, for some reason in 2.0.3 i could see the users password, but now in 2.2.5 i cant, and i use to have this user that kept re-registering, just to bug ppl, and he ALWAYS used the same password, wutang,

also has been helpful in other cases, but not used for anything bad

does a hack like this exsist where admins can see users passwords in the admin cp?

thanks

hmmm....since he uses the same password over and over again and you know what the password is, find out what his e-mail address is (if he uses Hotmail, put in his username (the first part of the adde (if you didn't know

)) and use it againes your advages

)

anyways, why would you what to know someone's password for?? just ban the guy

Logician · #4 05-30-2002, 08:02 AM

it's not what you asked, but is what you need:

https://vborg.vbsupport.ru/showthrea...threadid=38909

Scott MacVicar · #5 05-30-2002, 08:59 AM

I would not really recommend storing the passwords un-encrypted, if your on a shared server you'll find that anyone with shell will have access to your mysql tables, and you don't really want them having your passwords.

Such as a competitor might buy a $9.95 account on your server just to get access to your admin passwords and thats you in trouble. This is all hypothetical btw :P

If he used the same password, the hashed password will be the same so this query will find it.

SELECT * FROM user WHERE password=MD5("password")

Tigga · #6 05-30-2002, 03:41 PM

Couldn't you just simply search for the password "wutang" in the admin pages under users / find?

Xenon · #7 05-30-2002, 10:30 PM

no, you can't search for passwords in the admin cp since vb2

RDX1 · #8 05-31-2002, 05:51 AM

i know how to find out users passwords via ACP... and its pretty easy... but would this be invasion of privacy if i told you how and you used it for other reasons?

Chris M · #9 05-31-2002, 08:58 AM

Not really...

It is something that could be useful...

Perhaps only to the site owner - i.e. Userid=1?

Satan

Scott MacVicar · #10 05-31-2002, 04:22 PM

You cant decrypt a MD5 hash, the only way to find it out is to store it seperately when they login / register.

To find a user using a password would be easy though, type in the password click find and it should come up. If you want i'll post the code

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.06393 seconds Memory Usage 4,726KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (1)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (10)post_thanks_box (10)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (10)post_thanks_postbit_info (10)postbit (10)postbit_onlinestatus (10)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/functions_amr.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages: