Results 1 to 10 of 10
  1. #1
    Join Date
    Aug 2002
    Location
    Canada
    Posts
    315

    need to crack a PW in PHPBB via myphpadmin

    Hey all,

    Not sure if anyone can help me, i forgot a password in phpbb and instead of screwing with anything i was wondering if there is a way to decode the cripted password that is listed in myphpadmin.
    which is e5a86e2d3dc4264c41583f3cb5ff8dba

  2. #2
    Join Date
    Mar 2004
    Posts
    158
    No. Those hashes are one way. Just reset it to a known password.

  3. #3
    Something tells me that isnt his own MD5sum and his story isnt quite truthful

    If thats the case, all is *perhaps* not lost, but its going to cost you a lot of CPU time. MD5 hashes are crackable by either brute-forcing it or if you are very lucky, finding a collision value that produces the same hash value.

    Google for 'md5 collision table'. Someone out there has a site where you can submit a hash and it will be searched against a huge database of known hashes.

    It might be helpful if you know the forum's salt (if it uses one).

    I think in this case that bruteforcing is probably your best bet. In the interest of the public, I will not link you directly to such utilities, but a 5 minute googling should be illuminating.
    "The only difference between a poor person and a rich person is what they do in their spare time."
    "If youth is wasted on the young, then retirement is wasted on the old"

  4. #4
    Join Date
    Jan 2005
    Posts
    319
    couldn't you create another instance of phpbb using your hashed password, then replace this hash with the one you showed above and then you can get in?

    unless you don't want the owner of the database to know the password has been changed ;-)

  5. #5
    Join Date
    Jan 2005
    Location
    Scotland, UK
    Posts
    2,681
    If he already had database access, you would just change your password.

    Update your password too 4f4986dcc6b54a4e967585878498dfdc

    and then login with the password hostgeekz and reset it.
    Server Management - AdminGeekZ.com
    Infrastructure Management, Web Application Performance, mySQL DBA. System Automation.
    WordPress/Magento Performance, Apache to Nginx Conversion, Varnish Implimentation, DDoS Protection, Custom Nginx Modules
    Check our wordpress varnish plugin. Contact us for quote: sales@admingeekz.com

  6. #6
    Join Date
    Nov 2004
    Location
    Edmonton, Alberta
    Posts
    93
    Why don't you use the password recovery utility built into phpbb, just below login "I forgot my password link" Thats why it is there. If it is the Admin password, then why don't you look it up in the config file. However if your truly the admin, the pasword recovery utility would work.

  7. #7
    Originally posted by jethbrown
    Why don't you use the password recovery utility built into phpbb, just below login "I forgot my password link" Thats why it is there. If it is the Admin password, then why don't you look it up in the config file. However if your truly the admin, the pasword recovery utility would work.
    Maybe it was hacked? And they changed his email so he couldnt recover his pass? Or change it?

  8. #8
    Join Date
    Mar 2004
    Location
    New Jersey
    Posts
    798
    I haven't been to Fishtown for a long time, yet sometimes things still smell fishy to me... hmmm...


  9. #9
    Join Date
    Nov 2004
    Location
    Edmonton, Alberta
    Posts
    93
    Originally posted by Criminal#58369
    Maybe it was hacked? And they changed his email so he couldnt recover his pass? Or change it?
    If that was the case he could edit the sql file and change the email, which is not encrypted. Then click send me my password. The whole thing sounds fishy to me.

  10. #10
    Join Date
    Nov 2004
    Location
    India
    Posts
    1,104
    Follow these steps to reset it,

    1. Register a new user in the phpbb and remember the password.

    2. Login to mysql using ssh

    3. Execute the follow query in mysql,

    select * from phpbb_users;

    4. Now in the last of that query's result you will find the username which you have registered and its password. For example we will assume his password is

    102087ef20bdb802b248d7182270dbbc

    5. Copy the password

    6. Now execute the following command in mysql,

    select * from phpbb_users limit 0,5;

    Here you can see the admin user's details with his password.

    7. Now execute the following command in mysql to reset his password,

    update phpbb_users set user_password = '102087ef20bdb802b248d7182270dbbc' where username = 'admin';

    So now the newly registered user's password is used for the admin user's password. In order to do this you need shell access, if you don't have contact your hosting support.
    AssistanZ - Beyond Boundaries...
    Cloudstack Consultancy / 24x7 Web Hosting Support / 24x7 Server Management / Infrastructure Management Services
    Web & Mobile Apps Development / Web Designing Services / Php, Grails, Java Development

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •