Support - Getting a members password

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Suggested Hosts
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
pumping_iron_300
Registered User
Posts: 60
Joined: Thu Dec 18, 2008 5:27 am

Support - Getting a members password

Post by pumping_iron_300 »

I know all members on my forum password is stored somewhere on my server on a database. I need to get a password for a member, rather than change it. How is this done?

ToonArmy
Former Team Member
Posts: 4608
Joined: Sat Mar 06, 2004 5:29 pm
Location: Worcestershire, UK
Name: Chris Smith
Contact:

Re: Support - Getting a members password

Post by ToonArmy »

You can't get them they are stored in the database as hash, which is non-reversible.
Chris SmithGitHub

Hatake Ryuuzaki
Registered User
Posts: 48
Joined: Thu Nov 22, 2007 11:59 pm

Re: Support - Getting a members password

Post by Hatake Ryuuzaki »

I think this is not possible, since all passwords are encrypted. And even if could be possible, isn't illegal?

Edit: Sorry. I didn't saw the previous message before posting.
Sorry for my english.

pumping_iron_300
Registered User
Posts: 60
Joined: Thu Dec 18, 2008 5:27 am

Re: Support - Getting a members password

Post by pumping_iron_300 »

No, its my server, therefore i am not cracking or hacking into anything, however i can decrpyted the hash, im wondering how to get it from MY server

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 51195
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: Support - Getting a members password

Post by stevemaury »

Doesn't matter whose server it is. The passwords are in an irreversible hash. It can't be done.

pumping_iron_300
Registered User
Posts: 60
Joined: Thu Dec 18, 2008 5:27 am

Re: Support - Getting a members password

Post by pumping_iron_300 »

Hashes arent irreversible, any hash can be decrpyted, trust me, i can decrpyt any hash with time

User avatar
Kaitlyn
Registered User
Posts: 127
Joined: Fri Apr 15, 2005 8:41 pm

Re: Support - Getting a members password

Post by Kaitlyn »

So.. you can re-create a password from a salted hash, but you can't find the table that stores the hash from the database? Really?

~K

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 51195
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: Support - Getting a members password

Post by stevemaury »

pumping_iron_300 wrote:Hashes arent irreversible, any hash can be decrpyted, trust me, i can decrpyt any hash with time
Then you are all set, are you not?

pumping_iron_300
Registered User
Posts: 60
Joined: Thu Dec 18, 2008 5:27 am

Re: Support - Getting a members password

Post by pumping_iron_300 »

Yes, a salted hash can be decrypted Ive seen it done numerous time, I am just to as unsure where the pass is stored on my server.

pumping_iron_300
Registered User
Posts: 60
Joined: Thu Dec 18, 2008 5:27 am

Re: Support - Getting a members password

Post by pumping_iron_300 »

Kaitlyn wrote:So.. you can re-create a password from a salted hash, but you can't find the table that stores the hash from the database? Really?

~K
Smartass, I encrpyted salted hashes can be found elsewhere, but my best bet is my server, where I am unsure the pass is stored.

User avatar
Noxwizard
Support Team Leader
Support Team Leader
Posts: 10372
Joined: Mon Jun 27, 2005 8:41 pm
Location: Texas, USA
Name: Patrick Webster
Contact:

Re: Support - Getting a members password

Post by Noxwizard »

You should read this article: Knowledge Base - Difference between encryption and hashing
You are misusing the terminology and making inaccurate claims about how the passwords can reversed/decrypted.
[Support Template] - [Read Before Posting] - [phpBB Knowledge Base]
Do not contact me for private support, please share the question in our forums.

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 51195
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: Support - Getting a members password

Post by stevemaury »

The passwords are in the user_password field of the users table in the database.

Let us know how you do.

pumping_iron_300
Registered User
Posts: 60
Joined: Thu Dec 18, 2008 5:27 am

Re: Support - Getting a members password

Post by pumping_iron_300 »

Thanks

I also know what a hash is its an the way the password is encrypted. I can "crack" hashes, I have done it before, and have had many friend crack salted hashes to servers, so get your terminology correct.

User avatar
Noxwizard
Support Team Leader
Support Team Leader
Posts: 10372
Joined: Mon Jun 27, 2005 8:41 pm
Location: Texas, USA
Name: Patrick Webster
Contact:

Re: Support - Getting a members password

Post by Noxwizard »

No, a hash is not a way a password is encrypted. Encryption and hashing are completely different. Encryption involves a key and is something that can be decrypted. Hashes are one-way, they cannot be decrypted as it was not encrypted to begin with. The only thing you can do is either look it up in something like a rainbow crack table, or bruteforce it. Like I said, check out that article, go to Wikipedia, or Google these topics and educate yourself a bit.
[Support Template] - [Read Before Posting] - [phpBB Knowledge Base]
Do not contact me for private support, please share the question in our forums.

ToonArmy
Former Team Member
Posts: 4608
Joined: Sat Mar 06, 2004 5:29 pm
Location: Worcestershire, UK
Name: Chris Smith
Contact:

Re: Support - Getting a members password

Post by ToonArmy »

pumping_iron_300 wrote:Thanks

I also know what a hash is its an the way the password is encrypted. I can "crack" hashes, I have done it before, and have had many friend crack salted hashes to servers, so get your terminology correct.
Hashing is not encryption, hashing is irreversible whereas encrypted text can be decrypted. I see no good reason why you need to brute force a users password hash, which is why people are not telling you where the data is stored due to the questionable ethics.
Chris SmithGitHub

Locked

Return to “[3.0.x] Support Forum”