Support - Getting a members password

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Scam Warning
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
pumping_iron_300
Registered User
Posts: 60
Joined: Thu Dec 18, 2008 5:27 am

Support - Getting a members password

Post by pumping_iron_300 » Fri Feb 20, 2009 12:21 am

I know all members on my forum password is stored somewhere on my server on a database. I need to get a password for a member, rather than change it. How is this done?

ToonArmy
Former Team Member
Posts: 4608
Joined: Sat Mar 06, 2004 5:29 pm
Location: Worcestershire, UK
Name: Chris Smith
Contact:

Re: Support - Getting a members password

Post by ToonArmy » Fri Feb 20, 2009 12:30 am

You can't get them they are stored in the database as hash, which is non-reversible.
Chris SmithGitHub

Hatake Ryuuzaki
Registered User
Posts: 48
Joined: Thu Nov 22, 2007 11:59 pm

Re: Support - Getting a members password

Post by Hatake Ryuuzaki » Fri Feb 20, 2009 12:32 am

I think this is not possible, since all passwords are encrypted. And even if could be possible, isn't illegal?

Edit: Sorry. I didn't saw the previous message before posting.
Sorry for my english.

pumping_iron_300
Registered User
Posts: 60
Joined: Thu Dec 18, 2008 5:27 am

Re: Support - Getting a members password

Post by pumping_iron_300 » Fri Feb 20, 2009 12:37 am

No, its my server, therefore i am not cracking or hacking into anything, however i can decrpyted the hash, im wondering how to get it from MY server

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 50812
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: Support - Getting a members password

Post by stevemaury » Fri Feb 20, 2009 12:43 am

Doesn't matter whose server it is. The passwords are in an irreversible hash. It can't be done.

pumping_iron_300
Registered User
Posts: 60
Joined: Thu Dec 18, 2008 5:27 am

Re: Support - Getting a members password

Post by pumping_iron_300 » Fri Feb 20, 2009 12:47 am

Hashes arent irreversible, any hash can be decrpyted, trust me, i can decrpyt any hash with time

User avatar
Kaitlyn
Registered User
Posts: 127
Joined: Fri Apr 15, 2005 8:41 pm

Re: Support - Getting a members password

Post by Kaitlyn » Fri Feb 20, 2009 12:51 am

So.. you can re-create a password from a salted hash, but you can't find the table that stores the hash from the database? Really?

~K

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 50812
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: Support - Getting a members password

Post by stevemaury » Fri Feb 20, 2009 12:57 am

pumping_iron_300 wrote:Hashes arent irreversible, any hash can be decrpyted, trust me, i can decrpyt any hash with time
Then you are all set, are you not?

pumping_iron_300
Registered User
Posts: 60
Joined: Thu Dec 18, 2008 5:27 am

Re: Support - Getting a members password

Post by pumping_iron_300 » Fri Feb 20, 2009 12:59 am

Yes, a salted hash can be decrypted Ive seen it done numerous time, I am just to as unsure where the pass is stored on my server.

pumping_iron_300
Registered User
Posts: 60
Joined: Thu Dec 18, 2008 5:27 am

Re: Support - Getting a members password

Post by pumping_iron_300 » Fri Feb 20, 2009 1:02 am

Kaitlyn wrote:So.. you can re-create a password from a salted hash, but you can't find the table that stores the hash from the database? Really?

~K
Smartass, I encrpyted salted hashes can be found elsewhere, but my best bet is my server, where I am unsure the pass is stored.

User avatar
Noxwizard
Support Team Leader
Support Team Leader
Posts: 10344
Joined: Mon Jun 27, 2005 8:41 pm
Location: Texas, USA
Name: Patrick Webster
Contact:

Re: Support - Getting a members password

Post by Noxwizard » Fri Feb 20, 2009 1:07 am

You should read this article: Knowledge Base - Difference between encryption and hashing
You are misusing the terminology and making inaccurate claims about how the passwords can reversed/decrypted.
[Support Template] - [Read Before Posting] - [phpBB Knowledge Base]
Do not contact me for private support, please share the question in our forums.

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 50812
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: Support - Getting a members password

Post by stevemaury » Fri Feb 20, 2009 1:12 am

The passwords are in the user_password field of the users table in the database.

Let us know how you do.

pumping_iron_300
Registered User
Posts: 60
Joined: Thu Dec 18, 2008 5:27 am

Re: Support - Getting a members password

Post by pumping_iron_300 » Fri Feb 20, 2009 1:14 am

Thanks

I also know what a hash is its an the way the password is encrypted. I can "crack" hashes, I have done it before, and have had many friend crack salted hashes to servers, so get your terminology correct.

User avatar
Noxwizard
Support Team Leader
Support Team Leader
Posts: 10344
Joined: Mon Jun 27, 2005 8:41 pm
Location: Texas, USA
Name: Patrick Webster
Contact:

Re: Support - Getting a members password

Post by Noxwizard » Fri Feb 20, 2009 1:20 am

No, a hash is not a way a password is encrypted. Encryption and hashing are completely different. Encryption involves a key and is something that can be decrypted. Hashes are one-way, they cannot be decrypted as it was not encrypted to begin with. The only thing you can do is either look it up in something like a rainbow crack table, or bruteforce it. Like I said, check out that article, go to Wikipedia, or Google these topics and educate yourself a bit.
[Support Template] - [Read Before Posting] - [phpBB Knowledge Base]
Do not contact me for private support, please share the question in our forums.

ToonArmy
Former Team Member
Posts: 4608
Joined: Sat Mar 06, 2004 5:29 pm
Location: Worcestershire, UK
Name: Chris Smith
Contact:

Re: Support - Getting a members password

Post by ToonArmy » Fri Feb 20, 2009 1:20 am

pumping_iron_300 wrote:Thanks

I also know what a hash is its an the way the password is encrypted. I can "crack" hashes, I have done it before, and have had many friend crack salted hashes to servers, so get your terminology correct.
Hashing is not encryption, hashing is irreversible whereas encrypted text can be decrypted. I see no good reason why you need to brute force a users password hash, which is why people are not telling you where the data is stored due to the questionable ethics.
Chris SmithGitHub

Locked

Return to “[3.0.x] Support Forum”