Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
pcnuke
Hangin' Around


Joined: Feb 21, 2005
Posts: 39
Location: Cybertoria

PostPosted: Fri Nov 03, 2006 8:04 am Reply with quote

phpnuke password decrypter

Has anyone developed a script that will allow the admin to view actual user password (decrypted).... for management purposes??

thanks
pcn

_________________
Only registered users can see links on this board! Get registered or login! - currently in LIMBO 
View user's profile Send private message
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Fri Nov 03, 2006 8:10 am Reply with quote

No, MD5 is not decryptable. There are ways to brute force it, but why do you want to get your users passwords?

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
pcnuke
PostPosted: Fri Nov 03, 2006 8:19 am Reply with quote

mainly as a backup for user management,
just in case they lose it and cannot remember their info for recovery of it...

---

Also there are programs out there that will decrypt MD5

This one works: Only registered users can see links on this board! Get registered or login!

---

I was was just asking to see if anyone had already built one as a n admin management tool for phpnuke





thanks
pcn
 
technocrat
Life Cycles Becoming CPU Cycles


Joined: Jul 07, 2005
Posts: 511

PostPosted: Fri Nov 03, 2006 10:56 am Reply with quote

Its not decrypting in the true sense. What it is a large table of text to md5, that they compare a word to. The reason being that md5 never changes unless you add salt to it. So the word "password" is always going to be 5f4dcc3b5aa765d61d8327deb882cf99. So if you get a large enough table of real text to md5 you can break many passwords since people are generally lazy and use simple real text passwords.

This is what that site and all the other sites are doing when they claim to be breaking md5. So far no one has been able to come up with a working algorithm to truly break it.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! / Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message
evaders99
PostPosted: Fri Nov 03, 2006 1:01 pm Reply with quote

Seems like you would just be able to easily reset the password. As technocrat said, there is no real algorithm to it. It just brute forces it.
 
gregexp
The Mouse Is Extension Of Arm


Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Fri Nov 03, 2006 9:15 pm Reply with quote

A work arounf might be to have the php script duplicate the password BEFORE the MD5 and then enter the password somewhere else as well. That way you as an admin can see the actual password without it being decrypted, This would only work on NEW clients and the old ones would be forced to redo their passwords which would then populate the table and you could view their passwords. But as a reference, if you did do that, you would need to make it clear that their passwords were not going to be completely private but be viewable by the staff or admins on your site.

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
hicuxunicorniobestbuildpc
Life Cycles Becoming CPU Cycles


Joined: Aug 13, 2009
Posts: 967
Location: Netherland

PostPosted: Wed Sep 30, 2009 4:00 pm Reply with quote

Quote:
Has anyone developed a script that will allow the admin to view actual user password (decrypted).... for management purposes??


yes there are few of them. Are u trying to guess admin password from other sites?

What I do know about this password decryter is: There is no posibility to get admin password if the owner makes a hard password. U need to include a big amount of word (dictionary or bible) on your data base to guess those password. Actually u will waist your time if you do that.

Just my opinion.

Wink
 
View user's profile Send private message Visit poster's website
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Wed Sep 30, 2009 5:16 pm Reply with quote

There are none that allow you to 'view' an MD5 decrypted password, adhoc. As explained previously, there are brute force techniques and large dictionaries to guess common words/characters. But the only way to do what was originally asked is to either store a copy of the original unencrypted password or to store it with an encryption method that is decryptable where only the admin has the decryption key.
 
View user's profile Send private message
wHiTeHaT
Life Cycles Becoming CPU Cycles


Joined: Jul 18, 2004
Posts: 577
Location: Netherlands

PostPosted: Thu Oct 01, 2009 3:47 am Reply with quote

let yourself send an email when a user register or he/she change pasword (if it is allowed to change).
Let these emails be sended to a special email adres and/or email folder.
Like that you dont have to manipulate data that is normaly protected by your system.

It is only an alternative.

Grtzz wHiTeHaT
 
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©