Hello, I want to know whether it is possible to recover password of users from mysql Database i have found that passwords are Encrypted! is there any solution? Thanks Toufique Ahmed Nizamani
If they are encrypted with md5 in most cases this is the way.It is possible to decrypt but it takes some time and it is not legal to learn your members paswords.
if u are the admin then why not reset the password and then u can login by that users account **i am wondering why do u want to know the exact password? i do not think that is the right thing to do
It depends how they are encrypted. Certainly with .Net you have the option of encrypting them or hashing them. Encryption can be reversed but hashing cannot (realistically) Alternatively if you had access to the db why not change their email address to one you have access to, use the forgotten password system and then change the email back
You can make a new password by modifying the value in the database and inserting a new password (make sure to hash in the appropriate format, commonly just a single MD5 hash). If you must recover, then you probably have to brute force as most passwords in web applications are hashed (one way encryption).
you can use an md5 dictionary attack you simply convert all the most popular words into their md5 equivalent and compare to all the passwords in the database. no doubt someone will have used password1 as their password if you have enough members. so a basic dictionary attack would be my choice
You cannot change the password within .sql db.If you change it you cannot log in that account.It is a very basic security thing for most professional scripts for today.But md5 hash can be found.I wont tell how because its illegal to do so.Just use forgot password thing.
you can change the password: update mysql.user set password = password('newpass') where user = '..' and host = '...'; flush privileges;
Exactly. Whilever you have direct access to the DB, you can do pretty much whatever you like (including setting a new, hashed password). Might I also mention that MD5 rainbows are great in theory, but any script worth its weight in donuts will use a salt which pretty much destroys any chance of finding a match in the rainbow, but anyway...
If you can access with PhpMyadmin you can easily change it. Just open table with users, find user and in password field enter new password but before you save it, you will need to change field type in md5. Then save it. It is the same just like command mentioned above but this is the easier way. Also, if you are making a web application, you will need to create password recovery option. Usually you can generate random word, number or combination and insert it in password field and then send an email to member with new password and note about changing it.
Yes you can... for a password to be entered there originally, an application must have generated one, probably from a password inputted by an end user so all that needs to be done is find the algorithm in the web app used to encrypt the password and reproduce to make new password. And yes, MD5 has been cracked, and I'm surprised people use a single MD5 hash without a salt anymore.