phpnuke password decrypter

Posted: Fri Nov 03, 2006 8:04 am

phpnuke password decrypter

Has anyone developed a script that will allow the admin to view actual user password (decrypted).... for management purposes??

thanks
pcn

registered · Posted: Fri Nov 03, 2006 8:10 am

No, MD5 is not decryptable. There are ways to brute force it, but why do you want to get your users passwords?

Posted: Fri Nov 03, 2006 8:19 am

mainly as a backup for user management,
just in case they lose it and cannot remember their info for recovery of it...

---

Also there are programs out there that will decrypt MD5

This one works: http://www.md5decrypter.com/

---

I was was just asking to see if anyone had already built one as a n admin management tool for phpnuke

thanks
pcn

registered · Posted: Fri Nov 03, 2006 10:56 am

Its not decrypting in the true sense. What it is a large table of text to md5, that they compare a word to. The reason being that md5 never changes unless you add salt to it. So the word "password" is always going to be 5f4dcc3b5aa765d61d8327deb882cf99. So if you get a large enough table of real text to md5 you can break many passwords since people are generally lazy and use simple real text passwords.

This is what that site and all the other sites are doing when they claim to be breaking md5. So far no one has been able to come up with a working algorithm to truly break it.

Posted: Fri Nov 03, 2006 1:01 pm

Seems like you would just be able to easily reset the password. As technocrat said, there is no real algorithm to it. It just brute forces it.

Posted: Fri Nov 03, 2006 9:15 pm

A work arounf might be to have the php script duplicate the password BEFORE the MD5 and then enter the password somewhere else as well. That way you as an admin can see the actual password without it being decrypted, This would only work on NEW clients and the old ones would be forced to redo their passwords which would then populate the table and you could view their passwords. But as a reference, if you did do that, you would need to make it clear that their passwords were not going to be completely private but be viewable by the staff or admins on your site.

Posted: Wed Sep 30, 2009 4:00 pm

Quote:

Has anyone developed a script that will allow the admin to view actual user password (decrypted).... for management purposes??

yes there are few of them. Are u trying to guess admin password from other sites?

What I do know about this password decryter is: There is no posibility to get admin password if the owner makes a hard password. U need to include a big amount of word (dictionary or bible) on your data base to guess those password. Actually u will waist your time if you do that.

Just my opinion.

Wink

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

There are none that allow you to 'view' an MD5 decrypted password, adhoc. As explained previously, there are brute force techniques and large dictionaries to guess common words/characters. But the only way to do what was originally asked is to either store a copy of the original unencrypted password or to store it with an encryption method that is decryptable where only the admin has the decryption key.

Posted: Thu Oct 01, 2009 3:47 am

let yourself send an email when a user register or he/she change pasword (if it is allowed to change).
Let these emails be sended to a special email adres and/or email folder.
Like that you dont have to manipulate data that is normaly protected by your system.

It is only an alternative.

Grtzz wHiTeHaT