Solved

Reading password from mysql direct

Posted on 2006-07-18
22
331 Views
Last Modified: 2008-02-01
when I try to read user password (`user_password` varchar(32) NOT NULL default '), I find the value like this:-
d0970714757783e6cf17b26fb8e2298f
so what is the way to read it direct from mysql by "phpmyadmin".
0
Comment
Question by:sal1150
  • 8
  • 3
  • 3
  • +4
22 Comments
 
LVL 35

Expert Comment

by:Raynard7
ID: 17135240
You say you are trying to read the user_password from a table.  Formats like this indicate that the password has been stored as a hash.  Ie encrypted, generally MySql uses the Password("passwordText") function to encrypt the passwords it stores - this is one way encryption.  Meaning that if you have the same starting point ie passwordText - you will always get the same end result 8437A3B71E2F8166E96C053DFFC6EAA62B6D946A but you can not go backwards.  This is useful as most system designers do not want people to know / work out other people's passwords - but just to work out that it is the same password being submitted each time.
0
 
LVL 7

Expert Comment

by:kayrules
ID: 17135484
most propably, the 32 bit encryption is using MD5.. MD5 is a hashing technique which is one way algorithm.. this mean that once you hash the keyword with MD5, it could not be decrypted back to its original plaintext keyword..

to store a record with MD5 password in mysql, use this sql command:

INSERT INTO user_table SET user_password=MD5('test');
--> the record will store this encrypted string: 098f6bcd4621d373cade4e832627b4f6

if you want to check the given keyword is stored in your record table, you an always do a check using this:

SELECT * FROM user_table WHERE user_password=MD5('test');
0
 
LVL 1

Expert Comment

by:Sony-Controlled
ID: 17135668
if it is encrypted in md5 then you can not read it threw phpmyadmin but you can make a script to decript the password such as <?
$password = md5("098f6bcd4621d373cade4e832627b4f6");
echo $password; ?>
then what ever  the encrytion is should be shown in plain text. But as for your question about viewing in phpmyadmin if its not encrypted you should be able to click on the table and click browse and be able to see hte password
0
 
LVL 13

Expert Comment

by:rhickmott
ID: 17136570
Sony md5 is a ONE WAY hashing algorith that provides a 32bit checksum. Passing a md5 check though the md5() function will just give you the hash of that hash not the plain text.

For the same reason you can pass a 4GB file into md5 and still end up with a 32bit hash but passing the hash though md5 would not give you a 4GB plain text file (otherwise that would make a killer compression program)
0
 
LVL 7

Expert Comment

by:maUru
ID: 17136594
thanks sony for making us all a little dumber.

and rhickmott, its a 128bit checksum, 4 words of 32 bits.
0
 
LVL 13

Expert Comment

by:rhickmott
ID: 17136608
Sorry you are right its early (for me anyway :p) ive not had my coffee yet.
0
 
LVL 7

Accepted Solution

by:
maUru earned 125 total points
ID: 17136642
to answer the question, there ARE ways to read md5 hashes (or at least find a string that generates the same hash), they are called rainbow tables, and basically consist of huge computers crunching up every string in order to get their md5 hash, as the algorithm produces a 128 bit 'checksum', this equals about:

2 ^ 128 = 3.4 x 10^38 (thats 3 followed by 38 zeros) or roughly over:

34,000,000,000,000,000,000,000,000,000,000,000,000,000 different hashes possible

if you have a php/mysql program that you want to be able to see the passwords of the users, you are going to have to hack the actual program, specifically changing the insertion and checking of the passwords

so from UPDATE users SET Password = md5($password) WHERE ID = 4
to UPDATE users SET Password = $password WHERE ID =4

and from

if (md5($password) == get_password(4))
to
if ($password == get_password(4)
0
 
LVL 1

Expert Comment

by:Sony-Controlled
ID: 17138631
Ok, I was mistaken but don get mad at me becuase I got the accepted answer on the last question :o
0
 
LVL 7

Expert Comment

by:maUru
ID: 17138920
what? accepted answer?

im not mad at you, im pointing out that what you said was retarded so that people in the future dont get misconceptions about how a hash works.
0
 
LVL 5

Expert Comment

by:floorman67
ID: 17170289
MaUru, you have been reported to the EE staff ... do not treat people that way on this site ... perhaps you need to re-read the policies you agreed to when you signed up on this site.

the shoirt answer to the posters question is that you CAN NOT  get the password from the hash.

script developers encrypt all passwords to MD5 hash so NO ONE can get them.

the better scripts have forgotten password classes and routines, and password reset fucntions to ensure that only the person who created the account can access the accounts.

If your script is limited and a user forgot their password, and you need to reset it or give them another one, just run this script on its own, then replace the hash in the database table and the user will again ahve access.

I included md5 and SHA1 becasue some newer script developers are starting to use SHA1.

<?php

####################################
##
##      hash creator
##
####################################
##
##      type new password between
##      the quotes in $password
##
$password="TYPE_NEW_PASSWORD_HERE";
##
####################################
echo "<b><u>New Password</u>:</b> ";
echo $password;
echo "<BR><BR>";
echo "<B><U>MD5</u>:</b> ";
echo MD5($password);
echo "<BR><BR>";
echo "<B><U>SHA1</u>:</b> ";
echo SHA1($password);
php?>
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 7

Expert Comment

by:maUru
ID: 17170321
ok.
0
 
LVL 35

Assisted Solution

by:Raynard7
Raynard7 earned 125 total points
ID: 17400499
I do not agree with maUru's answer - rainbow tables after days of processing MAY produce results that could be used using a md5 hash to create possible passwords - but that solution does not really answer the question about "reading" a password stored in mysql.

As - floorman67, Sony-Controlled, rhickmott, kayrules and myself all pointed out - there is no way to "read" the password - just to evaluate if a given string when hashed produces the same result.
0
 
LVL 7

Expert Comment

by:maUru
ID: 17400548
rainbow tables do not require days of processing, they are a bank of already md5 hashed strings hence the name table, which also means the can be checked instantly for a collision

i agree with the fact that the question asks for 'reading' a password, which although techically the answer is no, the answer 'no' is wrong because an md5 hash /can/ be reverse engineered in some circumstances, mainly with weak passwords

for example there used to be an online md5 rainbow table that you could search (i think its closed now)

taking an md5 hash of a password like 'letmein' would give you a collision with 'letmein', which means you /can/ read the password from the md5 hash (letmein is a specific example because it is a common password)

therefore yes, in some circumstances a password can be read from an md5 hash
0
 
LVL 35

Expert Comment

by:Raynard7
ID: 17401410
however not all combinations for md5 are actually what was originally input - there are possibilities for multiple arrangements of characters to result in the same hash - and as such they are not "read" as such - just are possibilities.

Additionally - I agree once you have the rainbow tables they are fast - just creating them takes the time
0
 
LVL 7

Expert Comment

by:maUru
ID: 17402140
yes that is true, you might have a 9million character long string that gives the same hash as the string 'imcool', and no system will allow you to enter a 9million character long password :)

but i think rainbow tables work with smaller strings rather than huge strings which means everything from 1 to 10 characters of the set [a-Z0-9] and special characters would be generated first

in practise, as i gave the system a go on a few md5 passwords that i had in a database of mine, i got about 50-100 hits out of 1000, all of which were the right passwords rather than arbitrary strings that happened to collide, so it does work
0
 
LVL 5

Expert Comment

by:floorman67
ID: 17402496
sorry maUru,

while your response is theoretically possible, your response doesnt answer the question posted.

the question is, "...what is the way to read it direct from mysql by "phpmyadmin"...."

which can not be accomplished at all, and can only be hacked via a brute force attack if, and only if, all possible combinations of charactors are included in a 3rd party script to create these hacker tables you speak of, which you ahvent supplied the poster.


0
 
LVL 7

Expert Comment

by:maUru
ID: 17411479
it can be done

it has been done

im not discussing this any further

give me access via phpmyadmin to a list usernames and md5ed passwords if you are so sure it cannot be done.

no, i didnt think you would.
0
 
LVL 5

Expert Comment

by:floorman67
ID: 17412575
no, that isnt reading or interpreting.

that is a brute force attack against the database.

it isnt the same.

and all u said is that it could be done and posted nothing to do it.

where is the script to create the list and perform the attack ?

0
 
LVL 7

Expert Comment

by:maUru
ID: 17412926
the question asked was 'what is the way'

i told him the way: using a pregenerated rainbow table you can enter the md5 hash of a password and it may come up with a match, it may not

if you want to get entirely anal about what the questions asks:

>> when I try to read user password (`user_password` varchar(32) NOT NULL default '), I find the value like this:-
>> d0970714757783e6cf17b26fb8e2298f
>> so what is the way to read it direct from mysql by "phpmyadmin".

well to read the user_password field direct from mysql by phpmyadmin, you click on the row, and use your eyes, or just one eye, or even a text-to-speech program to read you the user_password field which in this case, is d0970714757783e6cf17b26fb8e2298f

he makes no mention of md5, no mention of the fact the password is a hash, we have just assumed it, therefore, i have just produced the correct answer in relation to what the author asked.

thats it, im unsubscribing from this thread
0
 
LVL 14

Expert Comment

by:huji
ID: 17510167
Dear all,

Whether the author is meaning a simple routine that can unhash the hashes, by saying "read it direct" or whether the solution of rainbow tables would solve his/her problem is unclear to us. It is important to remind you, that the assumption of "MD5" being the encryption algorhithm was originally suggested by kayrules, not the asker.

Nevertheless, your discussion here contains valuable bits of information, that could be useful for other people reaching this question (for example from Google) who seek a way to recover a lost password, which is stored in the database in an encrypted way. Consequently, I would like to suggest a conclusion to this discussion, and make a new suggestion about closing this thread.



Many of the encryption methods are not one-to-one functions, so different keyphrases may result in the same hash. This, and several other reasons, has caused the existance of no effective unhash function in many cases. However, a large proportion of the passphrases people use for their accounts include few characters, all of which are among the small and capital letters, and digits. If the method of encryption is known, there may be a chance to use rainbow tables that are tables of hashes and one of their decrypted equivallents, to find the passphrase indirectly. Whether the usage of this method is legal and allowed, depends on the situation it is going to be used. This method may be much less successful when the passphrase contains combination of different types of characters, and special characters like %&$¶§£ etc. Perhaps in the future, mathematicians may find functions that can decrypted such encrypted hashes.



I will ask the moderator in charge, to kindly split the points between maUru {http:#17136642} and Raynard7 {http:#17400499}.

Huji
EE Cleanup Volunteer
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

This article will explain how to display the first page of your Microsoft Word documents (e.g. .doc, .docx, etc...) as images in a web page programatically. I have scoured the web on a way to do this unsuccessfully. The goal is to produce something …
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to count occurrences of each item in an array.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now