Solved

Login in using MD5 Encrypted password requires to login with the encryption string

Posted on 2008-06-26
21
996 Views
Last Modified: 2008-07-04
Hey

First time I've starting to get into encryption. I'm using MD5 to encrypt the submitted password.

The current data I'm testing results in this 65e156e673a5aa1 being the outcome of MD5 encrypted password.  This is good.

 I need to actually use 65e156e673a5aa1 as my password to login with success however, the submitted password does not work.

Tried the code below but doesnt work.
Whats the method to decrypt?
0
Comment
Question by:Ryan Bayne
  • 6
  • 4
  • 4
  • +3
21 Comments
 
LVL 9

Expert Comment

by:Rurne
ID: 21878025
Could you please resupply the code in question?   It does not appear attached to the question.
0
 
LVL 20

Expert Comment

by:virmaior
ID: 21878195
TycoonMillion -> you can't decript something which has gone  through md5.  It is a one-way function.  to compare, you run MD5 on the other string as well.
0
 
LVL 31

Expert Comment

by:Frosty555
ID: 21878387
If you could decrypt the string, it would defeat the purpose of hashing it in the first place ;)

You md5 hash the password going in too and compare that with what is in the database. Basically trace out where your login page is posting too, and on that page find the mysql query that hits the database to try and find a user with a matching username/password. Then change the part of the query that uses the password variable to be an md5() of the password variable instead.
0
 
LVL 2

Author Comment

by:Ryan Bayne
ID: 21879892
Oops sorry about that

Well I read about MD5 briefly and yes I think I managed to take it in and so I attempt to change the password on login using MD5 then compare it but this is not working...

$mypasspre = $_POST['mypassword'];
$mypass = md5($mypasspre);
      
$sql = "SELECT * FROM users WHERE uname = '$myuser' AND passwd = '$mypass'";


$auth = "";

$myuser = $_POST['myusername']; 

$mypasspre = $_POST['mypassword']; 

$mypass = md5($mypasspre);

	 

$sql = "SELECT * FROM users WHERE uname = '$myuser' AND passwd = '$mypass'";

 

//Set query

$result = mysql_query($sql);

//Retrieve data - populate level from access and userid from users table ID's and not username

while ($data = mysql_fetch_assoc($result)) {

    $level = $data["access"];

		$userid = $data["id"];

}
 

//Count number of records by row

$count = mysql_num_rows($result);

 

// If result matched $myusername and $mypassword, table row must be 1 row - $logout variable used on index page to kill session on logout
 

if($count==1 && $level=='closed')//Send to account closed page

{

        $_SESSION['auth']="no";

        $_SESSION['access']="closed";

        header("location: ../index.php?cellname=pagecells/suspended.php");

				$logout == "opensession";

}

else if($count==1 && $level=='master')//Send to web master page

{

        $_SESSION['auth']="yes";

        $_SESSION['access']="master";

				$_SESSION['userid']=$userid; //Planned use is to attain data in other tables

        header("location: ../index.php?cellname=pagecells/admin/master.php");

				$logout == "opensession";

}

else if($count==1 && $level=='admin')//Send to basic admin area

{

        $_SESSION['auth']="yes";

        $_SESSION['access']="admin";

				$_SESSION['userid']=$userid;

        header("location: ../index.php?cellname=pagecells/admin/admin.php");

				$logout == "opensession";

}

else if($count==1 && $level=='member')//Send to member page

{

        $_SESSION['auth']="yes";

        $_SESSION['access']="member";

				$_SESSION['userid']=$userid;

        header("location: ../index.php?cellname=pagecells/member/member.php");

				$logout == "opensession";

}

else

{

        $_SESSION['auth']="no";

        $_SESSION['access']="denied";

        header("location: ../index.php?cellname=pagecells/failed.php");

        exit();

}

 

?>

Open in new window

0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 21882599
that looks good. about the only thing I can think of to try immediately is restart apache in case it has an earlier version (where you compared the parameter straight to the db) cached.
0
 
LVL 31

Accepted Solution

by:
Frosty555 earned 150 total points
ID: 21883288
If you're still having trouble, do a print_r() on the $_POST variable, and echo the $sql variable, then die() on your page, so you can see what was posted to the page and what the sql statement was.
0
 
LVL 20

Assisted Solution

by:virmaior
virmaior earned 150 total points
ID: 21883297
one other possibility is if you originally hashed the passwords with MySQL's MD5 function.  It has slightly different behavior depending on the encoding used.  But this is simple to check.  

echo the md5'd value and compare with  the value in the database by hand.
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 150 total points
ID: 21883524
virmalor: he says that putting the hashed entry in works though. that wouldn't be true if you had a different hash being used.
still, that would still help as if it is a cached copy, you wouldn't see the echo :)
0
 
LVL 20

Assisted Solution

by:virmaior
virmaior earned 150 total points
ID: 21883587
Dave:  what are you talking about?  

you can echo the value of an md5 and you can look in the DB to see what value you have for the pw.

perhaps I wasn't clear in saying  that is what would be useful as feedback?
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 150 total points
ID: 21884293
virmaior: he has looked in the database and sees that the hashed value in the data field is  65e156e673a5aa1 - which is a good start. however if he *supplies*  65e156e673a5aa1  as the password, he gets in (rather than the original unhashed password) which means the password query code is querying on the passed string, not on the hash of the passed string. as almost certainly he started with an unhashed password and added hashing, and given the code he has posted here looks correct, my assumption is that the code he has pasted here *isn't* the code he is running, due to memory caching in mod_php.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 20

Assisted Solution

by:virmaior
virmaior earned 150 total points
ID: 21884357
Dave, the only place where he mentions that is in his question.  It's not quite that clear the value in the DB is that.  It is clear that this is the outcome of running md5 in php on his pw.
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 150 total points
ID: 21884553
he says -

I need to actually use 65e156e673a5aa1 as my password to login with success however, the submitted password does not work.

I don't see any other way to read that other than him using the hash as the submitted password in place of the original.
0
 
LVL 31

Assisted Solution

by:Frosty555
Frosty555 earned 150 total points
ID: 21887284
Let me clear this up. DaveHowe was stating that since OP stated that typing in the hash directly as the password worked, that it most likely is NOT the case that mysql's md5 implementation and php's md5 implementation differ. He went on to say that one possibility for the code still not working is that PHP is executing a cached copy of the code - but then that if that was the case having the echo statement in there would provide verification that caching isn't a problem - if it was you wouldn't see the echo statement at all.

As soon as he implements the md5 hashing of the password going *in*, typing in the hash as the password will no longer allow you to login. The hash would be hashed again and not match anymore.

So lets just wait for OP to get back to us on what his debug info was.
0
 
LVL 5

Assisted Solution

by:mnb93
mnb93 earned 50 total points
ID: 21907052
Please look into mysql_real_escape_string() and SQL injections. :)

On topic:
65e156e673a5aa1 is too short to be a MD5 sum, it is most likely that you have set the field size too small.
MD5 as hex is 32 chars long. Try using CHAR(32)
0
 
LVL 31

Assisted Solution

by:Frosty555
Frosty555 earned 150 total points
ID: 21909677
good eye mnb93, I didn't notice that. technically the password submitted by the user doesn't need to be sanitized, since it should be hashed before it is used in a query... but sanitizing *all* user input, like the username, is a good idea.
0
 
LVL 2

Author Comment

by:Ryan Bayne
ID: 21930388
My silly mistake on the length being 15 characters MAX. Changed it to CHAR(32) and its all good.

And thanks to all I understand MD5 etc a bit more

cheers
0
 
LVL 5

Expert Comment

by:mnb93
ID: 21930456
Just wondering why I only got 50 points for giving you the correct answer? I can't see the correct answer anywhere else on the page.
0
 
LVL 20

Expert Comment

by:virmaior
ID: 21930646
mnb93 - i was leading him towards the same answer.  i think that counts for something.
0
 
LVL 5

Expert Comment

by:mnb93
ID: 21930979
From your comments you are saying that it might be the difference in how the character sets are handled in PHP and MySQL.

The Asker accepted "If you're still having trouble, do a print_r() on the $_POST variable, and echo the $sql variable, then die() on your page, so you can see what was posted to the page and what the sql statement was."
as the solution, which is clearly not the solution, nor would it aid in this case.
0
 
LVL 20

Expert Comment

by:virmaior
ID: 21933042
mnb93 - no, if you'll notice i told him to: echo the md5 in PHP and to show us the value from the DB.  If he did so, he would see the values are different.  Among other things, I suggested that the difference might be in how the character sets are handled in his versions of php and MySQL.

it looks like the asker is of the theory that everyone helped him with the problem and thus deserves some of the bounty.
0
 
LVL 5

Expert Comment

by:mnb93
ID: 21935743
Although you leaned to the answer, that doesn't explain why the correct answer:
a) Not being marked as the answer
b) Not getting the majority of the points.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Re-imbursement Claim System 3 25
Time difference 10 35
How to install phpMyAdmin on AWS Elastic Beanstalk 2 36
Phone Dialer 5 37
As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now