Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 588
  • Last Modified:

Password Encrypted MD5

I had someone working on a database / website for me and I cannot contact him right now.  I have downloaded the database, but the password is encrypted.

I have two pages where the md5.asp is added to the admin page.  My thoughts are this:
Remove those references and upload the pages.
Upload the database (with a backup copy on my system) with a simple text password (i.e. password)
Then I should be able to sign in without any problems?  Or is there something that I missed.  I just need to get this going pretty soon

Thanks!
0
coreybryant
Asked:
coreybryant
  • 13
  • 11
1 Solution
 
Wayne BarronCommented:
Hello Corey
You cannot reverse the md5.
And I strongly suggest that you do not remove it from your code.

Is the site setup to allow the creation of a new user?
If so, then create a new user, and a password for that user.
Then copy the password from that user to the admin user in the database
And then login to the system.

That is the best and safest way to do it.

Carrzkiss
0
 
coreybryantAuthor Commented:
I seem to have most of it done.  Unfortunately, getting to a new user was not shown / uploaded.

I had this code
MM_rsUser.Open "SELECT adminUsername, adminPassword FROM config WHERE adminUsername='" & Replace(MM_valUsername,"'","''") &"' AND adminPassword='" & objMD5.HEXMD5 & "'",Database, 0, 1

Open in new window

and changed it to:
MM_rsUser.Open "SELECT adminUsername, adminPassword FROM config WHERE adminUsername='" & Replace(MM_valUsername,"'","''") &"' AND adminPassword='",Database, 0, 1

Open in new window

I get an error:
Microsoft JET Database Engine error '80040e14'
Syntax error in string in query expression 'adminUsername='admin' AND adminPassword=''.
/admin/admin.asp, line 26
I think I am on the right track and I can enable MD5 again once I fix this.  Going through all the emails though, I see the user / pass that should work but does not.

Thanks!
0
 
hieloCommented:
try resetting the password instead. Originally you had this:

MM_rsUser.Open "SELECT adminUsername, adminPassword FROM config WHERE adminUsername='" & Replace(MM_valUsername,"'","''") &"' AND adminPassword='" & objMD5.HEXMD5 & "'",Database, 0, 1


So, now change your code to this:

Database.Execute "UPDATE config set password='" & objMD5.HEXMD5 & "' WHERE adminUsername='" & Replace(MM_valUsername,"'","''") & "'"

MM_rsUser.Open "SELECT adminUsername, adminPassword FROM config WHERE adminUsername='" & Replace(MM_valUsername,"'","''") &"' AND adminPassword='" & objMD5.HEXMD5 & "'",Database, 0, 1

BUT as soon as you run that code once, remove the UPDATE code completely!
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
coreybryantAuthor Commented:
The original code also had included files (that I removed)
<!--#include file="class_md5.asp" -->

Open in new window

Should I add that back first? (And replace the DB with the orig DB?)  I made copies of all the files / databases of course if I have to revert back to the other way.
0
 
hieloCommented:
>>Should I add that back first?
Of course. You'll need so that when the password is updated, it is once again md5 encrypted. Having "clear" passwords is NOT a good idea.

SO, again, on the ORIGINAL code where you got that "SELECT ..." from (most likely some login page), you need to put the UPDATE code just before it, which will allow you to reset the password to whatever you just typed in your login form.
0
 
coreybryantAuthor Commented:
OK thanks,  I went back, added everything to what you suggested.

When I went to the page, it wanted a username / password.  I was not certain what to enter, so I entered the default and hit submit.

This error came up:
Microsoft JET Database Engine error '80040e14'
Syntax error in UPDATE statement.
/admin/admin.asp, line 45
Line 45
Database.Execute "UPDATE config set password='" & objMD5.HEXMD5 & "' WHERE adminUsername='" & Replace(MM_valUsername,"'","''") & "'"

Open in new window

0
 
hieloCommented:
What DB are you using?  How are you connecting to the db?

I'm assuming that ORIGINALLY (before you posted your question here) you were attempting to login to some page and on that page it kept telling "Invalid username or password" (or something equivalent). It is on THAT code that you were supposed to add the update statement, since based on your SELECT, it seems the variable Database IS a connection object - is it?
0
 
coreybryantAuthor Commented:
Using MS Access.  Yes it was telling me incorrect login.  I do know the username is admin

When I changed to the MD5, I added the md5.asp file and included into two files (admin.asp / update_pass.asp).  admin.asp is the page where I login to the control section.
Connection String:
MM_blog_STRING = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=D:\Websites\example.com\db\blog.mdb;Persist Security Info=False"

Open in new window

0
 
hieloCommented:
What is in class_md5.asp? I need to see how you create an object and assign it a value because that's what you will need to insert into the db.
0
 
hieloCommented:
Going back to ID:36504993, since you said " I do know the username is admin", then you can simplify the execute to:

Database.Execute "UPDATE config set password='hello' WHERE adminUsername='admin' "

BUT that will insert a "plain" password instead of an md5 password. Your login page is actually taking a "plain" password, computes the md5, and THEN compares against the md5 you have stored in your db.  On the example above, if you were to type "admin" as your password, it will always fail because what it is actually doing is saving a plain password in the db, but your login script is first converting the user input to an md5 and then would compare the md5 against what's on the db (which in the admin example would be a plain password).  Hence my question about your class_md5.asp.
0
 
coreybryantAuthor Commented:
No worries, here is the attachment.  

I was trying to find the original script before we added this, but so far, no luck.   I remember we only added a couple of lines.  Thanks!
md5.txt
0
 
hieloCommented:
try:
'if you change "newPassword" to the password that you want, then it should reset the password
'as soon as you attempt to login using 'admin' as the username.
'NOTE: be sure to remove the code below from your code immediately after you login.
Dim hielo
hielo=new MD5
hielo.text="newPassword"
Database.Execute "UPDATE config set password='" & hielo.HEXMD5 & "' WHERE adminUsername='admin'"
Set hielo=Nothing

MM_rsUser.Open "SELECT adminUsername, adminPassword FROM config WHERE adminUsername='" & Replace(MM_valUsername,"'","''") &"' AND adminPassword='" & objMD5.HEXMD5 & "'",Database, 0, 1

Open in new window

0
 
coreybryantAuthor Commented:
Sorry, just to make sure - that should go into the admin.asp with all the original code (asp files) and database?  And when I bring up the admin.asp page, will it bring up a login form?

Thanks!
0
 
hieloCommented:
Based on post ID:36504891, yes, it seems that on admin.asp is where you originally had the SELECT. So the update needs to be executed before that select.
0
 
coreybryantAuthor Commented:
I entered that information into the admin.asp page.  The username / password boxes came up.  So I enter admin / newPassword.  

This is the error:
Microsoft VBScript runtime error '800a01b6'
Object doesn't support this property or method
/admin/admin.asp, line 48

Line 48:
hielo=new MD5

Open in new window


I included the admin.asp to maybe help some.  Thanks again!
admin.txt
0
 
hieloCommented:
my apologies for the oversight. It should have been:
Set hielo=new MD5
0
 
coreybryantAuthor Commented:
No worries.  I was able to bring up the admin.asp page.  I am guessing that when I entered this URL into the browser (http://www.example.com/admin/admin.asp) that it changed the password to newPassword?

Now, I need to close that window, remove the code:
 'if you change "newPassword" to the password that you want, then it should reset the password
'as soon as you attempt to login using 'admin' as the username.
'NOTE: be sure to remove the code below from your code immediately after you login.
Dim hielo
hielo=new MD5
hielo.text="newPassword"
Database.Execute "UPDATE config set password='" & hielo.HEXMD5 & "' WHERE adminUsername='admin'"
Set hielo=new MD5

Open in new window

upload admin.asp page, go to the URL again and enter username admin and password newPassword - and then change the password?

Thanks again!
0
 
hieloCommented:
>> I am guessing that when I entered this URL into the browser ... that it changed the password to newPassword?
No. Simply "loading" that page will not reset it. When that page loads, you should see a login form where you type your username/password.  Fill those fields (with anything for now). As soon as you submit the form then it will reset the password.  As a matter of fact, if you change:

hielo.text="newPassword"

with:
hielo.text=Request.Form("password")

whatever password you type in the password field will become your new password. THEN go back an remove the snippet of code I gave you so that the password is not reset over and over.
0
 
coreybryantAuthor Commented:
OK, I kept it simple and used admin / newPassword.  I did not change any part of the code (except the part your provided).

When I hit submit, an error was generate:
Microsoft JET Database Engine error '80040e14'
Syntax error in UPDATE statement.
/admin/admin.asp, line 50
Set hielo=Nothing

Open in new window


Right now, the (new) code that is in there is
 'if you change "newPassword" to the password that you want, then it should reset the password
'as soon as you attempt to login using 'admin' as the username.
'NOTE: be sure to remove the code below from your code immediately after you login.
Dim hielo
Set hielo=new MD5
hielo.text="newPassword"
Database.Execute "UPDATE config set password='" & hielo.HEXMD5 & "' WHERE adminUsername='admin'"
Set hielo=Nothing

Open in new window

Thanks!
0
 
hieloCommented:
Try commenting it out:
'Set hielo=Nothing

OR get rid of that line completely.
0
 
coreybryantAuthor Commented:
Received the same error on Line 50
Database.Execute "UPDATE config set password='" & hielo.HEXMD5 & "' WHERE adminUsername='admin'"

Open in new window

0
 
hieloCommented:
OK, the problem is that password is a reserved word. To avoid these problems in the future, enclose your field and table names with brackets:

Database.Execute "UPDATE [config] set [password]='" & hielo.HEXMD5 & "' WHERE  [adminUsername]='admin'"

The same applies to the SELECT that follows:

      MM_rsUser.Open "SELECT [adminUsername], [adminPassword] FROM [config] WHERE [adminUsername]='" & Replace(MM_valUsername,"'","''") &"' AND [adminPassword]='" & objMD5.HEXMD5 & "'",Database, 0, 1

Which now brings me to another point. According to your SELECT statement, the field that stores the password is named "adminPassword", but on your UPDATE statement we have been trying/using "password". You need to double check the config table in your db. IF in fact the fieldname is "adminPassword", then use:

Database.Execute "UPDATE [config] set [adminPassword]='" & hielo.HEXMD5 & "' WHERE  [adminUsername]='admin'"

Since you already had that SELECT in place, my guess it that is should be "adminPassword", so below is an updated portion of your code.  Update your file accordingly.

...

If MM_valUsername <> "" Then
	MM_fldUserAuthorization=""
	MM_redirectLoginSuccess="main.asp"
	MM_redirectLoginFailed="admin.asp?lf=true"
	
	Set Database = Server.CreateObject("ADODB.connection")
	Database.Open  "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Datafile & ";"

	Set MM_rsUser = Server.CreateObject("ADODB.recordset")

	'if you change "newPassword" to the password that you want, then it should reset the password
	'as soon as you attempt to login using 'admin' as the username.
	'NOTE: be sure to remove the code below from your code immediately after you login.
	Dim hielo
	Set hielo=new MD5
	hielo.text="newPassword"
	Database.Execute "UPDATE [config] set [adminPassword]='" & hielo.HEXMD5 & "' WHERE [adminUsername]='admin'"
	Set hielo=Nothing

	MM_rsUser.Open "SELECT [adminUsername], [adminPassword] FROM [config] WHERE [adminUsername]='" & Replace(MM_valUsername,"'","''") &"' AND [adminPassword]='" & objMD5.HEXMD5 & "'",Database, 0, 1
  

	If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then 
		' username and password match - this is a valid user
		Session("MM_Username") = MM_valUsername
		If (MM_fldUserAuthorization <> "") Then
			Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
		Else
			Session("MM_UserAuthorization") = ""
		End If
		if CStr(Request.QueryString("accessdenied")) <> "" And true Then
			MM_redirectLoginSuccess = Request.QueryString("accessdenied")
		End If
		MM_rsUser.Close
		Response.Redirect(MM_redirectLoginSuccess)
	End If
	MM_rsUser.Close
	Response.Redirect(MM_redirectLoginFailed)
End If
...

Open in new window

0
 
coreybryantAuthor Commented:
Thanks, that worked.  Hopefully I can go back to the original code right now before changing the password.
0
 
coreybryantAuthor Commented:
Since the change password was on another page, that part was successful.  But when I logged out and logged back in, I received an error
Microsoft JET Database Engine error '80040e14'
Syntax error in UPDATE statement.
/admin/admin.asp, line 43
Line 43-47
 Set MM_rsUser = Server.CreateObject("ADODB.recordset")
  MM_rsUser.Open "SELECT adminUsername, adminPassword FROM config WHERE adminUsername='" & Replace(MM_valUsername,"'","''") &"' AND adminPassword='" & objMD5.HEXMD5 & "'",Database, 0, 1
Database.Execute "UPDATE config set password='" & objMD5.HEXMD5 & "' WHERE adminUsername='" & Replace(MM_valUsername,"'","''") & "'"

MM_rsUser.Open "SELECT adminUsername, adminPassword FROM config WHERE adminUsername='" & Replace(MM_valUsername,"'","''") &"' AND adminPassword='" & objMD5.HEXMD5 & "'",Database, 0, 1

Open in new window

I am pretty sure I went back to the original admin.asp code, but I am not exactly sure.  I think I have a double line code in there.

In a Config table, there is AdminUsername and AdminPassword
0
 
coreybryantAuthor Commented:
I forgot that I had a backup copy of this site in a zipped file.  I went back to reference that I updated the code to
 Set MM_rsUser = Server.CreateObject("ADODB.recordset")
  MM_rsUser.Open "SELECT adminUsername, adminPassword FROM config WHERE adminUsername='" & Replace(MM_valUsername,"'","''") &"' AND adminPassword='" & objMD5.HEXMD5 & "'",Database, 0, 1

  If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then 
    ' username and password match - this is a valid user

Open in new window

I was able to sign in with the username / password.  

I should have implemented the MD5 after the development was done, but the developer was going along at a good speed.  Thanks for hanging in there and helping
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

  • 13
  • 11
Tackle projects and never again get stuck behind a technical roadblock.
Join Now