decrypt md5 query

I have an ecrypted password stored in mysql as:

               14e00514453e607339e844af173ec3b4

I know the password is 'meant to be 'camel4zoo' but the user canot login. I also know the salt string that is applied to get the above md5 hash. How can I find out what the password is and if there is some sort of error in the encrypt function being used by teh system (moodle).

Thanks

Thanks
Needy11Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
lenamtlConnect With a Mentor Commented:
Hi,
The user can use the 'Send my details via email' button on the login page.

salt and md5 infos are set in config.php

More info on Moodle - password salting
http://docs.moodle.org/19/en/Password_salting

You can try http://moodlesite/passchange.php 
Sometimes after update pw may not work correctly so maybe this is why it's not working anymore.
0
 
raulggonzalezCommented:
Hi, maybe you're doing it already but just in case...

if you keep the password encrypted in DB, you must encrypt the input password to compare it with the stored one.

so whatever the user types as pass, you have to do md5 of it to compare md5(typed) = stored

Hope it helps.

cheers
0
 
nishant joshiTechnology Development ConsultantCommented:
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
nishant joshiTechnology Development ConsultantCommented:
0
 
Beverley PortlockConnect With a Mentor Commented:
You cannot decrypt an MD5 because it is not an encryption - it is a digest number and it is ALWAYS 32 characters in size no matter what you feed in to it.

All you can do is feed your password into an MD5 function and see if the digest produced is the same is the one you have stored (as mentioned by rualgonalez above). Be careful with uppercase / lowercase issues and ensure that your strings contain no leading or trailing spaces (see http://www.php.net/trim for more info).

Finally, not all MD5 functions rteurn the same answer, so if the stored one was created with the MySQL MD5() function then use that rather than PHPs md5() to generate the one you wish to test. Make sure your salt string is EXACTLY the same and in the same sequence as the one you are testing against.
0
 
Needy11Author Commented:
Thanks for this. Is there any online app I can use to feed the salt string and md5 to verify outputs? I'm not really a developer.
0
 
Beverley PortlockCommented:
Not really. It is a small piece of PHP or PHP/MySQL that would not be worth writing an 'app' for. For instance this sort of scenario is typical


$password = trim( .... some input or other );
$rs = mysql_query("select * from myTable where username='$username' and password=MD5('$password') ");

if ( mysql_num_rows($rs) > 0 ) {
    .. passwords matched
}
0
 
Ray PaseurCommented:
You can feed strings to the md5() function on my server, here:
http://www.laprbass.com/RAY_md5.php

http://www.laprbass.com/RAY_md5.php?s=camel4zoo yields a0ab41837796d1c22156ff7f25664d3a.
0
 
Ray PaseurConnect With a Mentor Commented:
Sorry - I meant to post the script, too.

HTH, ~Ray
<?php // RAY_md5.php
echo "<pre>" . PHP_EOL;

if (!empty($_GET["s"]))
{
    $l = strlen($_GET["s"]) + 5;
    $r = substr("     1...5...10...15...20...25...30...35...40...45...50...55...60...65...70...75...80...85...90...95..100...", 0, $l);
    echo $r . PHP_EOL;
    echo "md5(\"{$_GET["s"]}\") = " . md5($_GET["s"]) . PHP_EOL;
}
?>
<form>ENTER SOMETHING:
<input name="s">
<input type="submit">
</form>

Open in new window

0
All Courses

From novice to tech pro — start learning today.