?
Solved

decrypt md5 query

Posted on 2011-09-19
9
Medium Priority
?
1,363 Views
Last Modified: 2013-11-13
I have an ecrypted password stored in mysql as:

               14e00514453e607339e844af173ec3b4

I know the password is 'meant to be 'camel4zoo' but the user canot login. I also know the salt string that is applied to get the above md5 hash. How can I find out what the password is and if there is some sort of error in the encrypt function being used by teh system (moodle).

Thanks

Thanks
0
Comment
Question by:Needy11
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +3
9 Comments
 
LVL 8

Expert Comment

by:raulggonzalez
ID: 36559515
Hi, maybe you're doing it already but just in case...

if you keep the password encrypted in DB, you must encrypt the input password to compare it with the stored one.

so whatever the user types as pass, you have to do md5 of it to compare md5(typed) = stored

Hope it helps.

cheers
0
 
LVL 14

Expert Comment

by:nishant joshi
ID: 36559847
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 34

Assisted Solution

by:Beverley Portlock
Beverley Portlock earned 200 total points
ID: 36560845
You cannot decrypt an MD5 because it is not an encryption - it is a digest number and it is ALWAYS 32 characters in size no matter what you feed in to it.

All you can do is feed your password into an MD5 function and see if the digest produced is the same is the one you have stored (as mentioned by rualgonalez above). Be careful with uppercase / lowercase issues and ensure that your strings contain no leading or trailing spaces (see http://www.php.net/trim for more info).

Finally, not all MD5 functions rteurn the same answer, so if the stored one was created with the MySQL MD5() function then use that rather than PHPs md5() to generate the one you wish to test. Make sure your salt string is EXACTLY the same and in the same sequence as the one you are testing against.
0
 

Author Comment

by:Needy11
ID: 36561283
Thanks for this. Is there any online app I can use to feed the salt string and md5 to verify outputs? I'm not really a developer.
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 36561558
Not really. It is a small piece of PHP or PHP/MySQL that would not be worth writing an 'app' for. For instance this sort of scenario is typical


$password = trim( .... some input or other );
$rs = mysql_query("select * from myTable where username='$username' and password=MD5('$password') ");

if ( mysql_num_rows($rs) > 0 ) {
    .. passwords matched
}
0
 
LVL 26

Accepted Solution

by:
lenamtl earned 600 total points
ID: 36564247
Hi,
The user can use the 'Send my details via email' button on the login page.

salt and md5 infos are set in config.php

More info on Moodle - password salting
http://docs.moodle.org/19/en/Password_salting

You can try http://moodlesite/passchange.php 
Sometimes after update pw may not work correctly so maybe this is why it's not working anymore.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 36595300
You can feed strings to the md5() function on my server, here:
http://www.laprbass.com/RAY_md5.php

http://www.laprbass.com/RAY_md5.php?s=camel4zoo yields a0ab41837796d1c22156ff7f25664d3a.
0
 
LVL 111

Assisted Solution

by:Ray Paseur
Ray Paseur earned 200 total points
ID: 36595307
Sorry - I meant to post the script, too.

HTH, ~Ray
<?php // RAY_md5.php
echo "<pre>" . PHP_EOL;

if (!empty($_GET["s"]))
{
    $l = strlen($_GET["s"]) + 5;
    $r = substr("     1...5...10...15...20...25...30...35...40...45...50...55...60...65...70...75...80...85...90...95..100...", 0, $l);
    echo $r . PHP_EOL;
    echo "md5(\"{$_GET["s"]}\") = " . md5($_GET["s"]) . PHP_EOL;
}
?>
<form>ENTER SOMETHING:
<input name="s">
<input type="submit">
</form>

Open in new window

0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog post, we’ll look at how ClickHouse performs in a general analytical workload using the star schema benchmark test.
What do responsible coders do? They don't take detrimental shortcuts. They do take reasonable security precautions, create important automation, implement sufficient logging, fix things they break, and care about users.
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …
Introduction to Processes
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question