Solved

decrypt md5 query

Posted on 2011-09-19
9
1,270 Views
Last Modified: 2013-11-13
I have an ecrypted password stored in mysql as:

               14e00514453e607339e844af173ec3b4

I know the password is 'meant to be 'camel4zoo' but the user canot login. I also know the salt string that is applied to get the above md5 hash. How can I find out what the password is and if there is some sort of error in the encrypt function being used by teh system (moodle).

Thanks

Thanks
0
Comment
Question by:Needy11
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +3
9 Comments
 
LVL 8

Expert Comment

by:raulggonzalez
ID: 36559515
Hi, maybe you're doing it already but just in case...

if you keep the password encrypted in DB, you must encrypt the input password to compare it with the stored one.

so whatever the user types as pass, you have to do md5 of it to compare md5(typed) = stored

Hope it helps.

cheers
0
 
LVL 14

Expert Comment

by:nishant joshi
ID: 36559845
0
 
LVL 14

Expert Comment

by:nishant joshi
ID: 36559847
0
Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

 
LVL 34

Assisted Solution

by:Beverley Portlock
Beverley Portlock earned 50 total points
ID: 36560845
You cannot decrypt an MD5 because it is not an encryption - it is a digest number and it is ALWAYS 32 characters in size no matter what you feed in to it.

All you can do is feed your password into an MD5 function and see if the digest produced is the same is the one you have stored (as mentioned by rualgonalez above). Be careful with uppercase / lowercase issues and ensure that your strings contain no leading or trailing spaces (see http://www.php.net/trim for more info).

Finally, not all MD5 functions rteurn the same answer, so if the stored one was created with the MySQL MD5() function then use that rather than PHPs md5() to generate the one you wish to test. Make sure your salt string is EXACTLY the same and in the same sequence as the one you are testing against.
0
 

Author Comment

by:Needy11
ID: 36561283
Thanks for this. Is there any online app I can use to feed the salt string and md5 to verify outputs? I'm not really a developer.
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 36561558
Not really. It is a small piece of PHP or PHP/MySQL that would not be worth writing an 'app' for. For instance this sort of scenario is typical


$password = trim( .... some input or other );
$rs = mysql_query("select * from myTable where username='$username' and password=MD5('$password') ");

if ( mysql_num_rows($rs) > 0 ) {
    .. passwords matched
}
0
 
LVL 25

Accepted Solution

by:
lenamtl earned 150 total points
ID: 36564247
Hi,
The user can use the 'Send my details via email' button on the login page.

salt and md5 infos are set in config.php

More info on Moodle - password salting
http://docs.moodle.org/19/en/Password_salting

You can try http://moodlesite/passchange.php 
Sometimes after update pw may not work correctly so maybe this is why it's not working anymore.
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 36595300
You can feed strings to the md5() function on my server, here:
http://www.laprbass.com/RAY_md5.php

http://www.laprbass.com/RAY_md5.php?s=camel4zoo yields a0ab41837796d1c22156ff7f25664d3a.
0
 
LVL 110

Assisted Solution

by:Ray Paseur
Ray Paseur earned 50 total points
ID: 36595307
Sorry - I meant to post the script, too.

HTH, ~Ray
<?php // RAY_md5.php
echo "<pre>" . PHP_EOL;

if (!empty($_GET["s"]))
{
    $l = strlen($_GET["s"]) + 5;
    $r = substr("     1...5...10...15...20...25...30...35...40...45...50...55...60...65...70...75...80...85...90...95..100...", 0, $l);
    echo $r . PHP_EOL;
    echo "md5(\"{$_GET["s"]}\") = " . md5($_GET["s"]) . PHP_EOL;
}
?>
<form>ENTER SOMETHING:
<input name="s">
<input type="submit">
</form>

Open in new window

0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this series, we will discuss common questions received as a database Solutions Engineer at Percona. In this role, we speak with a wide array of MySQL and MongoDB users responsible for both extremely large and complex environments to smaller singl…
This post looks at MongoDB and MySQL, and covers high-level MongoDB strengths, weaknesses, features, and uses from the perspective of an SQL user.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question