stackoom
  简体   繁体   中英

Change encrypted password on mysql

 原文  2021-03-31 07:28:00       php/ mysql/ ubuntu/ web/ passwords

Question

I am trying to enter the admin panel of a web which I don't know the password of, the web has an older backup where I can enter the admin panel, from the old db I copied the field of the old encrypted password that works on the new db, but it does not work, I don't know that much about webs, so I don't really know if the password field is linked to something that decrypts the password, thanks for you help.

在此处输入图像描述

2 answers

solution1
 0  2021-03-31 07:37:23

If you want to change the encrypted password, you should know the encrypt algorithm first then you make the another one from plain text password that you know.

Example: you know the algorithm using md5, then u should encrypt text "password" into md5 algorithm then change the password from the db admin, you can encrypt plain text into md5 from this site https://www.md5hashgenerator.com/

solution2
 0  2021-03-31 07:47:45

Probabily will not work. Why?

When you pressing "log/start/sign in,etc", all data form are urlencoded and your password will be transform to hash, or encrypted AND hash. encryption doesn't matter really (a priori)

If your password is "helloword$1234" it will throw: "a3eb447769293c93f56060b4994a4149" so it means your password will not be "text plain" between client and server for avoid hooks & leaks. Some attackers can get your request with your urencoded data but will not get the real password (encrypted or not) because in throry hash's can not be reversed

Your server will get "a3eb447769293c93f56060b4994a4149" then server-app will get HASHED password from db table (never the real password) to compare between password submited; "a3eb447769293c93f56060b4994a4149" == "a3eb447769293c93f56060b4994a4149".

If you put "a3eb447769293c93f56060b4994a4149" (what you're watching in db table), in login form, that client (front end) will take this "a3eb447769293c93f56060b4994a4149" and will HASH YOUR HASH. So "a3eb447769293c93f56060b4994a4149" will output "5d88b7458b31365dc9860007dfca5685".- Then your server-app will get "5d88b7458b31365dc9860007dfca5685" and compare "a3eb447769293c93f56060b4994a4149" == "5d88b7458b31365dc9860007dfca5685" (false). It will reject your because you sent a hash hashed what will never be equal.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question To select the encrypted password from mysql update encrypted password in MySQL database php login to mysql encrypted password Compare encrypted password mysql/php Decryption of password encrypted using PASSWORD() function of mysql how to call encrypted Password PHP to Android Mysql Digest authentication with encrypted stored password in mysql Connect php to mysql safely using encrypted password Convert plain text password in mysql database to bcrypt encrypted password C# - MySQL Database, Check password is correct when it's encrypted?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM