Text only | Text with Images

Simple Machines Community Forum

SMF Support => SMF 2.0.x Support => Topic started by: Jetfirehack on August 29, 2008, 02:10:43 PM

Title: SMF 2.0 Hashes?
Post by: Jetfirehack on August 29, 2008, 02:10:43 PM
I was wondering what hashing 2.0 used because I'm trying to recover my password, went on vacation for a few weeks and I forgot my pw that I use with everything...

sha1($username.$pass) [PHP] - used with SMF 1.1.x. <- Is it same thing with 2.0 too?
Title: Re: SMF 2.0 Hashes?
Post by: pzt on August 29, 2008, 05:20:51 PM
I believe it is salted SHA1.
Title: Re: SMF 2.0 Hashes?
Post by: Jetfirehack on August 29, 2008, 07:44:12 PM
Well I tried everything on insidepro.com's program, including the sha-1's... Maybe SMF 2.0 has a custom thingy? =\
Title: Re: SMF 2.0 Hashes?
Post by: Nathaniel on August 29, 2008, 08:29:07 PM
SMF does use salted SHA1, which means that its really difficult to get your password back (might take a few years), even if you have end result of the process that is stored in the database. I suggest that you use the 'Password Recovery' function to get the password back, or create a new password and then use the 'sha1($username.$pass)' process to create a new value that you can put into the database.
Title: Re: SMF 2.0 Hashes?
Post by: Jetfirehack on August 29, 2008, 09:36:16 PM
Quote from: LHVWB on August 29, 2008, 08:29:07 PM
SMF does use salted SHA1, which means that its really difficult to get your password back (might take a few years), even if you have end result of the process that is stored in the database. I suggest that you use the 'Password Recovery' function to get the password back, or create a new password and then use the 'sha1($username.$pass)' process to create a new value that you can put into the database.
Well i just made a new user acc, and tested, with
sha1($username.$pass)
On dictionary attack with passwordspro, password I tested with was "password" but it didn't come up... ?
Title: Re: SMF 2.0 Hashes?
Post by: greyknight17 on August 31, 2008, 12:34:52 PM
I wouldn't even bother trying to decrypt the password. It won't be an easy thing to do, which is SMF's intention.

If you forgot your password, do the following to gain administrator access again:

Register a new account. Open Notepad from Windows and copy/paste the following into it. Change yourusername to the new account you just registered with. Save it as "adminfix.php" (with double quotes). Upload it to the same folder where you SSI.php is located (root of SMF). Then go to http://www.yourforum.com/adminfix.php to run it. That should make the new account an administrator.

Code Select
<?php

include_once('SSI.php');
global $db_prefix;

$adminsquirt = db_query("UPDATE {$db_prefix}members
SET ID_GROUP = '1' WHERE memberName = 'yourusername'",__FILE__, __LINE__);

?>

Make sure you delete this file when you are done.
Text only | Text with Images