• Welcome to Simple Machines Community Forum. Please login or sign up.

SMF 2.0 Hashes?

Started by Jetfirehack, August 29, 2008, 02:10:43 PM

Previous topic - Next topic

Jetfirehack

I was wondering what hashing 2.0 used because I'm trying to recover my password, went on vacation for a few weeks and I forgot my pw that I use with everything...

sha1($username.$pass) [PHP] - used with SMF 1.1.x. <- Is it same thing with 2.0 too?

pzt

I believe it is salted SHA1.

Jetfirehack

Well I tried everything on insidepro.com's program, including the sha-1's... Maybe SMF 2.0 has a custom thingy? =\

Nathaniel

SMF does use salted SHA1, which means that its really difficult to get your password back (might take a few years), even if you have end result of the process that is stored in the database. I suggest that you use the 'Password Recovery' function to get the password back, or create a new password and then use the 'sha1($username.$pass)' process to create a new value that you can put into the database.
SMF Friend (Former Support Specialist) | SimplePortal Developer
My SMF Mods | SimplePortal

"Quis custodiet ipsos custodes?" - Who will Guard the Guards?

Please don't send me ANY support related PMs. I will just delete them.

Jetfirehack

Quote from: LHVWB on August 29, 2008, 08:29:07 PM
SMF does use salted SHA1, which means that its really difficult to get your password back (might take a few years), even if you have end result of the process that is stored in the database. I suggest that you use the 'Password Recovery' function to get the password back, or create a new password and then use the 'sha1($username.$pass)' process to create a new value that you can put into the database.
Well i just made a new user acc, and tested, with
sha1($username.$pass)
On dictionary attack with passwordspro, password I tested with was "password" but it didn't come up... ?

greyknight17

I wouldn't even bother trying to decrypt the password. It won't be an easy thing to do, which is SMF's intention.

If you forgot your password, do the following to gain administrator access again:

Register a new account. Open Notepad from Windows and copy/paste the following into it. Change yourusername to the new account you just registered with. Save it as "adminfix.php" (with double quotes). Upload it to the same folder where you SSI.php is located (root of SMF). Then go to http://www.yourforum.com/adminfix.php to run it. That should make the new account an administrator.

<?php

include_once('SSI.php');
global 
$db_prefix;

$adminsquirt db_query("UPDATE {$db_prefix}members 
SET ID_GROUP = '1' WHERE memberName = 'yourusername'"
,__FILE____LINE__);

?>


Make sure you delete this file when you are done.

Advertisement: