Password Recovery tools issue

Post Reply
User avatar
abdulhalim
Master Bludit
Posts: 78
Joined: Thu Mar 10, 2016 6:25 pm

Fri Mar 29, 2019 1:36 pm

Hello,

Today I just tested the Password Recovery Tools.
So I put it in the Bludit root and browse in via FF, the script said "username not found", I found out, I disabled the admin user!
What can I do in that case? so I change the admin values in the script and change to the e.g: "administrater" ( with miss typing ) - assume my real username is "administrator", so the script should say the "administrater" user does not exist! but it returns "administrater" and a password.

I noticed I miss typed the username, I correct it in the script, again: "username not found".
the worse thing is I remember my password, the script change it but not print it, so I am blocked right now :lol:

Is it a Bug or I break sth. :lol:
P.S: I am testing on the localhost with PHP 7.2.11 (Laravel)
User avatar
Edi
Site Admin
Posts: 1536
Joined: Sun Aug 09, 2015 5:01 pm
Location: Zurich
Contact:

Sat Mar 30, 2019 7:01 pm

You can fix the username in the file users.php in the directory /bl-content/databases.
Planet Bludit, Tipps, Snippets und nützliche Links. - Newsletter, Informationen zu Bludit (auf Deutsch).
User avatar
abdulhalim
Master Bludit
Posts: 78
Joined: Thu Mar 10, 2016 6:25 pm

Sun Mar 31, 2019 10:59 am

Is it possible to change password without salt?
I mean sth like following passwords


admin = 433903e0a9d6a712e00251e44d29bf87:UJ0b9J5fufL3FKfCc0TLsYJBh2PFULvT
secret = d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199
OU812 = 5e3128b27a2c1f8eb53689f511c4ca9e:J584KAEv9d8VKwRGhb8ve7GdKoG7isMm
User avatar
Edi
Site Admin
Posts: 1536
Joined: Sun Aug 09, 2015 5:01 pm
Location: Zurich
Contact:

Mon Apr 01, 2019 11:18 pm

abdulhalim wrote:
Sun Mar 31, 2019 10:59 am
Is it possible to change password without salt?
The hash for the password is created using the salt.

You can use a hash generator like the following one:

http://www.lorem-ipsum.co.uk/hasher.php

Bludit uses SHA1.
Planet Bludit, Tipps, Snippets und nützliche Links. - Newsletter, Informationen zu Bludit (auf Deutsch).
User avatar
abdulhalim
Master Bludit
Posts: 78
Joined: Thu Mar 10, 2016 6:25 pm

Tue Apr 02, 2019 12:12 pm

Edi wrote:
Mon Apr 01, 2019 11:18 pm
abdulhalim wrote:
Sun Mar 31, 2019 10:59 am
Is it possible to change password without salt?
The hash for the password is created using the salt.

You can use a hash generator like the following one:

http://www.lorem-ipsum.co.uk/hasher.php

Bludit uses SHA1.
Thank you Edi,
I use the following method to change the password.

in the file users.php from the database, I change the following values (for available admin user)

Code: Select all

password: 5a93ae6060f19e6156abd4d2b88d4fdf5d9c18a5
salt: 5ca33055160dd
tokenAuth: c98200a8e59c5dd1e1ec76f856302201
Save the file, done!
after logging in should change the password
User avatar
Edi
Site Admin
Posts: 1536
Joined: Sun Aug 09, 2015 5:01 pm
Location: Zurich
Contact:

Tue Apr 02, 2019 5:05 pm

Sorry, I cannot follow you... Have you generated a hash with the salt for the new password?
Planet Bludit, Tipps, Snippets und nützliche Links. - Newsletter, Informationen zu Bludit (auf Deutsch).
User avatar
abdulhalim
Master Bludit
Posts: 78
Joined: Thu Mar 10, 2016 6:25 pm

Tue Apr 02, 2019 5:58 pm

Edi wrote:
Tue Apr 02, 2019 5:05 pm
Sorry, I cannot follow you... Have you generated a hash with the salt for the new password?
Yes, But it didn't work for me, I used another method. I grab information from a fresh Bludit installation and change the values for the forgotten one. it works fine
User avatar
Edi
Site Admin
Posts: 1536
Joined: Sun Aug 09, 2015 5:01 pm
Location: Zurich
Contact:

Tue Apr 02, 2019 6:30 pm

Perhaps this has to do with LR/RL.
Planet Bludit, Tipps, Snippets und nützliche Links. - Newsletter, Informationen zu Bludit (auf Deutsch).
Post Reply