Page 1 of 1

Password Recovery tools issue

Posted: Fri Mar 29, 2019 1:36 pm
by abdulhalim
Hello,

Today I just tested the Password Recovery Tools.
So I put it in the Bludit root and browse in via FF, the script said "username not found", I found out, I disabled the admin user!
What can I do in that case? so I change the admin values in the script and change to the e.g: "administrater" ( with miss typing ) - assume my real username is "administrator", so the script should say the "administrater" user does not exist! but it returns "administrater" and a password.

I noticed I miss typed the username, I correct it in the script, again: "username not found".
the worse thing is I remember my password, the script change it but not print it, so I am blocked right now :lol:

Is it a Bug or I break sth. :lol:
P.S: I am testing on the localhost with PHP 7.2.11 (Laravel)

Re: Password Recovery tools issue

Posted: Sat Mar 30, 2019 7:01 pm
by Edi
You can fix the username in the file users.php in the directory /bl-content/databases.

Re: Password Recovery tools issue

Posted: Sun Mar 31, 2019 10:59 am
by abdulhalim
Is it possible to change password without salt?
I mean sth like following passwords


admin = 433903e0a9d6a712e00251e44d29bf87:UJ0b9J5fufL3FKfCc0TLsYJBh2PFULvT
secret = d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199
OU812 = 5e3128b27a2c1f8eb53689f511c4ca9e:J584KAEv9d8VKwRGhb8ve7GdKoG7isMm

Re: Password Recovery tools issue

Posted: Mon Apr 01, 2019 11:18 pm
by Edi
abdulhalim wrote: Sun Mar 31, 2019 10:59 am Is it possible to change password without salt?
The hash for the password is created using the salt.

You can use a hash generator like the following one:

http://www.lorem-ipsum.co.uk/hasher.php

Bludit uses SHA1.

Re: Password Recovery tools issue

Posted: Tue Apr 02, 2019 12:12 pm
by abdulhalim
Edi wrote: Mon Apr 01, 2019 11:18 pm
abdulhalim wrote: Sun Mar 31, 2019 10:59 am Is it possible to change password without salt?
The hash for the password is created using the salt.

You can use a hash generator like the following one:

http://www.lorem-ipsum.co.uk/hasher.php

Bludit uses SHA1.
Thank you Edi,
I use the following method to change the password.

in the file users.php from the database, I change the following values (for available admin user)

Code: Select all

password: 5a93ae6060f19e6156abd4d2b88d4fdf5d9c18a5
salt: 5ca33055160dd
tokenAuth: c98200a8e59c5dd1e1ec76f856302201
Save the file, done!
after logging in should change the password

Re: Password Recovery tools issue

Posted: Tue Apr 02, 2019 5:05 pm
by Edi
Sorry, I cannot follow you... Have you generated a hash with the salt for the new password?

Re: Password Recovery tools issue

Posted: Tue Apr 02, 2019 5:58 pm
by abdulhalim
Edi wrote: Tue Apr 02, 2019 5:05 pm Sorry, I cannot follow you... Have you generated a hash with the salt for the new password?
Yes, But it didn't work for me, I used another method. I grab information from a fresh Bludit installation and change the values for the forgotten one. it works fine

Re: Password Recovery tools issue

Posted: Tue Apr 02, 2019 6:30 pm
by Edi
Perhaps this has to do with LR/RL.