How to Change Plesk Mailbox Password from SSH Console If you are in a hurry to change a Plesk Mailbox Password then the official route of going through the Plesk Control Panel, finding the account, drilling in to mailboxes can take some considerable number of mouse clicks. Plesk 0Day For Sale As Thousands of Sites Hacked. That extracts the master password needed to control Parallels’ Plesk. Run the crack on every address in a target range without probing. Parallels Plesk Panel is the ideal solution for shared, virtual and dedicated hosting. As the most stable and secure multi-platform hosting control panel on the market, Parallels Plesk Panel.
The developer who created a platform my company uses is no longer working for us and I don't know how I can retrieve the passwords from a custom PHP application
When I look in the PHPmyAdmin the passwords are ecrypted (eg *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19)
How can I change or retrieve these?
Ike WalkerHow To Crack King Crab Leg
7 Answers
If a proper encryption method was used, it's not going to be possible to easily retrieve them.
Just reset them with new passwords.
Edit: The string looks like it is using PASSWORD():
How can I decrypt MySQL passwords
You can't really because they are hashed and not encrypted.
Here's the essence of the PASSWORD function that current MySQL uses. You can execute it from the sql terminal:
How can I change or retrieve these?
If you are having trouble logging in on a debian or ubuntu system, first try this (thanks to tohuwawohu at https://askubuntu.com/questions/120718/cant-log-to-mysql):
Then, log in with the debian maintenance user:
Finally, change the user's password:
When I look in the PHPmyAdmin the passwords are encrypted
Related, if you need to dump the user database for the relevant information, try:
And yes, those passwords are NOT salted. So an attacker can prebuild the tables and apply them to all MySQL installations. In addition, the adversary can learn which users have the same passwords.
Needles to say, the folks at mySQL are not following best practices. John Steven did an excellent paper on Password Storage Best Practice at OWASP's Password Storage Cheat Sheet. In fairness to the MySQL folks, they may be doing it because of pain points in the architecture, design or implementation (I simply don't know).
If you use the PASSWORD and UPDATE commands and the change does not work, then see http://dev.mysql.com/doc/refman/5.0/en/resetting-permissions.html. Even though the page is named 'resetting permissions', its really about how to change a password. (Its befuddling the MySQL password change procedure is so broken that you have to jump through the hoops, but it is what it is).
Hashing is a one-way process but using a password-list you can regenerate the hashes and compare to the stored hash to 'crack' the password.
This site https://crackstation.net/ attempts to do this for you - run through passwords lists and tell you the cleartext password based on your hash.
Dave HilditchWith luck, if the original developer was any good, you will not be able to get the plain text out. I say 'luck' otherwise you probably have an insecure system.
For the admin passwords, as you have the code, you should be able to create hashed passwords from a known plain text such that you can take control of the application. Follow the algorithm used by the original developer.
If they were not salted and hashed, then make sure you do apply this as 'best practice'
Adam StraughanAdam StraughanYou can't decrypt password in mysql, because password is hashed by using md5 hash algorithm, which is not an encoding algorithm.
macio.Junmacio.JunSimply best way from linux server
This way work for any linux server, I had 100% sure on Debian and Ubuntu you win.
protected by Brad Larson♦Jan 24 '13 at 21:26
Thank you for your interest in this question. Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
Not the answer you're looking for? Browse other questions tagged mysql or ask your own question.
The developer who created a platform my company uses is no longer working for us and I don't know how I can retrieve the passwords from a custom PHP application
When I look in the PHPmyAdmin the passwords are ecrypted (eg *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19)
How can I change or retrieve these?
Ike Walker7 Answers
If a proper encryption method was used, it's not going to be possible to easily retrieve them.
Just reset them with new passwords.
Edit: The string looks like it is using PASSWORD():
How can I decrypt MySQL passwords
You can't really because they are hashed and not encrypted.
Here's the essence of the PASSWORD function that current MySQL uses. You can execute it from the sql terminal:
How can I change or retrieve these?
If you are having trouble logging in on a debian or ubuntu system, first try this (thanks to tohuwawohu at https://askubuntu.com/questions/120718/cant-log-to-mysql):
Then, log in with the debian maintenance user:
Finally, change the user's password:
When I look in the PHPmyAdmin the passwords are encrypted
Related, if you need to dump the user database for the relevant information, try:
And yes, those passwords are NOT salted. So an attacker can prebuild the tables and apply them to all MySQL installations. In addition, the adversary can learn which users have the same passwords.
Needles to say, the folks at mySQL are not following best practices. John Steven did an excellent paper on Password Storage Best Practice at OWASP's Password Storage Cheat Sheet. In fairness to the MySQL folks, they may be doing it because of pain points in the architecture, design or implementation (I simply don't know).
If you use the PASSWORD and UPDATE commands and the change does not work, then see http://dev.mysql.com/doc/refman/5.0/en/resetting-permissions.html. Even though the page is named 'resetting permissions', its really about how to change a password. (Its befuddling the MySQL password change procedure is so broken that you have to jump through the hoops, but it is what it is).
How To Crack Kindle Fire Hd
Hashing is a one-way process but using a password-list you can regenerate the hashes and compare to the stored hash to 'crack' the password.
This site https://crackstation.net/ attempts to do this for you - run through passwords lists and tell you the cleartext password based on your hash.
Dave HilditchHow To Crack Knees
With luck, if the original developer was any good, you will not be able to get the plain text out. I say 'luck' otherwise you probably have an insecure system.
For the admin passwords, as you have the code, you should be able to create hashed passwords from a known plain text such that you can take control of the application. Follow the algorithm used by the original developer.
If they were not salted and hashed, then make sure you do apply this as 'best practice'
Adam StraughanAdam StraughanYou can't decrypt password in mysql, because password is hashed by using md5 hash algorithm, which is not an encoding algorithm.
macio.Junmacio.JunSimply best way from linux server
How To Crack Knuckles
This way work for any linux server, I had 100% sure on Debian and Ubuntu you win.
protected by Brad Larson♦Jan 24 '13 at 21:26
Thank you for your interest in this question. Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?