Extracting username and password of User 1

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.
Sandip Choudhury's picture

For example - I have built a website and given the drupal files and database to someone, to host in the server. But I am not willing to give username and password of User one. So, is it possible to hack the drupal code and database to extract the username and password of user 1?

Or, I have forgot the username and password of user 1 after creation of the website. So, is it possible to get the details of user 1?

If possible, how?

Comments

I am not sure this is what

sdelbosc's picture

I am not sure this is what you are looking for but this might help https://drupal.org/node/44164.

password reset by php

Sandip Choudhury's picture

Thanks, I have seen the links. I think password reset by php will help me - https://drupal.org/node/1556488. I will try this.

quick note on passwords in db

loopduplicate's picture

Hi Sandip,

Part of your question is, "is it possible to hack the drupal code and database to extract the username and password of user 1?"

Since no one really touched on this, I'd just like to mention that if someone has a copy of the db (and your settings.php file if your site uses a hash salt) then it's possible to extract the passwords. The less strong the passwords, the faster a hacker can extract them. I'm not going to say how. But just wanted to stress the importance of keeping your db and hash secret.

Cheers,
Jeff

I believe it requires a lot

greggles's picture

I believe it requires a lot of time and computing power to extract the password because you have to brute force it. If the password is "good" then it could take years to do (right?).

Here's a slidehsare and github repo that covers many aspects of attacking Drupal including how to crack passwords. Keeping the technique a secret doesn't help secure people - the "bad guys" know how to use john the ripper :)

Sandip Choudhury's picture

Thanks for sharing the Slide. My purpose has been solved. And it is nice to talk with you and good to feel that I am getting guidance by the author of the top drupal book - Cracking Drupal.

Security

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: