0

I am trying to log into my custom admin account from my SQL login, but i forgot my password.

I have tried the ASCII table to convert the text but that isnt the issue.


CREATE TABLE `login` (
  `id` int(255) NOT NULL,
  `username` varchar(255) NOT NULL,
  `password` varchar(255) NOT NULL,
  `admin_lvl` tinyint(1) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

--
-- Data is being exported for table `login`
--

INSERT INTO `login` (`id`, `username`, `password`, `admin_lvl`) VALUES
(1, 'john@doe', '$2y$10$QpppknXqp7LA/uSPMB6W/.J78O6r0U9EBjqt14v.cSwwWWOi8zfl2', 1),
(4, 'admin', '$2y$10$ogYLLHn1s7us8WlnmCwM4.fsLSePffusfq2Juey98nvsw6COWow7m', 9);

Is there any way to decrypt the password of admin instead of deleting it and making a new admin user with a new password?

DxTx
  • 3,049
  • 3
  • 23
  • 34
DevJev
  • 1
  • 1
  • Possible duplicate of [How to reset or change the MySQL root password?](https://stackoverflow.com/questions/16556497/how-to-reset-or-change-the-mysql-root-password) – nbk Aug 15 '19 at 22:35
  • 2
    password hashes are not meant to be decrypted, they're a one way algorithm to protect the user's password from external attacks such as hacking. why not implement a reset password functionality then have the user input a new password? – Nii Aug 15 '19 at 23:07
  • These seams to be blowfish generated from PHP `password_hash()`, these hashes are very very very safe.. Not crackable with brute forcing or precalculated rainbow tables.. -> [this shows](http://sandbox.onlinephpfunctions.com/code/14d50e61a5b8cd1eee7bb4065c0cd2cf2874a9e5) why pretty clear that `password_hash('password', PASSWORD_BCRYPT)` generates a completly new hash every time. – Raymond Nijland Aug 16 '19 at 00:18

1 Answers1

1

It is by design that you cannot recover a password from its hash.

I mean, that is literally the whole reason we store hashes. So that people stealing databases cannot [trivially] find the original password.

If you could get yours back from the table, that entire process would be broken!

You should use your admin powers to set a new password, or ask somebody who does for help.

Said admin does not have to remove the entire user; they only have to do an UPDATE on the login table to put a new value into the password field.

Ideally, the application that is built around this database would already have a "forgot password" feature that accomplishes just that, with all the necessary security precautions (e.g. email verification, two-factor authentication, whatever).

Lightness Races in Orbit
  • 378,754
  • 76
  • 643
  • 1,055