Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: [Solved]: Password & hash  (Read 6521 times)

0 Members and 1 Guest are viewing this topic.

Kymmy

  • Coppermine newbie
  • Offline Offline
  • Posts: 12
[Solved]: Password & hash
« on: November 08, 2009, 10:28:12 pm »

Hi guys,

Currently have cpg1.4 set-up with a bridge to phpbb3. Everything has worked fine upto me messing around with the server, now I need to alter a few settings especially the bridge and although I know all the bridged phpbb3 passwords I've very stupidly forgotten the true admin password.

URL= www.xtz750.com/cpg/

If anyone needs to confirm my ID I can be reached on admin@xtz750.com

What I'm after is a password and hash that I can put in via phmyadmin to allow myself into the original non-bridged admin account that as I said earlier I've very stupidly forgotten..

Kymmy..
« Last Edit: November 09, 2009, 09:03:16 am by Joachim Müller »
Logged

Phill Luckhurst

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4822
    • Windsurf.me
Re: Password & hash
« Reply #1 on: November 08, 2009, 10:55:42 pm »

Firstly, upgrade as you are running <!--Coppermine Photo Gallery 1.4.22 (stable)--> while the current release is 1.4.25.

For the answer to your question, search the board for lost admin password as this has been asked many times before.

To create an md5 simply google "md5 generator".
Logged
It is a mistake to think you can solve any major problems just with potatoes.

Kymmy

  • Coppermine newbie
  • Offline Offline
  • Posts: 12
Re: Password & hash
« Reply #2 on: November 08, 2009, 11:20:29 pm »

Phil,

Thank you very much, I wasn;t sure if the password was salted and as I've tried previous password and ended up in the 'delay' cycle I thougt I'd ask

I take it thought at the passwords are purely MD5 due to your answer.

ThanX Kymmy
Logged

Phill Luckhurst

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4822
    • Windsurf.me
Re: Password & hash
« Reply #3 on: November 08, 2009, 11:24:59 pm »

Yep, just plain md5. As I said, there are a few ways to recover a lost admin password. There is even a simple little php script available on this site " adminpass.php ". Just search for it if you struggle.

I'll mark your thread as solved. In future, click the little tick to mark your own threads as solved. It helps other users find good answers.

Remember to upgrade. The version you are running has some known serious security holes that have since been plugged.
Logged
It is a mistake to think you can solve any major problems just with potatoes.

Kymmy

  • Coppermine newbie
  • Offline Offline
  • Posts: 12
Re: Password & hash
« Reply #4 on: November 08, 2009, 11:29:50 pm »

I tried admin pass but it seemed to not like any password username of anything but ADMIN (where as mine is set to cpgadmin )

Not marked it as solved YET as I'm still waiting for the delay countdown (currently at 2000 seconds :( )
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Password & hash
« Reply #5 on: November 08, 2009, 11:31:52 pm »

You haven't upgraded as suggested!
Logged

Kymmy

  • Coppermine newbie
  • Offline Offline
  • Posts: 12
Re: Password & hash
« Reply #6 on: November 08, 2009, 11:36:38 pm »

You haven't upgraded as suggested!

Give me a chance Joachim ;)

As soon as I get access to the cpgadmin account I'll sort out the upgrade ASAP. CPG isn't a major part of the site and has been purely an image store, but got big plans for it. Yes stupid not to upgrade ASAP but had other priorities and other admins who havn't done thier job :(

BTW guys, I know that usually you get a load of cr@p but I'd personally like to say thanks for a great product and I wish you all the best in the future :)

Kymmy
Logged

Kymmy

  • Coppermine newbie
  • Offline Offline
  • Posts: 12
Re: Password & hash
« Reply #7 on: November 08, 2009, 11:38:02 pm »

MD5 in the db changed but still 1200 seconds to go, can I buy a round of drinks whilst we're waiting?? Corn Schnapps perhaps??? :)
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Password & hash
« Reply #8 on: November 08, 2009, 11:39:13 pm »

As soon as I get access to the cpgadmin account I'll sort out the upgrade ASAP.
Admin access is not needed to perform an upgrade. No excuses please.
Logged

Kymmy

  • Coppermine newbie
  • Offline Offline
  • Posts: 12
Re: Password & hash
« Reply #9 on: November 08, 2009, 11:52:21 pm »

Admin access is not needed to perform an upgrade. No excuses please.

Yes no excuses as relevant, I should have upgraded and it is in the end my fault, but that doesn't exclude or prevent my existing predicement which is admin access..

Kymmy

PS..now 340 seconds to go :)
Logged

Kymmy

  • Coppermine newbie
  • Offline Offline
  • Posts: 12
Re: Password & hash
« Reply #10 on: November 08, 2009, 11:55:13 pm »

Though after this 2000+ second delay I have now temp set the logon attemps via phpmyadmin to 999 (from 5) THough I will set it back to 5 (or less) once I have access..
Logged

Kymmy

  • Coppermine newbie
  • Offline Offline
  • Posts: 12
Re: Password & hash
« Reply #11 on: November 09, 2009, 12:00:51 am »

OK, now I'm cracking up :(

Used an MD5 generator to convert

g65drl

into an MD hash and got

05673b18644d1c31cc7d8140a650d765

But cpg doesn't like it :(

Any suggestion guys for this poor lonely desperate girl??
Logged

Phill Luckhurst

  • Administrator
  • Coppermine addict
  • *****
  • Country: gb
  • Offline Offline
  • Gender: Male
  • Posts: 4822
    • Windsurf.me
Re: Password & hash
« Reply #12 on: November 09, 2009, 12:11:43 am »

First go through the upgrade procedure.

The reason you still cannot login is because you are still bridged. You were changing the coppermine password but because you were bridged coppermine was still looking at the forum app for its login. At least you were until I tried running bridgemgr.php. Oddly, it just went through an disabled the bridge though I am not sure why.

Now it is very important for you to do exactly what I say next and do it quickly.

1: Delete adminpass.php
2: Login and change the password set by adminpass.php, you know, the one that came up in the message.
3: Upgrade, right now, this instant.
4: Once you have upgraded as per the docs check to see if there are any users in coppermin that you don't recognise (just in case)
5: Restore your bridge when required.

At the moment you are very vunerable. So do all the above this instant.
Logged
It is a mistake to think you can solve any major problems just with potatoes.

Kymmy

  • Coppermine newbie
  • Offline Offline
  • Posts: 12
Re: Password & hash
« Reply #13 on: November 09, 2009, 12:18:04 am »

Yes boss!!!

Will upgrade, then go to bed, sleep as I've been upgrading software and mods and everything else all day since 8am ;)

Logged

Kymmy

  • Coppermine newbie
  • Offline Offline
  • Posts: 12
Re: Password & hash
« Reply #14 on: November 09, 2009, 12:27:47 am »

Upgraded to the latest 1.4.25 (yes I know you said .22 was stable but it's currently not a live site until I sought out some issues)

Used an MD5 online crack to finally sort out the password ..

Guys thanks for your help but eyes are trying to close atm, This problem is solved (can't see the little solved tick box that Phill mentioned)

In the morning might have another question as I've moved phpbb3 from the domain root to a directory off root and the logout still points to the old directory but that's a whole other thread and forum I believe.

Night, night guys :)
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Password & hash
« Reply #15 on: November 09, 2009, 09:02:24 am »

yes I know you said .22 was stable but it's currently not a live site until I sought out some issues
That's not what he said. In fact, he said quite the opposite:
Firstly, upgrade as you are running <!--Coppermine Photo Gallery 1.4.22 (stable)--> while the current release is 1.4.25.

can't see the little solved tick box that Phill mentioned
I'll mark this thread accordingly then, but believe me: that tickbox image is there, or rather: was there, as I'm locking this thread.

In the morning might have another question
Another question goes into anpther thread, as we have a strict "one issue per thread" policy that you agreed to respect when signing up.
Logged
Pages: [1]   Go Up
 

Page created in 0.022 seconds with 20 queries.