Jump to content
View in the app

A better way to browse. Learn more.
OSBot :: 2007 OSRS Botting

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

How can I read passwords and usernames?

  •
ZeusDezov
in Archive

Featured Replies

Connect to your database first. Then use select query like Hendrikos posted.

Remember to protect input parameters from SQL injection.

Edited by Aeon

Also OP maybe describe more precisely what you want to do exactly. If it's just you trying to find the password out of the database of your forums. It won't happen, its encryption that's to prevent people that hack into the database to steal and use the data. You can only get a password back by resetting it. That's what most forums use these days.

@Hendrikos

 

That's not actually converting that into plain text though, that's taking the hashed password which is already stored from the line above the query. Try re-writing that where the password isn't already defined in the memory like that..

I don't think SHA will spit out the same hash for the same password. Correct me if im wrong of course.

 

Edit: If the same hash spits out the same password, wouldn't people just be able to brute force already hashed passwords?

 

Not knowing the password would mean you've to brute force it. Which does pretty much mean, loop true every possible option, hash it, and check if it equals the hash string. As mentioned above you won't crack the encryption so there is no fast method.

 

SHA does spit out the same password for the same string. However there is a solution which pretty much solves this problem. Which is called a salt. There are pretty much two types of salts. A static one, which is defined somewhere in the class, and a dynamic one which is saved often in a database, however this isn't really save since when someone has access to your database he has the hash and the salt, and just need the password. So the salt has no use.

 

I often hash my passwords this way:

$salt = 'random_string_of_characters';
$password = 'password';
$email = 'users_email';

$hash = hash('sha256', $password . $email . $salt);

This way you've a static salt, and a dynamic one. 

 

The reason why you should use a dynamic salt is, when someone hash to equal hash strings(the chance is little, but it could happen). You can't use the same password to login, since the dynamic salt is different, which will create a different string, which will become a different hash. The chance of getting the same hash with the same password and a different salt is too little, I don't even know how little it is.

Edited by Hendrikos

Go to topic listing

Recently Browsing 0

  • No registered users viewing this page.

Account

Navigation

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.