| Posted by Lem0nHead, 12-06-2010, 01:42 AM | | this may sound like hacking, but I hope how long I'm here gives me some credibility
I'd like to know suggestions for finding out the passwords for all MySQL users on my servers... if possible, for all E-mails too
a quick explanation for why I need that:
I'm moving customers to another company and the only way they accept of migrating the users is connecting to their accounts and dumping the DB/E-mails (I could change the passwords, but then the users wouldn't be able to access their data with the same password they had before)
I know this is stupid, and I pointed that out multiple times, requesting that they accepted the hashs instead... but they won't
so, anyway, now I think my best option is to find out the passwords
a couple ideas I had:
1) bruteforce the hashs - I guess that would work for about 10% of the users
2) searching for "connect" strings on *.php *.pl files... the problem is that most passwords are in a variable (possibly in another file), and not in the string itself... so I'd need to do a lot of parsing and consulting other files
3) some easy way for sniffing mysql/E-mail connections, even if they're local (like mysql usually is, and for webmail)?
4) and the probably best way so far... but the one I least like: changing mysql/E-mail ports to another number and setting up a "proxy" on the normal ports to act as a tunnel
the advantage is that I'd be able to sniff even SSL connections (for E-mails)
I don't know if there's a program that do that (it probably isn't very simple, and would impact speed)
thoughts?
thanks!
|
| Posted by care4server, 12-06-2010, 02:43 AM | | are you using any type control panel..
|
| Posted by Lem0nHead, 12-06-2010, 08:56 AM | | yes, DirectAdmin
|
| Posted by care4server, 12-06-2010, 09:10 AM | | if you mysql root password you can check the mysql users table and see if you can decrypt the password.. email passwords are also encrypted so not sure how you can retrieve it.. If you are migrating to a directadmin environment then take directadmin domain backup and restore in new server or if to cpanel the directadmin to cpanel migration is also possible.. if none or no privileges then you may have to opt the hard way
|
| Posted by kevinnivek, 12-06-2010, 12:12 PM | | you could restart mysql with --skip-grants option to allow authentication without any passwords, and just reset the passwords yourself to whatever you want.
|
| Posted by jlkinsel, 12-07-2010, 02:58 AM | | Lem0nHead - any time I've had to do something like that in the past I've set up a proxy as well. The email passwords you could just sniff if it's not over SSL.
Cracking the passwords sounds like a PIA, but I do see mysql password crackers out on the Internets...
|
| Posted by propcgamer, 12-07-2010, 03:28 AM | | How come you can't simply do a dump of the mysql users table, or at lest the username/password hash's and place those on the new server?
|
| Posted by CoderJosh, 12-07-2010, 06:19 AM | | They should really be able to dump all the tables as the MySQL root users, including the user table of the MySQL database holding the usernames and passwords of your customers. There's really no need to crack the passwords.
|
| Posted by Website themes, 12-07-2010, 07:41 AM | | Why not just use directadmin's backup option?
Another way is to connect to your server via ssh and type the following command:
Enter the mysql root password when prompted. alldb.sql will contain a SQL dump of all the databases on the server.
|
| Posted by foobic, 12-14-2010, 12:24 AM | | Hmm, preferred option: Tell "another company" to do the migration right (using full DA backups) or you'll go to someone else.
But if you must, how about this:
Take your own backup of mysql database and email passwords (/etc/virtual/*/passwd I believe).Change all passwords and get the migration done with the new ones.Restore old passwords from your backups.
Database-driven websites will stop working as soon as you change the passwords, of course, but surely it's better than messing around trying to sniff out all the existing passwords?
|
|
 Add to Favourites
 Print this Article
|
