Encrypted Password Recovery / Syed Jahanzaib
Last Updated: 8th August, 2015 ,
Note:
1) it is recommended to create bash script to detect invalid password login attempts , if a user tries to login more then X times in a minute, then it should be considered as HACKING Attempt and this account should be locked to further prevent any bruteforce attempt. 1) Donot use default ADMIN account.
All user id and passwords are stored in MYSQL database name radius . Manager id’s are stored in rm_manager table and all other normal user id’s used for user login are stored in rm_users table.
Method 1# How to add additional admin account in RM
A workaround is to add another manager with admin privileges . ONce its added, login with this new manager ID, and change the ADMIN account password from the Manager list.
Login to mysql, and use following commands
mysql -uroot -pYOUR_MYSQL_PASS
use radius;
INSERT INTO `radius`.`rm_managers` (`managername`, `password`, `firstname`, `lastname`, `phone`, `mobile`, `address`, `city`, `zip`, `country`, `state`, `comment`, `company`, `vatid`, `email`, `balance`, `perm_listusers`, `perm_createusers`, `perm_editusers`, `perm_edituserspriv`, `perm_deleteusers`, `perm_listmanagers`, `perm_createmanagers`, `perm_editmanagers`, `perm_deletemanagers`, `perm_listservices`, `perm_createservices`, `perm_editservices`, `perm_deleteservices`, `perm_listonlineusers`, `perm_listinvoices`, `perm_trafficreport`, `perm_addcredits`, `perm_negbalance`, `perm_listallinvoices`, `perm_showinvtotals`, `perm_logout`, `perm_cardsys`, `perm_editinvoice`, `perm_allusers`, `perm_allowdiscount`, `perm_enwriteoff`, `perm_accessap`, `perm_cts`, `enablemanager`, `lang`) VALUES ('adminx', 'adminx', 'adminx', 'adminx', '', '', '', '', '', '', '', '', '', '', 'aacable@hotmail.com', '1000.00', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', 'English');
UPDATE rm_managers SET password = MD5('12345') WHERE managername = 'adminx'
Done. Now login with following |ID and goto Managers and change your old ADMIN account password
id = adminx
pass = adminx
Method 2# Other methods to view old password (only if its simple form of password)
Passwords are stored in encrypted format using SHA1 algorithm.
I used the following method to retrieve the old password (without changing it)
Login to your Linux box using root account and execute following commands
mysql -h localhost -u root -s -pYOURPASSWORD use radius; SELECT * FROM `rm_managers`;
It will show you some scattered information of all the admin accounts with there details and Encrypted passwords.
TIP: You can also use PHPMYADMIN to get info via nice GUI 🙂 , but as I am a creature living in the dark, therefore I like to use black screen to perform my functions 😉
As showed in the image below . .
As you can see in above image, First column in Yellow marking are Manager Id’s stored in the DB radius. and second column marked in RED are passwords stored in encrypted format. Select & copy the encrypted password. Now goto http://crackstation.net/ (or there are other websites too that can encode hash encrypted passwords) and paste your password here and click crack hashes. and you will see your password in plain text in result window. :)~
As showed in the image below . . .
How-to view Radius Manager USER’s account password
Login to your Linux box using root account and execute following commands.
mysql -h localhost -u root -s -pyour_password use radius; select * from radcheck order by UserName;
It will show you all users Ids’s along with passwords in clear text format.
If you want to view only specific data, use the following script.
OR use the SCRIPT to view all users password in clear text format
First create script and assign it execute rights.
touch /etc/rmuserlist.sh
chmod+x /etc/rmuserlist.sh
Now edit rmuserlist.sh
nano /etc/rmuserlist.sh
and paste the following data
#!/bin/bash # Script Source: http://wiki.mikrotik.com/wiki/Bash_scripts_for_Linux/Mysql/Freeradius/PPPoE # Syed Jahanzaib / aacable@hotmail.com # https://aacable.wordpress.com LUSERNAME="$1" if [ -z "$LUSERNAME" ]; then NAME=unspecified fi case $NAME in unspecified) MYCMD="mysql -h localhost -u root -s -pYOURPASSWORD -t -e " $MYCMD "use radius; select * from radcheck order by UserName;" $MYCMD "use radius; select * from radreply order by UserName;" ;; *) MYCMD="mysql -h localhost -u root -s -pYOURPASSWORD -e " $MYCMD "use radius; select * from radcheck order by UserName;" |grep $LUSERNAME $MYCMD "use radius; select * from radreply order by UserName;" |grep $LUSERNAME ;; esac
Source: http://wiki.mikrotik.com/wiki/Bash_scripts_for_Linux/Mysql/Freeradius/PPPoENote: Make sure to change the password in above script.Save & EXIT.Now to view user list, simply type
/etc/rmuserlist.sh
it will show you all user list.To view particular user password, simply type its name like
/etc/rmuserlist.sh testing
Some Useful commands to reset admin / manager password.
Change OLD Admin Password (may not work)
UPDATE rm_managers SET password = MD5('12345') WHERE managername = 'admin';
View Specific Manager Users list with passwords.
To get User Details for specific Manager & store in a file called manager_users.txt
mysql -sN -u root '-pView*pak' -e 'use radius; select username from rm_users where owner = "MANAGER_NAME_HERE" order by UserName;' > /tmp/manager_users.txt
Now create a bash script
#!/bin/bash
# Syed Jahanzaib / aacable@hotmail.com
# https://aacable.wordpress.com
#set -x
SQLPASS="YOUR MYSQL SQL PASS HERE"
TMP="/tmp/manager_users.txt"
num=0
cat $TMP | while read users
do
num=$[$num+1]
USR=`echo $users |awk '{print $1}'`
PAS=`mysql -sN -u root -s -p$SQLPASS -e "use radius; select * from radcheck where username = '$USR';" | grep Cleartext-Password | awk '{print $5}'`
#echo "$PAS" '
echo "$USR / $PAS"
#fi
done
Done. now execute the script and it will show you the password for specific managers only.
Change Radius user password in mysql
SET PASSWORD FOR 'conntrack'@'localhost' = PASSWORD('NEWPASSWORD');
~zaiB
Regard’s
SYED JAHANZAIB
Syed Jahanzaib - Personal Blog to Share Knowledge ! 