Syed Jahanzaib Personal Blog to Share Knowledge !

April 30, 2013

Recovery of DMA RM admin account / Howto View MYSQL encrypted password

Filed under: General IT Related, Linux Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 1:36 PM

Encrypted Password Recovery / Syed Jahanzaib

Last Updated: 8th August, 2015 ,

Note:
1) it is recommended to create bash script to detect invalid password login attempts , if a user tries to login more then X times in a minute, then it should be considered as HACKING Attempt and this account should be locked to further prevent any bruteforce attempt. 1) Donot use default ADMIN account.


All user id and passwords are stored in MYSQL database name radius . Manager id’s are stored in rm_manager table and all other normal user id’s used for user login are stored in rm_users table.


Method 1# How to add additional admin account in RM

A workaround is to add another manager with admin privileges . ONce its added, login with this new manager ID, and change the ADMIN account password from the Manager list.

Login to mysql, and use following commands


mysql -uroot -pYOUR_MYSQL_PASS

use radius;

INSERT INTO `radius`.`rm_managers` (`managername`, `password`, `firstname`, `lastname`, `phone`, `mobile`, `address`, `city`, `zip`, `country`, `state`, `comment`, `company`, `vatid`, `email`, `balance`, `perm_listusers`, `perm_createusers`, `perm_editusers`, `perm_edituserspriv`, `perm_deleteusers`, `perm_listmanagers`, `perm_createmanagers`, `perm_editmanagers`, `perm_deletemanagers`, `perm_listservices`, `perm_createservices`, `perm_editservices`, `perm_deleteservices`, `perm_listonlineusers`, `perm_listinvoices`, `perm_trafficreport`, `perm_addcredits`, `perm_negbalance`, `perm_listallinvoices`, `perm_showinvtotals`, `perm_logout`, `perm_cardsys`, `perm_editinvoice`, `perm_allusers`, `perm_allowdiscount`, `perm_enwriteoff`, `perm_accessap`, `perm_cts`, `enablemanager`, `lang`) VALUES ('adminx', 'adminx', 'adminx', 'adminx', '', '', '', '', '', '', '', '', '', '', 'aacable@hotmail.com', '1000.00', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', 'English');

UPDATE rm_managers SET password = MD5('12345') WHERE managername = 'adminx'

Done. Now login with following |ID and goto Managers and change your old ADMIN account password

id = adminx
pass = adminx


Method 2# Other methods to view old password (only if its simple form of password)

Passwords are stored in encrypted format using SHA1 algorithm.
I used the following method to retrieve the old password (without changing it)

Login to your Linux box using root account and execute following commands

mysql -h localhost -u root -s -pYOURPASSWORD
use radius;
SELECT * FROM `rm_managers`;

It will show you some scattered information of all the admin accounts with there details and Encrypted passwords.

TIP: You can also use PHPMYADMIN to get info via nice GUI 🙂 , but as I am a creature living in the dark, therefore I like to use black screen to perform my functions 😉

As showed in the image below . .

rm_show_encrypt

As you can see in above image, First column in Yellow marking are Manager Id’s stored in the DB radius. and second column marked in RED are passwords stored in encrypted format. Select & copy the encrypted password. Now goto http://crackstation.net/ (or there are other websites too that can encode hash encrypted passwords) and paste your password here and click crack hashes. and you will see your password in plain text in result window.    :)~

As showed in the image below . . .

cracstation


How-to view Radius Manager USER’s account password

Login to your Linux box using root account and execute following commands.

mysql -h localhost -u root -s -pyour_password
use radius;
select * from radcheck order by UserName;

It will show you all users Ids’s along with passwords in clear text format.

If you want to view only specific data, use the following script.


OR use the SCRIPT to view all users password in clear text format

First create script and assign it execute rights.

touch /etc/rmuserlist.sh
chmod+x /etc/rmuserlist.sh

Now edit rmuserlist.sh
nano /etc/rmuserlist.sh

and paste the following data


#!/bin/bash
# Script Source: http://wiki.mikrotik.com/wiki/Bash_scripts_for_Linux/Mysql/Freeradius/PPPoE
# Syed Jahanzaib / aacable@hotmail.com
# https://aacable.wordpress.com

LUSERNAME="$1"

if [ -z "$LUSERNAME" ]; then
NAME=unspecified
fi

case $NAME in
unspecified)
MYCMD="mysql -h localhost -u root -s -pYOURPASSWORD -t -e "
$MYCMD "use radius; select * from radcheck order by UserName;"
$MYCMD "use radius; select * from radreply order by UserName;"
;;
*)
MYCMD="mysql -h localhost -u root -s -pYOURPASSWORD -e "
$MYCMD "use radius; select * from radcheck order by UserName;" |grep $LUSERNAME
$MYCMD "use radius; select * from radreply order by UserName;" |grep $LUSERNAME
;;
esac

Source: http://wiki.mikrotik.com/wiki/Bash_scripts_for_Linux/Mysql/Freeradius/PPPoENote: Make sure to change the password in above script.Save & EXIT.Now to view user list, simply type

/etc/rmuserlist.sh

it will show you all user list.To view particular user password, simply type its name like

/etc/rmuserlist.sh testing
password-of-user

 


Some Useful commands to reset admin / manager password.

Change OLD Admin Password (may not work)


UPDATE rm_managers SET password = MD5('12345') WHERE managername = 'admin';

 


View Specific Manager Users list with passwords.

To get User Details for specific Manager & store in a file called manager_users.txt

mysql -sN -u root '-pView*pak' -e 'use radius; select username from rm_users where owner = "MANAGER_NAME_HERE" order by UserName;' > /tmp/manager_users.txt

Now create a bash script

#!/bin/bash
# Syed Jahanzaib / aacable@hotmail.com
# https://aacable.wordpress.com
#set -x
SQLPASS="YOUR MYSQL SQL PASS HERE"
TMP="/tmp/manager_users.txt"
num=0
cat $TMP | while read users
do
num=$[$num+1]
USR=`echo $users |awk '{print $1}'`
PAS=`mysql -sN -u root -s -p$SQLPASS -e "use radius; select * from radcheck where username = '$USR';" | grep Cleartext-Password | awk '{print $5}'`
#echo "$PAS" '
echo "$USR / $PAS"
#fi
done

Done. now execute the script and it will show you the password for specific managers only.

~zaiB


Regard’s
SYED JAHANZAIB

Advertisements

3 Comments »

  1. This is very useful, however, passwords can most often also be retrieved by logging into client wireless CPE and viewing pppoe details, problem is creating a Radius Manager page that clients are able to retrieve ‘old’ passwords from the UCP in a similar way that Radius Manager currently has with Recovery Lost Password which is in fact only a method to Change Password, which we don’t want users to do automatically, because then their PPPoE password on the CPE does not match the Radius Manager password and they are instantly disconnected. I have tried looking at Radius Manager pages /passwd_getdata_tpl.htm in the hope of trying to simply change the way Radius Manager handles the request, but my skills are severely lacking in this field. Another option would be to be able to create a method to resend the /mailwelcomeuser_tpl.txt (which has customer username/password) activated by a user request from within RadiusManager UCP.

    Like

    Comment by Grant — April 30, 2013 @ 2:41 PM

  2. slam sir
    sir me apny radius ka root username r assword bhol gya hu kya iska koi hal ha

    Like

    Comment by umar rafiq — October 9, 2017 @ 9:56 AM

    • Howto Recover User Forgotten Password  [ UBUNTU  12.x ]

      1. Reboot your ubuntu computer
      2. Hold shift during boot to start GRUB menu
      3. Highlight your image and press ‘e’ to edit
      4. Find the line starting with linux and append init=/bin/bash at the end of that line
      5. Press ctrl-x to boot.
      6. Type in passwd username
      7. Set your password.
      8. Type in reboot

      Like

      Comment by Syed Jahanzaib / Pinochio~:) — October 10, 2017 @ 8:20 AM


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: