Syed Jahanzaib Personal Blog to Share Knowledge !

April 30, 2013

Recovery of DMA RM admin account / Howto View MYSQL encrypted password

Filed under: General IT Related, Linux Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 1:36 PM

Encrypted Password Recovery / Syed Jahanzaib

Last Updated: 8th August, 2015 ,

Note:
1) it is recommended to create bash script to detect invalid password login attempts , if a user tries to login more then X times in a minute, then it should be considered as HACKING Attempt and this account should be locked to further prevent any bruteforce attempt. 1) Donot use default ADMIN account.


All user id and passwords are stored in MYSQL database name radius . Manager id’s are stored in rm_manager table and all other normal user id’s used for user login are stored in rm_users table.


Method 1# How to add additional admin account in RM

A workaround is to add another manager with admin privileges . ONce its added, login with this new manager ID, and change the ADMIN account password from the Manager list.

Login to mysql, and use following commands


mysql -uroot -pYOUR_MYSQL_PASS

use radius;

INSERT INTO `radius`.`rm_managers` (`managername`, `password`, `firstname`, `lastname`, `phone`, `mobile`, `address`, `city`, `zip`, `country`, `state`, `comment`, `company`, `vatid`, `email`, `balance`, `perm_listusers`, `perm_createusers`, `perm_editusers`, `perm_edituserspriv`, `perm_deleteusers`, `perm_listmanagers`, `perm_createmanagers`, `perm_editmanagers`, `perm_deletemanagers`, `perm_listservices`, `perm_createservices`, `perm_editservices`, `perm_deleteservices`, `perm_listonlineusers`, `perm_listinvoices`, `perm_trafficreport`, `perm_addcredits`, `perm_negbalance`, `perm_listallinvoices`, `perm_showinvtotals`, `perm_logout`, `perm_cardsys`, `perm_editinvoice`, `perm_allusers`, `perm_allowdiscount`, `perm_enwriteoff`, `perm_accessap`, `perm_cts`, `enablemanager`, `lang`) VALUES ('adminx', 'adminx', 'adminx', 'adminx', '', '', '', '', '', '', '', '', '', '', 'aacable@hotmail.com', '1000.00', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', 'English');

UPDATE rm_managers SET password = MD5('12345') WHERE managername = 'adminx'

Done. Now login with following |ID and goto Managers and change your old ADMIN account password

id = adminx
pass = adminx


Method 2# Other methods to view old password (only if its simple form of password)

Passwords are stored in encrypted format using SHA1 algorithm.
I used the following method to retrieve the old password (without changing it)

Login to your Linux box using root account and execute following commands

mysql -h localhost -u root -s -pYOURPASSWORD
use radius;
SELECT * FROM `rm_managers`;

It will show you some scattered information of all the admin accounts with there details and Encrypted passwords.

TIP: You can also use PHPMYADMIN to get info via nice GUI 🙂 , but as I am a creature living in the dark, therefore I like to use black screen to perform my functions 😉

As showed in the image below . .

rm_show_encrypt

As you can see in above image, First column in Yellow marking are Manager Id’s stored in the DB radius. and second column marked in RED are passwords stored in encrypted format. Select & copy the encrypted password. Now goto http://crackstation.net/ (or there are other websites too that can encode hash encrypted passwords) and paste your password here and click crack hashes. and you will see your password in plain text in result window.    :)~

As showed in the image below . . .

cracstation


How-to view Radius Manager USER’s account password

Login to your Linux box using root account and execute following commands.

mysql -h localhost -u root -s -pyour_password
use radius;
select * from radcheck order by UserName;

It will show you all users Ids’s along with passwords in clear text format.

If you want to view only specific data, use the following script.


OR use the SCRIPT to view all users password in clear text format

First create script and assign it execute rights.

touch /etc/rmuserlist.sh
chmod+x /etc/rmuserlist.sh

Now edit rmuserlist.sh
nano /etc/rmuserlist.sh

and paste the following data


#!/bin/bash
# Script Source: http://wiki.mikrotik.com/wiki/Bash_scripts_for_Linux/Mysql/Freeradius/PPPoE
# Syed Jahanzaib / aacable@hotmail.com
# https://aacable.wordpress.com

LUSERNAME="$1"

if [ -z "$LUSERNAME" ]; then
NAME=unspecified
fi

case $NAME in
unspecified)
MYCMD="mysql -h localhost -u root -s -pYOURPASSWORD -t -e "
$MYCMD "use radius; select * from radcheck order by UserName;"
$MYCMD "use radius; select * from radreply order by UserName;"
;;
*)
MYCMD="mysql -h localhost -u root -s -pYOURPASSWORD -e "
$MYCMD "use radius; select * from radcheck order by UserName;" |grep $LUSERNAME
$MYCMD "use radius; select * from radreply order by UserName;" |grep $LUSERNAME
;;
esac

Source: http://wiki.mikrotik.com/wiki/Bash_scripts_for_Linux/Mysql/Freeradius/PPPoENote: Make sure to change the password in above script.Save & EXIT.Now to view user list, simply type

/etc/rmuserlist.sh

it will show you all user list.To view particular user password, simply type its name like

/etc/rmuserlist.sh testing
password-of-user

 


Some Useful commands to reset admin / manager password.

Change OLD Admin Password (may not work)


UPDATE rm_managers SET password = MD5('12345') WHERE managername = 'admin';

 


View Specific Manager Users list with passwords.

To get User Details for specific Manager & store in a file called manager_users.txt

mysql -sN -u root '-pView*pak' -e 'use radius; select username from rm_users where owner = "MANAGER_NAME_HERE" order by UserName;' > /tmp/manager_users.txt

Now create a bash script

#!/bin/bash
# Syed Jahanzaib / aacable@hotmail.com
# https://aacable.wordpress.com
#set -x
SQLPASS="YOUR MYSQL SQL PASS HERE"
TMP="/tmp/manager_users.txt"
num=0
cat $TMP | while read users
do
num=$[$num+1]
USR=`echo $users |awk '{print $1}'`
PAS=`mysql -sN -u root -s -p$SQLPASS -e "use radius; select * from radcheck where username = '$USR';" | grep Cleartext-Password | awk '{print $5}'`
#echo "$PAS" '
echo "$USR / $PAS"
#fi
done

Done. now execute the script and it will show you the password for specific managers only.


Change Radius user password in mysql

SET PASSWORD FOR 'conntrack'@'localhost' = PASSWORD('NEWPASSWORD');

~zaiB


Regard’s
SYED JAHANZAIB

%d bloggers like this: