How to remove password encrpytion

Blowjob · 26-01-2015, 07:31 AM

Here is a quick guide on how to remove the encryption method in MyBB.

Note: This is no recommended as it could be a security flaw having your passwords in plain text.
Education purposes only, or if you want to upgrade or change the encryption method.

Files used for encrpytion:
- inc/functions_user.php
- inc/datahandlers/user.php

What encrpytion method does MyBB use?:
MyBB's current encryption method as it currently stands is: md5(md5($salt).$password).

How to remove encryption:
1.Open inc/functions_user.php;
2.Find "return md5(md5($salt).$password);" (Line: 200);
3.Replace with "return $password;"
4.Find "if(salt_password(md5($password), $user['salt']) == $user['password'])" (Line: 135);
5.Replace with "if(salt_password($password, $user['salt']) == $user['password'])";
6.Save file, open "inc/datahandlers/user.php";
7.Find "$user['md5password'] = md5($user['password']);" (Line: 199);
8.Replace with "$user['md5password'] = $user['password'];";

Internet Security · 26-01-2015, 08:59 AM

Sweet man!, I can vouch for this!, I wouldn't recommend using it tho

AndresXZ09 · 26-01-2015, 12:56 PM

Not going to register on a MyBB forum ever again...

Hell, my security >.<

Aoki · 26-01-2015, 01:05 PM

26-01-2015, 12:56 PM
AndresXZ09 Wrote: Not going to register on a MyBB forum ever again...

Hell, my security >.<

It's encrypted here, don't worry. Tongue

Blowjob · 26-01-2015, 02:43 PM

26-01-2015, 01:05 PM
linkz Wrote:
26-01-2015, 12:56 PM
AndresXZ09 Wrote: Not going to register on a MyBB forum ever again...

Hell, my security >.<

It's encrypted here, don't worry.

default encryption or modified?

Akay · 26-01-2015, 07:49 PM

Hack into a forum, and do this.
GG.
Smile

Blowjob · 27-01-2015, 12:53 AM

26-01-2015, 07:49 PM
Kewl Wrote: Hack into a forum, and do this.
GG.

:yus: Exactly.

cute · 27-01-2015, 02:34 AM

26-01-2015, 07:49 PM
Kewl Wrote: Hack into a forum, and do this.
GG.

Pretty sure they'd notice when every password on the site stopped working. :fp:

Blowjob · 27-01-2015, 02:37 AM

27-01-2015, 02:34 AM
Unsuspicious Wrote:
26-01-2015, 07:49 PM
Kewl Wrote: Hack into a forum, and do this.
GG.

Pretty sure they'd notice when every password on the site stopped working. :fp:

:noh: damn I thought some niqqa would fall for that

Calibre · 27-01-2015, 02:42 AM

Peeps can still use the password found via the change, right? Also you can force all users to change passwords via acp if I'm not mistaken.

How to remove password encrpytion

Submitted by Blowjob, 26-01-2015, 07:31 AM, Thread ID: 762

RE: How to remove password encrpytion

RE: How to remove password encrpytion

RE: How to remove password encrpytion

RE: How to remove password encrpytion

RE: How to remove password encrpytion

RE: How to remove password encrpytion

RE: How to remove password encrpytion

RE: How to remove password encrpytion

RE: How to remove password encrpytion