Main Area and Open Discussion > General Software Discussion
How to recover a MySQL Password?
Stoic Joker:
Well I managed to goof, and somehow forgot to document the password for one of our MySQL servers. So I'm looking for password recovery options to try and minimize the impact of forcing my way back into the account. If it helps any ... The pw is stored in a copy MySQL workbench, so hopefully there are 2 possible angles of attack.
I do not want to just reset the password, because of the ripple chasing potential.
Any ideas?
Ath:
If all went 'well', not the password is stored, but only a hash of it. Not knowing the hash method will make recovery very hard, especially if a generated password is used. Resetting the password may be the only plausible solution.
f0dder:
The pw is stored in a copy MySQL workbench, so hopefully there are 2 possible angles of attack.-Stoic Joker (November 02, 2015, 09:22 AM)
--- End quote ---
"Stored"? As in, you can start the workbench, and it will authenticate against the database? Then it should definitely be possible to extract.
Or, do the sensible thing: export a dump, remove MySQL, and restore to a Postgres ;)
Renegade:
If all went 'well', not the password is stored, but only a hash of it. Not knowing the hash method will make recovery very hard, especially if a generated password is used.
-Ath (November 02, 2015, 12:47 PM)
--- End quote ---
A rainbow table attack could work. Very fast and efficient. The only problem is downloading the rainbow tables, but that should just be a matter of searching.
Other than that (or the dump method), I suppose you could write a program or script to brute force the password if you can come up with a set of passwords or password patterns that you usually use.
If you use patterns, e.g. <somebody's name><4 digits><2 symbols><obligatory curse word>, and know that each of those has 10 possibilities that you usually use, then you can store them all in a database and do a cross join to get the full set to use in a brute force attack. I've done it before, and it's pretty effective. Or you can just write up a program to do the cross join from string arrays for you. That's just a bunch of nested loops, so it's probably about as fast to write a custom program as to actually do it from a database.
However, I don't know of any MySQL password recovery tools.
Stoic Joker:
If all went 'well', not the password is stored, but only a hash of it. Not knowing the hash method will make recovery very hard, especially if a generated password is used. Resetting the password may be the only plausible solution.-Ath (November 02, 2015, 12:47 PM)
--- End quote ---
Shit... That's what I'd originally thought, but was hoping I was wrong.
The pw is stored in a copy MySQL workbench, so hopefully there are 2 possible angles of attack.-Stoic Joker (November 02, 2015, 09:22 AM)
--- End quote ---
"Stored"? As in, you can start the workbench, and it will authenticate against the database? Then it should definitely be possible to extract.-f0dder (November 02, 2015, 01:12 PM)
--- End quote ---
Yes ... But as to how to go about extracting it, I've not a clue.
The second part I may consider down the road, if Postgre is also free...and has the same level of readily available documentation. Is there a specific issue with MySQL that you're picking at here?
Other than that (or the dump method), I suppose you could write a program or script to brute force the password if you can come up with a set of passwords or password patterns that you usually use.-Renegade (November 02, 2015, 01:33 PM)
--- End quote ---
Um... No. As I have a feeling I deviated radically from the mnemonics I usually use for this system.
Navigation
[0] Message Index
[#] Next page
Go to full version