|
How to extract Customers Passwords |
Post Reply 
|
| Author | |
RobertZ 
Groupie 
Joined: 21-January-2007 Status: Offline Points: 0 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: How to extract Customers PasswordsPosted: 23-January-2008 at 7:52pm |
|
Howdy Does anybody know how to extract a customers password from their account? We're finding a few situations where we need this info but because its encryted in the DB cannt extract it. We have a work around, but it would be nice if admin could see this info, if needed. Rob
|
|
 |
|
|
RobertZ
Groupie
Joined: 21-January-2007 Status: Offline Points: 0 |
Post Options
Thanks(0)
Quote Reply
Posted: 29-January-2008 at 10:25pm |
|
Anybody??
Edited by RobertZ - 29-January-2008 at 10:26pm |
|
|
|
|
Greg Dinger
Certified ProductCart Developers 
Joined: 23-September-2006 Location: United States Status: Offline Points: 238 |
Post Options
Thanks(0)
Quote Reply
Posted: 29-January-2008 at 10:52pm |
|
Sounds like custom code time Robert. There is likely a routine in the code which is used by the login scripts to decrypt the stored password and compare it to the entry keyed in the login form. The approach I would take is to identify that, clone whatever part of the logic is needed, and cause the decrypted password to appear on the customer listing. But I've not looked at the specific code, thus I'm speaking in generalities instead of specifics.
|
|
|
|
|
p00pstar
Newbie 
Joined: 17-March-2007 Location: Romania Status: Offline Points: 0 |
Post Options
Thanks(0)
Quote Reply
Posted: 26-February-2008 at 3:47pm |
|
First of all, include settings.asp, storeconstants.asp and rc4.asp
Response.Charset = "UTF-8" Set dbConn = Server.CreateObject("ADODB.Connection") dbConn.Open scDSN SQLString = "SELECT idcustomer,email,[password] FROM customers ORDER BY idcustomer ASC" Set rsPasswords = dbConn.Execute(SQLString) Response.Write "<table>" Do While Not rsPasswords.Eof Response.Write "<tr><td>" & rsPasswords("idcustomer") & "</td><td>" & rsPasswords("email") & "</td><td>" & enDeCrypt(rsPasswords("password"), scCrypPass) & "</td></tr>" rsPasswords.MoveNext Loop Response.Write "</table>" Set rsPasswords = Nothing dbConn.Close Set dbConn = Nothing |
|
|
|
|
fly_scuba
Newbie
Joined: 21-July-2006 Location: United States Status: Offline Points: 0 |
Post Options
Thanks(0)
Quote Reply
Posted: 15-May-2013 at 6:08pm |
|
I performing the steps in this post I believe that there are significant changes that version 4.7 now uses. With the option explicit option turned on we see 2 variables that are now not being initialized just by the listed include files. I have been able to review the admin login page and determined that the process is still basically the same but the password is not being displayed in normal text after the enDecrypt function.
Just for my own knowledge I posted out my password from the db before the function call and after ward. I also list out my key which is passed to the function as well. The value that comes back from the function is the same as the parameter sent to the function before it went in. I could use some updated info on this process.
 |
|
|
|
|
fly_scuba
Newbie
Joined: 21-July-2006 Location: United States Status: Offline Points: 0 |
Post Options
Thanks(0)
Quote Reply
Posted: 15-May-2013 at 6:23pm |
|
I found the answer.
You must include the following response object: dim AdminPassword , intLength Response.Charset = "UTF-8" Hope this helps someone.
|
|
|
|
|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
Topic Options