marko001 2 Posted August 8, 2011 Hi all, I'm using a MySQL DB on an hosting where people can subscribe and create their username/password. I'm now building a tool that, first of all, wants to check if credentials are correct. Using #include <mysql.au3> I can easily connect to DB. I can see tables and WP_Users table. What I wanted to to is check username & password, but, found the username, I can't convert password to hashed Wordpress method. Using MsgBox(0, "Decrypted data", BinaryToString(_Crypt_DecryptData("$P$BliO2IAijM.ouBc2.BqypXV4683OdB0", "", $CALG_MD5))) and MsgBox(0,"",BinaryToString(_Crypt_HashData("testpw",$CALG_MD5))) gives me different results. I see, looking in DB, that Wordpress saves pw in this kind of format: "$P$BliO2IAijM.ouBc2.BqypXV4683OdB0" (example of password) There is also http://codex.wordpress.org/Function_Reference/wp_hash_password but I can't imagine how to use it inside AutoIt. Is there a solution for this? Thanks, M. Share this post Link to post Share on other sites
spudw2k 231 Posted August 9, 2011 It appears that it uses either Base64, DES or Blowfish. It would take me some time to convert this to au3, but I'm no expert. http://core.trac.wordpress.org/browser/tags/3.2.1/wp-includes/class-phpass.php Spoiler Things I've Made: AOT Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX BuilderMisc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retreive SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose ArrayProjects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalcCool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF Share this post Link to post Share on other sites
marko001 2 Posted August 9, 2011 And there is no way to send to mysql the clean password letting it to do the dirty work? It's mandatory to send it the hashed pw? (so I need to know algorithm autoit-side) M. Share this post Link to post Share on other sites