marko001 Posted August 8, 2011 Share Posted August 8, 2011 Hi all, I'm using a MySQL DB on an hosting where people can subscribe and create their username/password. I'm now building a tool that, first of all, wants to check if credentials are correct. Using #include <mysql.au3> I can easily connect to DB. I can see tables and WP_Users table. What I wanted to to is check username & password, but, found the username, I can't convert password to hashed Wordpress method. Using MsgBox(0, "Decrypted data", BinaryToString(_Crypt_DecryptData("$P$BliO2IAijM.ouBc2.BqypXV4683OdB0", "", $CALG_MD5))) and MsgBox(0,"",BinaryToString(_Crypt_HashData("testpw",$CALG_MD5))) gives me different results. I see, looking in DB, that Wordpress saves pw in this kind of format: "$P$BliO2IAijM.ouBc2.BqypXV4683OdB0" (example of password) There is also http://codex.wordpress.org/Function_Reference/wp_hash_password but I can't imagine how to use it inside AutoIt. Is there a solution for this? Thanks, M. Link to comment Share on other sites More sharing options...
spudw2k Posted August 9, 2011 Share Posted August 9, 2011 It appears that it uses either Base64, DES or Blowfish. It would take me some time to convert this to au3, but I'm no expert. http://core.trac.wordpress.org/browser/tags/3.2.1/wp-includes/class-phpass.php Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX BuilderMisc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retreive SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose ArrayProjects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalcCool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF Link to comment Share on other sites More sharing options...
marko001 Posted August 9, 2011 Author Share Posted August 9, 2011 And there is no way to send to mysql the clean password letting it to do the dirty work? It's mandatory to send it the hashed pw? (so I need to know algorithm autoit-side) M. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now