Decrypt WordPress Passwords
Well our expert Mathew Warner had this information to say about the topic MySQL & WordPress passwords decryption. Both sections contain the same initial information continue further down for more information concerning this pages topic in more detail itself.
Mathew Warner’s 2 Cents:
1-Way encryptions use salts. A salt is just something thrown into the password to make it harder for someone to guess. For example if your password was “password” and the salt was “hello” it would combine them like “hellopassword” then encrypt that. So even if you did manage to find a collision in the hash (another password that resulted in the same hash) you would not know where the salt ended and the password began or it would be entirely wrong.
This really adds a LOT of security to your passwords by doing this making them very hard to crack. However nothing is impossible. This is all assuming by MySQL passwords we are NOT talking about passwords that are stored in a MySQL database by various things like forums, or your own website but the actual username/password to access the database.
Hacking forums gets tricky.There are many exploits to accomplish this. You can use vulnerabilities such as SQL injection to hijack and dump the database or become the admin.
You can also find xss (cross server exploit). That allows you to run code from outside the site. There is also phishing you could use to trick an admin with rights so you can become them. I mean those in there self are topics of there own
How to find collisions:
We will be updating this section is possible but till than their are excellent resources already available that demonstrate how to create MD5 collsions:
- http://www.bishopfox.com/ – Collision Generator
The below video might be somewhat more related to MySQL, but is still relative.