Encrypted Password Recovery / Syed Jahanzaib
Last Updated: 8th August, 2015 ,
Note:
1) it is recommended to create bash script to detect invalid password login attempts , if a user tries to login more then X times in a minute, then it should be considered as HACKING Attempt and this account should be locked to further prevent any bruteforce attempt. 1) Donot use default ADMIN account.
All user id and passwords are stored in MYSQL database name radius . Manager id’s are stored in rm_manager table and all other normal user id’s used for user login are stored in rm_users table.
Method 1# How to add additional admin account in RM
A workaround is to add another manager with admin privileges . ONce its added, login with this new manager ID, and change the ADMIN account password from the Manager list.
Login to mysql, and use following commands
1 2 3 4 5 6 7 | mysql -uroot -pYOUR_MYSQL_PASSuse radius;INSERT INTO `radius`.`rm_managers` (`managername`, `password`, `firstname`, `lastname`, `phone`, `mobile`, `address`, `city`, `zip`, `country`, `state`, `comment`, `company`, `vatid`, `email`, `balance`, `perm_listusers`, `perm_createusers`, `perm_editusers`, `perm_edituserspriv`, `perm_deleteusers`, `perm_listmanagers`, `perm_createmanagers`, `perm_editmanagers`, `perm_deletemanagers`, `perm_listservices`, `perm_createservices`, `perm_editservices`, `perm_deleteservices`, `perm_listonlineusers`, `perm_listinvoices`, `perm_trafficreport`, `perm_addcredits`, `perm_negbalance`, `perm_listallinvoices`, `perm_showinvtotals`, `perm_logout`, `perm_cardsys`, `perm_editinvoice`, `perm_allusers`, `perm_allowdiscount`, `perm_enwriteoff`, `perm_accessap`, `perm_cts`, `enablemanager`, `lang`) VALUES ('adminx', 'adminx', 'adminx', 'adminx', '', '', '', '', '', '', '', '', '', '', 'aacable@hotmail.com', '1000.00', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', 'English');UPDATE rm_managers SET password = MD5('12345') WHERE managername = 'adminx' |
Done. Now login with following |ID and goto Managers and change your old ADMIN account password
id = adminx
pass = adminx
Method 2# Other methods to view old password (only if its simple form of password)
Passwords are stored in encrypted format using SHA1 algorithm.
I used the following method to retrieve the old password (without changing it)
Login to your Linux box using root account and execute following commands
1 2 3 | mysql -h localhost -u root -s -pYOURPASSWORDuse radius;SELECT * FROM `rm_managers`; |
It will show you some scattered information of all the admin accounts with there details and Encrypted passwords.
TIP: You can also use PHPMYADMIN to get info via nice GUI 🙂 , but as I am a creature living in the dark, therefore I like to use black screen to perform my functions 😉
As showed in the image below . .
As you can see in above image, First column in Yellow marking are Manager Id’s stored in the DB radius. and second column marked in RED are passwords stored in encrypted format. Select & copy the encrypted password. Now goto http://crackstation.net/ (or there are other websites too that can encode hash encrypted passwords) and paste your password here and click crack hashes. and you will see your password in plain text in result window. :)~
As showed in the image below . . .
How-to view Radius Manager USER’s account password
Login to your Linux box using root account and execute following commands.
1 2 3 | mysql -h localhost -u root -s -pyour_passworduse radius;select * from radcheck order by UserName; |
It will show you all users Ids’s along with passwords in clear text format.
If you want to view only specific data, use the following script.
OR use the SCRIPT to view all users password in clear text format
First create script and assign it execute rights.
touch /etc/rmuserlist.sh
chmod+x /etc/rmuserlist.sh
Now edit rmuserlist.sh
nano /etc/rmuserlist.sh
and paste the following data
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | #!/bin/bash# Syed Jahanzaib / aacable@hotmail.comLUSERNAME="$1"if [ -z "$LUSERNAME" ]; thenNAME=unspecifiedficase $NAME inunspecified)MYCMD="mysql -h localhost -u root -s -pYOURPASSWORD -t -e "$MYCMD "use radius; select * from radcheck order by UserName;"$MYCMD "use radius; select * from radreply order by UserName;";;*)MYCMD="mysql -h localhost -u root -s -pYOURPASSWORD -e "$MYCMD "use radius; select * from radcheck order by UserName;" |grep $LUSERNAME$MYCMD "use radius; select * from radreply order by UserName;" |grep $LUSERNAME;;esac |
Source: http://wiki.mikrotik.com/wiki/Bash_scripts_for_Linux/Mysql/Freeradius/PPPoENote: Make sure to change the password in above script.Save & EXIT.Now to view user list, simply type
/etc/rmuserlist.sh
it will show you all user list.To view particular user password, simply type its name like
/etc/rmuserlist.sh testing
Some Useful commands to reset admin / manager password.
Change OLD Admin Password (may not work)
1 | UPDATE rm_managers SET password = MD5('12345') WHERE managername = 'admin'; |
View Specific Manager Users list with passwords.
To get User Details for specific Manager & store in a file called manager_users.txt
1 | mysql -sN -u root '-pView*pak' -e 'use radius; select username from rm_users where owner = "MANAGER_NAME_HERE" order by UserName;' > /tmp/manager_users.txt |
Now create a bash script
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | #!/bin/bash# Syed Jahanzaib / aacable@hotmail.com#set -xSQLPASS="YOUR MYSQL SQL PASS HERE"TMP="/tmp/manager_users.txt"num=0cat $TMP | while read usersdonum=$[$num+1]USR=`echo $users |awk '{print $1}'`PAS=`mysql -sN -u root -s -p$SQLPASS -e "use radius; select * from radcheck where username = '$USR';" | grep Cleartext-Password | awk '{print $5}'`#echo "$PAS" 'echo "$USR / $PAS"#fidone |
