07-12-2019, 05:53 PM
Well, there can be scenarios. Let's begin.
Let's say you have a password "ilovemypotato011". And as a hacker, you want to check how many accounts are being used with this password. So in order to accomplish your mission, there are two possible ways you can do it. (that's how much I figured out). The two ways are as follows:-
1)The hacker(you), must have access to the database.
2)The website must be vulnerable to SQLi in order to run queries and strings included in it via URL parameters.
So for this scenario, you have the database access(won't take point two because it would be too complicated to explain). Now in order to find all the usernames/emails/login ids which use "ilovemypotato011" as their password, you would need to run a query on the database.
But as @Kingpin007 mentioned above, the passwords are encrypted. So we'll dump all data in the "users" column and check for passwords. As they're hashed, we'll have to detect the hash type by your own skill or let the tool do it for you. https://www.tunnelsup.com/hash-analyzer/.
Let's say all the passwords are in MD5 form. Now you would need to run up a lookup of password with "ilovemypotato011" into the database. How would you do that if the password we have is in plain text? Well, you guessed it right(or may not). Hash/encrypt the plain text in MD5 form using an online tool. We'll use ShadowCrypt MD5 encryptor.
For the password "ilovemypotato011", the salt is "9e79b7aa6a12e41faa58beacf8b73026". So we will need to run a query into the database which matches the value of the row with "9e79b7aa6a12e41faa58beacf8b73026". To do so, run this query.
Now you will have a list of all data matching with the password "9e79b7aa6a12e41faa58beacf8b73026". With this, you will have a list of all usernames/email/user ids you wanted.
Thank you for reading this
PS - There might be possible grammar and syntax errors and I apologize for it. I'm not an expert hacker, just found a way you can do it. Suggestions and edits are welcomed.
Let's say you have a password "ilovemypotato011". And as a hacker, you want to check how many accounts are being used with this password. So in order to accomplish your mission, there are two possible ways you can do it. (that's how much I figured out). The two ways are as follows:-
1)The hacker(you), must have access to the database.
2)The website must be vulnerable to SQLi in order to run queries and strings included in it via URL parameters.
So for this scenario, you have the database access(won't take point two because it would be too complicated to explain). Now in order to find all the usernames/emails/login ids which use "ilovemypotato011" as their password, you would need to run a query on the database.
But as @Kingpin007 mentioned above, the passwords are encrypted. So we'll dump all data in the "users" column and check for passwords. As they're hashed, we'll have to detect the hash type by your own skill or let the tool do it for you. https://www.tunnelsup.com/hash-analyzer/.
Let's say all the passwords are in MD5 form. Now you would need to run up a lookup of password with "ilovemypotato011" into the database. How would you do that if the password we have is in plain text? Well, you guessed it right(or may not). Hash/encrypt the plain text in MD5 form using an online tool. We'll use ShadowCrypt MD5 encryptor.
For the password "ilovemypotato011", the salt is "9e79b7aa6a12e41faa58beacf8b73026". So we will need to run a query into the database which matches the value of the row with "9e79b7aa6a12e41faa58beacf8b73026". To do so, run this query.
Code: (Select All)
SELECT * FROM user_table WHERE password = 9e79b7aa6a12e41faa58beacf8b73026;
Now you will have a list of all data matching with the password "9e79b7aa6a12e41faa58beacf8b73026". With this, you will have a list of all usernames/email/user ids you wanted.
Thank you for reading this
PS - There might be possible grammar and syntax errors and I apologize for it. I'm not an expert hacker, just found a way you can do it. Suggestions and edits are welcomed.
Premium Web Hosting | ShadowCrypt | Manal Shaikh Official Website
If you find my post/thread useful, you're supposed to +rep me.
If you find my post/thread useful, you're supposed to +rep me.