I've got a password in my database that a user entered through a log-in script via my website. That password is forgotten by user (which just happens to be an Admin) and we need to get that password unencrypted because he set it for 3 other progs and forgot it. We need that passwd to access other progs which do not possess Password Retrieval Capability.

What would you do?

If it's encrypted with a hash like MD5 there is no *practical* way to decrypt it.
You could try brute forcing it, depending on how much the person remembers about what it "might" be. Writing a script to brute force your own system should be easy enough, but it will take time. If the person remembers the length of the password or whether they used numbers or punctuation that would help a lot.

Quote:

Originally Posted by Lashtal

What would you do?

Look at the code, and come up with a plan from there.

Sorry, that sounds like an unhelpful answer, but without that code (or an overview of how it works) there just isn't a better one. Like Nyef said, it depends whether the password is encrypted or hashed, for starters. Then, it depends what algorithm, if there's salt, and other things.

You don't state what those 3 other programs are, but if they're all web-based and / or they all store their passwords (hashed or not) in a database, you could always just create a new password, hash it (if need be) and paste it into the databases directly. That is to say, you wouldn't need to know what they all were, just what they all are...

TwistMyArm is right. (And got talkupation from me because of it.)

Sorry for the late reply.

I had to pay someone to do this for me, as i'm not down with the hacking scene and my knowledge of database functions is really pitiful, to say the least. 200bucks, sheesh