.NET Webapplication
#1
Hello..
A programmer which wrote a program for us isn't with the company any longer. There's a main administrator account which no one knows the password for and we're hoping to be able to retrieve the password.

We have the machineKey settings from within the web.config file; decryption is set to 3DES and validation is set to SHA1.

We have the hashed password and it's salt from the database as well. I hope we're able to hash this password.

But after reading the forums looks like with 3DES, it's impossible. Any suggestions?

Thank you..
Reply
#2
Can't you just replace the "hash" with one you know the password for.

I.e. you generate a new "hash" using a simple password and check if you can login etc.
What I mean is, in such situations you normally don't need to crack anything besides just changing the hash.

But don't know if this is possible in you particular situation, but maybe it is worth a thought/try.
Reply