FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 01-20-2012, 04:34 PM
Patton Echols
 
Default Finding database passwords in PHP code?

Not directly a Ubuntu question, but hopefully one of you kind folks can help

I am helping to migrate a website from one server to another. I do NOT
have shell access to either server. What I have is the webhost's
administration panel. In order to do the migration, I need to create
the mysql databases in the new server using the existing passwords.
Problem is that the person who used to admin the website is no longer
available and left no info.


First question:
If I download the PHP for the website, what would I search for in order
to find the passwords?

(would that work?)

Second Question: If the answer to question # 1 is, no that won't work.
I can reset the database passwords. Is there a standard way in PHP for
coding the passwords into the code? In other words resetting the
passwords in the PHP as well?


Thanks

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-20-2012, 04:39 PM
Jeffrey Gray
 
Default Finding database passwords in PHP code?

I have always seen the login info stored in a seperate file on the web
server but within the web domain's location on the server...In other
words, the passwords is not stored in the served php file but is
called from another file that SHOULD have permissions set to 600.

-Jeff Gray

On Fri, Jan 20, 2012 at 11:34 AM, Patton Echols <p.echols@comcast.net> wrote:
> Not directly a Ubuntu question, but hopefully one of you kind folks can help
>
> I am helping to migrate a website from one server to another. *I do NOT have
> shell access to either server. *What I have is the webhost's administration
> panel. *In order to do the migration, I need to create the mysql databases
> in the new server using the existing passwords. *Problem is that the person
> who used to admin the website is no longer available and left no info.
>
> First question:
> If I download the PHP for the website, what would I search for in order to
> find the passwords?
> (would that work?)
>
> Second Question: If the answer to question # 1 is, no that won't work. *I
> can reset the database passwords. *Is there a standard way in PHP for coding
> the passwords into the code? *In other words resetting the passwords in the
> PHP as well?
>
> Thanks
>
> --
> ubuntu-users mailing list
> ubuntu-users@lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-20-2012, 04:57 PM
Patton Echols
 
Default Finding database passwords in PHP code?

On Fri, Jan 20, 2012 at 11:34 AM, Patton Echols<p.echols@comcast.net> wrote:

First question:
If I download the PHP for the website, what would I search for in order to
find the passwords?
(would that work?)



On 01/20/2012 09:39 AM, Jeffrey Gray wrote:

I have always seen the login info stored in a seperate file on the web
server but within the web domain's location on the server...In other
words, the passwords is not stored in the served php file but is
called from another file that SHOULD have permissions set to 600.

-Jeff Gray



Thanks, Rather than examine manually, is there particular PHP syntax for
Passwords I can search for?





--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-20-2012, 06:26 PM
Hal Burgiss
 
Default Finding database passwords in PHP code?

No, its totally up to the developer. I've been where you are a number of times. Here is what I do:
grep for the database server. Find out what the server name is, and do a recursive grep for that. That should find the file(s) with the db login stuff. Then you can look through that file.


$ grep -r $servername **


On Fri, Jan 20, 2012 at 12:57 PM, Patton Echols <p.echols@comcast.net> wrote:




On Fri, Jan 20, 2012 at 11:34 AM, Patton Echols<p.echols@comcast.net> *wrote:


First question:

If I download the PHP for the website, what would I search for in order to

find the passwords?

(would that work?)





On 01/20/2012 09:39 AM, Jeffrey Gray wrote:


I have always seen the login info stored in a seperate file on the web

server but within the web domain's location on the server...In other

words, the passwords is not stored in the served php file but is

called from another file that SHOULD have permissions set to 600.



-Jeff Gray






Thanks, Rather than examine manually, is there particular PHP syntax for Passwords I can search for?









--

ubuntu-users mailing list

ubuntu-users@lists.ubuntu.com

Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users



--
Hal


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-20-2012, 10:06 PM
Patton Echols
 
Default Finding database passwords in PHP code?

On 01/20/2012 11:26 AM, Hal Burgiss wrote:
No, its totally up to the developer. I've been where you are a number
of times. Here is what I do:


grep for the database server. Find out what the server name is, and do
a recursive grep for that. That should find the file(s) with the db
login stuff. Then you can look through that file.


$ grep -r $servername *




Do you mean the database name? There are an awful lot of files that
reference the server.


What I ended up with after several tries was
$ grep -r DB_PASS * | grep define

That gave me a few lines that look like they contain the actual
passwords. Late this evening I can test them using phpmyadmin from the
web host's control panel.


Thanks again,


On Fri, Jan 20, 2012 at 12:57 PM, Patton Echols <p.echols@comcast.net
<mailto.echols@comcast.net>> wrote:


On Fri, Jan 20, 2012 at 11:34 AM, Patton
Echols<p.echols@comcast.net <mailto.echols@comcast.net>> wrote:

First question:

If I download the PHP for the website, what would I search
for in order to
find the passwords?
(would that work?)


On 01/20/2012 09:39 AM, Jeffrey Gray wrote:

I have always seen the login info stored in a seperate file on
the web
server but within the web domain's location on the server...In
other
words, the passwords is not stored in the served php file but is
called from another file that SHOULD have permissions set to 600.

-Jeff Gray


Thanks, Rather than examine manually, is there particular PHP
syntax for Passwords I can search for?





--
ubuntu-users mailing list

ubuntu-users@lists.ubuntu.com <mailto:ubuntu-users@lists.ubuntu.com>
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-users




--
Hal



--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 01-21-2012, 12:50 PM
Hal Burgiss
 
Default Finding database passwords in PHP code?

On Fri, Jan 20, 2012 at 6:06 PM, Patton Echols <p.echols@comcast.net> wrote:


Do you mean the database name? There are an awful lot of files that reference the server.


What I ended up with after several tries was

$ grep -r DB_PASS * | grep define



That gave me a few lines that look like they contain the actual passwords. *Late this evening I can test them using phpmyadmin from the web host's control panel.



*If you know the database name, that would be something worth grepping on, yes. But I really meant the database "hostname".*


What you did **might* work, but is purely application specific. Not all php applications will have that string. But any application that has a database component will have somewhere a reference to the database server "hostname". And of course the database name itself. * For MySQL set up you will always need: username, password, database name and host/server name. In our organization we always name the database for the client, so there will probably be a lot of references in the site for that.*


This is one example of database server hostname from godaddy (lousy hosting):
* *robertballen.db.4881064.hostedresource.com


That kind of thing should be able to be found in the hosting control panel or the phpmyadmin set up (if its preconfigured).


Then grep for that. Its pretty unique. Some apps might define the database stuff in multiple locations but should all have the same username and password.*



--*
Hal*
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 10:34 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org