Software to mine email addresses and hashes from database?

[plagiarist]

I'm doing a LOT of upgrades and changes to my website software, and I really could use the following:

A tool to go through a downloaded SQL database and strip out usernames and hashes, then place them in a nice list.

USERNAME HASH
USERNAME HASH
USERNAME HASH

And a seperate one to strip all the email addresses out of the text file, remove duplicates, and list them.

 

[plagiarist]

oh, and if anyone knows where I can find something to do this, that would be great.

 

[n0cmonkey]

If you know a little bit of SQL it shouldn't be too tough. The tough part is cracking the passwords. Selling the email addresses should be easy too.

 

[plagiarist]

You are very cynical.

I am not a hacker.

 

[n0cmonkey]

Originally posted by: plagiarist
You are very cynical.

I am not a hacker.

I didn't say you were. I didn't think compliments were appropriate.

 

[plagiarist]

I'd be happy to show you all my own stuff short of revealing member's hashes or email addresses or giving you root access to my webserver to prove that I only want this for my own personal use.

 

[jbritt1234]

Welcome to Anandtech, you can't post a good question without getting accused of doing something illegal or immoral. Only stuff like, "How do I resize a pic in MS Paint". I wish I knew how to help ya.

You gotta admint though, the name Plagiarist is kinda "Hax0r1sh"

 

[plagiarist]

When I first signed up I was just going to copy something and never post.. then I needed computer help and you guys were great and I got addicted.

Now who knows where I can get some software to do this? Like, just pull all the emails out of the gobbledygook so I can email my members and tell them to sign up on the new site.

 

[n0cmonkey]

Originally posted by: jbritt1234
Welcome to Anandtech, you can't post a good question without getting accused of doing something illegal or immoral. Only stuff like, "How do I resize a pic in MS Paint". I wish I knew how to help ya.

You gotta admint though, the name Plagiarist is kinda "Hax0r1sh"

I gave him a legitimate answer. He made a site that uses SQL, he can extract a bit of data from that database.

EDIT: Maybe something like SELECT * FROM $TABLE_OF_EMAILS; .

 

[plagiarist]

Actually, I made a site using PHP-fusion.

I don't know how to use SQL.

I'm switching to Xaraya.

 

[TSDible]

Does your server have phpmyadmin installed?

How big is your db?

How many users do you estimate to have?

Oh yeah...

And giving "root access" to anyone including n0cmonkey is not a good idea. They WOULD have access to all of your users emails and hashes.

 

[plagiarist]

I don't have permission to use phpmyadmin. My database has been cleared (the old one) all I have is this .sql file that was in a tarball.

I will check on the users and file sizes.

 

[oog]

very likely the .sql file is a bunch of insert statements in a text format. you can either load those into a new database and query the results you want (which is pretty easy if you have a database like mysql installed locally) or you can do text processing through something like perl. open up the file in a text editor and see if you can find some insert statements that contain the data you want. if you find them, then maybe you can paste a couple of lines (with any personal information obscured) so that we can see the format. extracting the text from those lines should not be difficult at all.

reversing the hash into a user's password will be a bit of a pain though.

 

[screw3d]

Originally posted by: oog
very likely the .sql file is a bunch of insert statements in a text format. you can either load those into a new database and query the results you want (which is pretty easy if you have a database like mysql installed locally) or you can do text processing through something like perl. open up the file in a text editor and see if you can find some insert statements that contain the data you want. if you find them, then maybe you can paste a couple of lines (with any personal information obscured) so that we can see the format. extracting the text from those lines should not be difficult at all.

reversing the hash into a user's password will be a bit of a pain though.

The way hashing is designed, there is data loss when the password is converted to hash (at least for commonly used MD5, SHA etc). You don't actually store any password in the database, just the hash of the password.

Therefore even you have some ub3rl33t skills, a lot of computing power and a lot of time, you probably still cannot get the full password from a hash..

 

[AFB]

Originally posted by: screw3d

Originally posted by: oog
very likely the .sql file is a bunch of insert statements in a text format. you can either load those into a new database and query the results you want (which is pretty easy if you have a database like mysql installed locally) or you can do text processing through something like perl. open up the file in a text editor and see if you can find some insert statements that contain the data you want. if you find them, then maybe you can paste a couple of lines (with any personal information obscured) so that we can see the format. extracting the text from those lines should not be difficult at all.

reversing the hash into a user's password will be a bit of a pain though.

The way hashing is designed, there is data loss when the password is converted to hash (at least for commonly used MD5, SHA etc). You don't actually store any password in the database, just the hash of the password.

Therefore even you have some ub3rl33t skills, a lot of computing power and a lot of time, you probably still cannot get the full password from a hash..

Could you not just check for matches against known hashes?

 

[AFB]

Originally posted by: plagiarist
I'm doing a LOT of upgrades and changes to my website software, and I really could use the following:

A tool to go through a downloaded SQL database and strip out usernames and hashes, then place them in a nice list.

USERNAME HASH
USERNAME HASH
USERNAME HASH

And a seperate one to strip all the email addresses out of the text file, remove duplicates, and list them.

Try this, it may need some modification.

 

[plagiarist]

I will not reverse the hash, I will be replacing it into the new database so they can use their old passwords, and they will also be able to send new passwords to their email.

Hang on I'll copy some lines of syntax. It's PHPBB2.

 

[n0cmonkey]

Originally posted by: amdfanboy

Originally posted by: screw3d

Originally posted by: oog
very likely the .sql file is a bunch of insert statements in a text format. you can either load those into a new database and query the results you want (which is pretty easy if you have a database like mysql installed locally) or you can do text processing through something like perl. open up the file in a text editor and see if you can find some insert statements that contain the data you want. if you find them, then maybe you can paste a couple of lines (with any personal information obscured) so that we can see the format. extracting the text from those lines should not be difficult at all.

reversing the hash into a user's password will be a bit of a pain though.

The way hashing is designed, there is data loss when the password is converted to hash (at least for commonly used MD5, SHA etc). You don't actually store any password in the database, just the hash of the password.

Therefore even you have some ub3rl33t skills, a lot of computing power and a lot of time, you probably still cannot get the full password from a hash..

Could you not just check for matches against known hashes?

Yes. It could take years and plenty of hardware to get a usable list.

 

[plagiarist]

Yeah, I only seem to get the people with passwords like 'monkey' and 'mustang11'.

 

[plagiarist]

sample:

INSERT INTO phpbb_users (user_id, user_active, username, user_password, user_session_time, user_session_page, user_lastvisit, user_regdate, user_level, user_posts, user_timezone, user_style, user_lang, user_dateformat, user_new_privmsg, user_unread_privmsg, user_last_privmsg, user_emailtime, user_viewemail, user_attachsig, user_allowhtml, user_allowbbcode, user_allowsmile, user_allowavatar, user_allow_pm, user_allow_viewonline, user_notify, user_notify_pm, user_popup_pm, user_rank, user_avatar, user_avatar_type, user_email, user_icq, user_website, user_from, user_sig, user_sig_bbcode_uid, user_aim, user_yim, user_msnm, user_occ, user_interests, user_actkey, user_newpasswd) VALUES('146', '0', 'fionafairchild1', '60cfcf5e03c5c949f6d1d0f4acefbd11', '0', '0', '0', '1092791459', '0', '0', '0.00', '3', 'english', 'D M d, Y g:i a', '0', '0', '0', NULL, '0', '1', '0', '1', '1', '1', '1', '1', '0', '1', '1', '0', '', '0', 'kitteekat3@yahoo.com', '', '', '', '', '', '', '', '', '', '', '250dc3', NULL);