Administrator account crack

Posted by defrance69 on September 2, 2010 at 4:02pm

Hi Drupal community,

First of all, please excuse my broken english.

I am the new treasurerer of a voluntary association and I am consequently the new drupal admin. The problem I have is that the former president did not give the admin password to the new admin team. We do not have the database password too. Is there a solution to crack the admin password ?

You can give me technical explanations because I am a webmaster and a developer.

Thank you in advance for your help.

Comments

Nope

Posted by LaurentAjdnik on September 2, 2010 at 5:10pm

There is no such possibility and, if there were one, it would not be given here...

The most reasonable thing to do is to remind the guy who left that all the data legally belongs to the Loi-1901 Association as a "Personne morale".

If he keeps on refusing, warn him you (I mean, the new president) could sue him, and that, according to french law, he might have to pay for the money you spent for the trial (Article 700 du Nouveau Code de Procédure Pénale).

Unless you can find other people from the previous team that would be more open to sharing...

PS: I assume you do not have the FTP access either (that could solve your problem).

--
Drupal Lyon (France)

Hi LaurentA, You know that

Posted by defrance69 on September 3, 2010 at 8:07am

Hi LaurentA,

You know that French justice is too long. Officials are not very efficient (this is a pleonasm). I need access quickly

You think well concerning the FTP account.

What about this book : http://drupal.org/node/597378 ?

Do you have file system

Posted by matt blaine on September 2, 2010 at 5:39pm

Do you have file system access?
If so you can get the db password
sites/default/settings.php

With db access you can attempt to reset the password

Hi matt blaine, I do not have

Posted by defrance69 on September 3, 2010 at 8:09am

Hi matt blaine,

I do not have any access. Just my account.
The admin account's email address is the former president email address.

_

Posted by tryitonce on September 2, 2010 at 6:12pm

The key is access to the settings.php file via ftp.

Without that you will have to follow the first advice to get the password and username of the previous maintainer.

-----------
_{Good luck .....

the results of trying Drupal just once are
www.mallsandmore.com
www.sds-i.com
www.proRotaTherm.com}

Hi tryitonce, The previous

Posted by defrance69 on September 3, 2010 at 8:11am

Hi tryitonce,

The previous president do not want to answer his phone. He always has a patronizing tone with us.

_

Posted by tryitonce on September 3, 2010 at 1:27pm

Well, this is a good example how any organisation needs to protect itself even against the president.

Legal proceedings is the most obvious - but time consuming, expensive and the outcome uncertain.
Trying to settle the dispute by another person is possibly more reasonable.
If the old president is looking for compensation he might have a strong leaver there now.

Who designed the site? The president or some people / designers / company?
If you can get hold of these designers and can prove legitimate rights to the site then you might be able to get access to the site as they may have the required details.
Same would apply to the hosting company. If the account is held and paid for by the organisation your work for, then you should be able to request a new ID and password to access that account. With that you would be able to get access to the settings.php file holding the db access details.

Btw - who holds the access to the domain name and who owns it?

If none of the above works and depending on how much data and work there is in the site you need to get access to you might have to copy it all - copy & paste and then recreate it with another domain name or if you have access to the domain name you could redirect it when you are done. But this could be very tedious and time consuming. So, you might need to see if settling the dispute is the more efficient and cost effective way.

-----------
_{Good luck .....

the results of trying Drupal just once are
www.mallsandmore.com
www.sds-i.com
www.proRotaTherm.com}

defrance69 is not the real

Posted by real-defrance69 on October 13, 2010 at 7:44pm

hello,
i'm the real treasurerer of the association and the 'defrance69' account is a troll

_

Posted by tryitonce on October 13, 2010 at 8:43pm

... thanks for the update. I hope the security features of Drupal have kept those not entitled to have access out and that those in charge are doing the proper, the correct, the appropriate and the beneficial thing - which all equates to the "right" thing.

Do share your experience here in more detail so people may learn a bit more about security of Drupal and the wider aspect of people trying to break into sites and the deceptions they may use.
Naturally, non of the members here would attempt to try to help those not entitled to have access and would not be able to judge on any disputes people may have.
But your story might be interesting to make others aware to what tricks people might get up to to get into a site.

Thanks ...

-----------
_{Good luck .....

the results of trying Drupal just once are
www.mallsandmore.com
www.sds-i.com
www.proRotaTherm.com}