Last post Jul 12, 2017 07:11 AM by Eric Du
Jul 11, 2017 05:21 PM|tfsone|LINK
I'm pretty new with this asp world. Actually I'm hired to work with a system made in asp and update this. That system was already installed in our lan server and works pretty well but I need to do some tests within it. I created a new application with IIS
Server with the application name and a "_test" right next to it. My problem is: I didn't wrote the code. I tried to find anything about database and user's login/password but didn't found anything. I'm used with PHP+MySQL, where it is "easy" to retrieve a
user's login/password and change it. But with asp I couldn't. Any advice with that? Where is user's login/password stored? Can I access it? How?
P.S.: I'm not doing anything illegal, if anyone will think that. Really.
Jul 11, 2017 06:52 PM|bbcompent1|LINK
Most often the password will be stored in the database, however the caveat to keep in mind the password may be using Hashing and Salt so there is a distinct likelihood you may not be able to view the user's password; this was done for obvious reasons. You
also say ASP, do you mean classic ASP or ASP.NET?
Jul 11, 2017 07:29 PM|tfsone|LINK
ASP.NET. But I'm almost calling it ASP as it uses .NET Framework 2. Also, the development of the system was about 4-5 years ago.
I can access the system without a problem. But the update I can't access. The update I found in a folder inside the server in a .rar file. But I can't stop the system (it works 24-7) and thats why I extracted it into a new folder with the "_test" to differ.
The problem is: I can't access the new system with the administrator user I have. And I don't know the superuser login. I can't contact whoever coded it because my superior bought the system with full support for a limited time (without restriction about modifing
the system). That "limited time" ended months before I came to work here. I have no contacts with them/him. I'm trying to implement some new functions and so, but without that simple step (access the new system) I can't go further.
Jul 12, 2017 05:00 AM|priyalwalpita|LINK
First of all you need to find information about the database that this application is using. Normally the credentials are stored in the database ( unless someone thought of saving this in a different way such as in a text file ;) ) . But if the earlier developer
followed correct development principles, your passwords must be hashed in the Database. It is almost impossible to revert a hased values unline encrypted value.
If you can find those hased values one possibility is using Rainbow tables to find a matching hash. If the password is a commonaly used one, then this method is easy to use.
If you have the code with you, you would probably can find the salt that is being used to create hash values. So what you can do is, trigger that code part ( probabaly you can find this i nthe user creation or change password section ) and use your password
to create a new user or change password. Then use the newly created hash value and change the Admin user's hash with your hash. Probably you will be able to log in.
Jul 12, 2017 07:11 AM|Eric Du|LINK
According to your description and needs, I think you want to access the user username and password. I know these data should store in the database.
I think you need know which database it used, then you could use Ado.Net or to access database table, then set it in the datatable, then you could show them in the gridview.
Retrieve (Get) data from SQL Server database and display in ASP.Net GridView using C# and VB.Net:
The other method to get data: Retrieving and displaying data with model binding and web forms: