Comments on: Resetting Joomla admin password

By: Fred

Fred — Mon, 26 Apr 2010 19:35:20 +0000

Thanx, works perfect!

By: mrakhlak

mrakhlak — Mon, 18 Jan 2010 18:43:36 +0000

nice man .. work 100% .. i was searching for that .. keep it up

By: dj_mp3

dj_mp3 — Tue, 25 Aug 2009 09:36:15 +0000

It’s old feature. In the newest version hash in not simple md5. It contains md5 hash and salt, which may be different.

By: Sinead Hanley

Sinead Hanley — Tue, 10 Feb 2009 23:13:55 +0000

I have the correct username and password but still can’t login as administrator – I’m not getting any error message – basically when I click on login it just seems to be resetting

By: CrashTest Blog » Blog Archive » Zerando a senha de administrador do Joomla!

Fri, 28 Nov 2008 18:02:37 +0000

[...] http://www.daobydesign.com/blog/2008/06/resetting-joomla-admin-password/ novembro 28th, 2008 in [...]

By: Ryan

Ryan — Sat, 16 Aug 2008 05:52:42 +0000

@Rob: Solid tip Rob – cheers for sharing. Didn’t even occur to me to use MySQL’s built in MD5 hash generator.

By: Rob Mitchell

Rob Mitchell — Sat, 16 Aug 2008 04:52:05 +0000

This is pretty easy using PHPMyAdmin if you have it. If you don’t, get it – it’s free, auto installs on most hosting providers who have Fantastico! or a similar tool.
Bring up PHPMyAdmin, select the database for your Joomla installation, choose the SQL tab, and enter this line of code:

UPDATE `jos_users` SET `password` = MD5( ‘your_new_pw’ ) WHERE `jos_users`.`username` = “admin” ;

If you’re using a different admin user than “admin” use that, and put the password you wish to use where the code says your_new_pw. Leave the quote marks, single or double, where they’re shown.
By now you’ve long since probably already fixed the problem, but this is the easiest way I know to fix it. PHPMyAdmin has a built in MD5 hash generator -or is that in the MySQL back end? It doesn’t really matter – it gets done for you.
Good luck!

By: Al

Al — Wed, 02 Jul 2008 02:35:50 +0000

Thank you so much! This worked out GREAT!

By: Someone

Someone — Thu, 19 Jun 2008 12:55:34 +0000

It’s interesting. My passwords tend to be as random as possible and long. But consider someone with a ‘strong’ password that was made of a word or two with common letter-to-number switches (e > 3, for example) and random caps, plus maybe a couple of random letters/numbers. An intelligent brute force with permutations on dictionary words becomes a beautiful thing, search space is smaller.

Throw in some statistical analysis of what sorts of words (nouns, more common words) a database of perhaps a couple hundred thousand hashes has and the search space gets really interesting. And that’s not on the public web, but someone surely has it.

Nothing beats social networking though.

I find this stuff fascinating.

By: Ryan

Ryan — Thu, 19 Jun 2008 12:07:23 +0000

I’m certain they’re using brute force attacks to crack the hash – so anyone using a reasonably good password (8+ characters, numbers, letters, mixed case and punctuation) isn’t likely to find it on there anytime soon.

But yeah – good to be aware of.