Problem with the site? Got a suggestion? Got feedback? Post here and the staff will discuss it with you.
7 posts • Page 1 of 1
There would be the possibility for him to release a list of possible email-adresses as sha256 hashes (e.g. "firstname.lastname@example.org" would become "1b0200b55aeb68894b50b5cef8cf6d78912eacebb0d459e709a65029fdc757d6" and so on). The admins could then see which email may match, via
if I remember the PhpBB-database-structure properly, and then give the email to this account here, as it's very unlikely to post a hash of an existing email, and as he said he just couldn't guess which email was used. With this they could tell, and he could regain access as long as he still has access to that email. One could than even just copy the encrypted password (and possibly the salt) of that new account to the old one, so he could login again with the new credentials, using the emails as password-replacement (at least, if the md5/sha-hashed password just uses the password itself and possibly it's seed, I cannot remember how this works in PhpBB exactly tbh).
Code: Select all
select id, username, email from users where SHA(email, 256) in ("HIS-SHA-HASH-1", "HIS-SHA-HASH-2", ...) and name = "Kahdragz";
- Posts: 478
- Joined: Wed Jun 16, 2010 11:03 pm
- Location: over the hills and far away
Looks like the account was last logged into back in late 2019. and join the date was in 2012. Id suggest trying to remember any email address you used in this time frame. If you cannot maybe seeing if any email addresses are linked to current email address for password recovery ETC. I recently rediscovered a long forgotten email address I had not used in well over a decade because it was linked to another email address I still use that was also created over a decade ago. Maybe check any other accounts you still have access to other forums ETC and see what email address are linked, that may be you best bet.