Register forum user name Search FAQ

Gammon Forum

Notice: Any messages purporting to come from this site telling you that your password has expired, or that you need to verify your details, confirm your email, resolve issues, making threats, or asking for money, are spam. We do not email users with any such messages. If you have lost your password you can obtain a new one by using the password reset link.

Due to spam on this forum, all posts now need moderator approval.

Entire forum ➜ PennMUSH ➜ Running the server ➜ Password Problems

Password Problems

It is now over 60 days since the last post. This thread is closed. Refresh page

Pages: 1 2

Posted by

Jaguar385 (16 posts) Bio

Date

Sun 17 Mar 2002 08:18 PM (UTC)

Message

Hehe.

I don't know how dumb this sounds.. but...
I forgot my God Char's password. :P

Just wondering if anyone would know how I would be able to change it somehow. (I have all my other wizchar's password - my god's wasn't the same as my other wiz so I forgot it :()

Thanks in advance. ^.^

Posted by

Nick Gammon Australia (23,165 posts) Bio Forum Administrator

Date

Reply #1 on Tue 19 Mar 2002 10:09 PM (UTC)

Message

The FAQ for Win32 PennMUSH mentions how to retrieve the god password.

- Nick Gammon

www.gammon.com.au, www.mushclient.com

Posted by

Jaguar385 (16 posts) Bio

Date

Reply #2 on Wed 20 Mar 2002 05:21 PM (UTC)

Message

Hey again...

I searched through my indb file ...
And couldn't find the specified line,

]XYXXY^1^54

in it (for the god character, anyway - other characters had the attribute and the ajoining "xyAYEblahblah" for their password). It's under a UNIX machine... and, well, I just don't get it.

Thanks!
-Jaguar

Posted by

Nick Gammon Australia (23,165 posts) Bio Forum Administrator

Date

Reply #3 on Wed 20 Mar 2002 08:54 PM (UTC)

Message

The other password example was an encrypted password. You should find something similar for the god character, not necessarily "^1^54" but just the "XYXXY" bit.

Since you know the other passwords, I would copy a password line from a character that you know and replace it for the god one. Do it on a copy of the database in case things go wrong.

- Nick Gammon

www.gammon.com.au, www.mushclient.com

Posted by

Jaguar385 (16 posts) Bio

Date

Reply #4 on Sat 23 Mar 2002 05:56 PM (UTC)

Message

Hmm... nope. No XYXXY at all... it's very weird. I haven't had this problem with other databases with other PennMUSH games I've had...

I've tried adding the whole line of ]XYXXY (With the 1^54^ (or whatever) and without), and added a "<password>" below it at lines 35 and 50, as the FAQ said to look around.. but to no avail.

-Jaguar

Posted by

Nick Gammon Australia (23,165 posts) Bio Forum Administrator

Date

Reply #5 on Sat 23 Mar 2002 08:19 PM (UTC)

Message

Maybe he doesn't have a password, did you try leaving the password blank?

- Nick Gammon

www.gammon.com.au, www.mushclient.com

Posted by

Jaguar385 (16 posts) Bio

Date

Reply #6 on Sat 23 Mar 2002 11:31 PM (UTC)

Message

Yup, tried that... and again, to no avail. This is very confusing. Hrm.

Posted by Nick Gammon Australia (23,165 posts) Bio Forum Administrator

Date

Reply #7 on Sun 24 Mar 2002 12:08 AM (UTC)

Amended on Sun 24 Mar 2002 12:09 AM (UTC) by Nick Gammon

Message

It must be there somewhere. Maybe the entry for "one" is somewhere else, or maybe he is not called "one".

Here is my entry for "one" from lines 24 to 62 in one of my files:



!1

"One"

5

105

0

80

-1

1

-1

0

32787

534016

0

70167

911185257

0

]CALCCOLS^1^0

"[setq(8,0)][iter(%0,setq(8,add(%q8,abs(##),1)))][setq(9,div(%q7,add(%q8,3)))][ifelse(%q9,,setq(9,1))][setq(8, [div(sub(%q7, mul(%q8, %q9)), -3),%q9)])][setq(8, [div(%q8, add(iter(%0,ifelse(lt(##,0),1,0))))])]%q9[iter(%0,[ifelse(gt(##,0),##,add(abs(##),%q8))])]"

]XYXXY^1^65590

"one"

]EMERITUS^1^4

"true"

]DESC^1^0

"You see Number One."

]COLOR^1^0

"true"

]MAILCURF^1^65588

"0"

]LASTFAILED^1^65556

" "

]LASTSITE^1^65552

"127.0.0.1"

]LAST^1^66068

"Sat Feb 19 10:07:14 2000"

]DESCRIBE^1^66080

"You see Number One, who is eating fish and chips."

]TEST^1^0

"NON-STANDARD ATTRIBUTES"

<

The important entries are (in bold above):

!1 - the entry for database number 1

"One" - his name

]XYXXY^1^65590
"one" - his password, in this case, "one"

If you find a XYXXY line, you should be able to delete it, to cause the password to become blank. Also, check that the name is "one", if not, you are using the wrong name, not the wrong password.

- Nick Gammon

www.gammon.com.au, www.mushclient.com

Posted by

Jaguar385 (16 posts) Bio

Date

Reply #8 on Mon 25 Mar 2002 04:11 AM (UTC)

Message

Here's my entry in the indb... lines 23 to 58 (edited to keep my security - the MUSH is on a server and up and running)
!1
"<name>" <-- I know I got the name right!
0
-1
0
-1
-1
1
-1
0
19
525312
0
0
994400557
0
]ALIAS^1^544
"X"
]DESCRIBE^1^544
"You see Number One."
]LAST^1^532
"Sun Aug 19 00:06:14 2001"
]LASTFAILED^1^20
" "
]LASTIP^1^16
"127.0.0.1"
]LASTLOGOUT^1^20
"Sun Aug 19 00:06:59 2001"
]LASTSITE^1^20
"localhost"
]MAILCURF^1^52
"0"
]RACE^3^516
"Demon"
<

And that's it. No XYYXY or whatnot... it's just not there. *sigh*

Posted by

Nick Gammon Australia (23,165 posts) Bio Forum Administrator

Date

Reply #9 on Mon 25 Mar 2002 05:00 AM (UTC)

Message

Can't explain it. Sounds like there is no password.

All I can suggest is change the code slightly so that a wizard can @newpassword god, run the new code, change the password, change the code back again.

- Nick Gammon

www.gammon.com.au, www.mushclient.com

Posted by

Jaguar385 (16 posts) Bio

Date

Reply #10 on Mon 25 Mar 2002 04:54 PM (UTC)

Message

Hmm. How would I go about that?

Thanks once again.

Posted by Nick Gammon Australia (23,165 posts) Bio Forum Administrator

Date Reply #11 on Mon 25 Mar 2002 10:12 PM (UTC)

Message

Oh well, in wiz.c you could comment out the two lines referring to God - ie. preventing a wizard from changing the God password. See the lines in bold below.


void
do_newpassword(player, name, password)
    dbref player;
    const char *name;
    const char *password;
{
  dbref victim;
  if (!Wizard(player)) {
    notify(player, T("Your delusions of grandeur have been duly noted."));
    return;
  } else if ((victim = lookup_player(name)) == NOTHING) {
    notify(player, T("No such player."));
  } else if (*password != '\0' && !ok_password(password)) {
    /* Wiz can set null passwords, but not bad passwords */
    notify(player, T("Bad password."));
  } else if (God(victim) && !God(player)) {
    notify(player, T("You cannot change that player's password."));
  } else {
    /* it's ok, do it */
    (void) atr_add(victim, "XYXXY", mush_crypt(password), GOD, NOTHING);
    notify_format(player, T("Password for %s changed."), Name(victim));
    notify_format(victim, T("Your password has been changed by %s."),
          Name(player));
    do_log(LT_WIZ, player, victim, "*** NEWPASSWORD ***");
  }
}

- Nick Gammon

www.gammon.com.au, www.mushclient.com

Posted by

Jaguar385 (16 posts) Bio

Date

Reply #12 on Tue 26 Mar 2002 03:41 AM (UTC)

Message

Hmm. That seemed to work.

I changed, compiled, repassed, changed back, compiled, and was able to log on.
The thing, though, is that in the indb file, it still doesn't list the password. Weird.

Posted by

LostAndLonely123 USA (4 posts) Bio

Date

Reply #13 on Thu 15 Jan 2004 08:28 PM (UTC)

Message

I lost my God's password, too. I read through the FAQ and followed the instructions, but it didn't work. I have no clue what I'm doing...

LostAndLonelyIsHowILive

Posted by Nick Gammon Australia (23,165 posts) Bio Forum Administrator

Date

Reply #14 on Fri 16 Jan 2004 11:07 PM (UTC)

Amended on Fri 16 Jan 2004 11:13 PM (UTC) by Nick Gammon

Message

OK, here is a nice challenge. :)

If you don't know what you are doing, this may not help, but I'll try to describe another technique for recovering your God password using gdb.

I have just done some posts about using gdb, in this thread:



http://www.gammon.com.au/forum/?bbsubject_id=3653

The "lost password" problem is a nice real, live problem, so I'll apply some of the gdb techniques to it.

If you want to follow through the exact line numbers, I used the latest stable release at the time of writing, namely:

pennmush-1.7.6p14.tar.gz

(PennMUSH v 1.7.6 patch level 14)

After following the configuration instructions and installing it (under Cygwin this time), I got it running. I logged on as "one" and changed the password from the default empty one.

Now, to get to work, assuming I have forgotten it...

A bit of hunting around shows that in bsd.c there is a check for a new connection:


3827      if (string_prefix("connect", command)) {
3828        if ((player = connect_player(user, password, d->addr, d->ip)) == NOTHING) {

This calls "connect_player" in player.c. A little way into connect_player (line 155) is the password check:


153       /* validate password */
154       if (!Guest(player))
155         if (!password_check(player, password)) {
156     #ifdef CREATION_TIMES
157           /* Increment count of login failures */
158           ModTime(player)++;
159     #endif

Since the password check is the one we want to defeat, we'll put a breakpoint on that line (line 155).

First we need to get gdb running, so we'll find the process ID (since in this case PennMUSH is already running, because it needs command line arguments).

Let's find the process ID:


Nick@nick ~/pennmush/src
$ ps waux | grep netmud
      PID    PPID    PGID     WINPID  TTY  UID    STIME COMMAND
      280     163     280        192  con 1000 10:52:20 /home/Nick/pennmush/src/netmud

OK, the process ID is the first number, 280. Let's get gdb attached to it:


$ gdb ../src/netmud.exe 280
GNU gdb 2003-09-20-cvs (cygwin-special)
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i686-pc-cygwin"...
Attaching to program `/home/Nick/pennmush/src/netmud.exe', process 192
[Switching to thread 192.0x60]
(gdb)

This says it is attaching to process 192 which was the fourth number, the Windows process ID.

Now let's add the breakpoint we decided on ...


(gdb) break player.c:155
Breakpoint 1 at 0x49ac2d: file player.c, line 155.

And continue execution of the MUSH ...


(gdb) cont
Continuing.

I'll try connecting by typing "co one fred" although I doubt "fred" is the password. Immediately afterwards the breakpoint is reached in the gdb window ...


[Switching to thread 192.0x96]

Breakpoint 1, connect_player (name=0x22dd20 "one", password=0x22cd20 "fred",
    host=0x1003108c "localhost", ip=0x100310f1 "127.0.0.1") at player.c:155
155         if (!password_check(player, password)) {
(gdb) cont
Continuing.

I typed "cont" (continue) to see what would happen, and indeed on my client I see this ...



co one fred

Either that player does not exist, or has a different password.

Let's try again, typing "co one fred" into the client ...


Breakpoint 1, connect_player (name=0x22dd20 "one", password=0x22cd20 "fred",
    host=0x1003108c "localhost", ip=0x100310f1 "127.0.0.1") at player.c:155
155         if (!password_check(player, password)) {
(gdb)

What we need to do now is convince the program that the password was OK. Let's step into the password_check routine:


(gdb) step
password_check (player=1, password=0x22cd20 "fred") at player.c:70
70        if (!(a = atr_get_noparent(player, pword_attr)))
(gdb) list
65      {
66        ATTR *a;
67        char *saved;
68
69        /* read the password and compare it */
70        if (!(a = atr_get_noparent(player, pword_attr)))
71          return 1;                   /* No password attribute */
72
73        saved = strdup(uncompress(a->value));
74
(gdb)

Typing "list" shows enough source to indicate that if password_check returns 1, it is an acceptable password (or no password).

So, let's fool it and tell it to return 1...


(gdb) return 1
Make password_check return now? (y or n) y
#0  0x0049ac3f in connect_player (
    name=0x22dd20 "one", password=0x22cd20 "fred",
    host=0x1003108c "localhost", ip=0x100310f1 "127.0.0.1") at player.c:155
155         if (!password_check(player, password)) {
(gdb) cont
Continuing.

Typing "return 1" tells gdb to return from this function with "1" as the result (it asks for confirmation), then we type "cont" to continue executing.

Now looking at the client window I see ...


Welcome to PennMUSH!
--------------------------------------------------------------------------
Yell at your god to personalize this file

Wizards, tell your friendly neighborhood god to personalize this file!

**********************************************************************
 
**********************************************************************
Last connect was from localhost on Sat Jan 17 10:32:15 2004.
Last FAILED connect was from localhost on Sat Jan 17 10:55:58 2004.


MAIL: You have no mail.

Room Zero(#0R)
You are in Room Zero. It's very dark here.

Aha! Success! We have connected. Let's fix up our password to a known value (in the client) ...


@newpassword one=swordfish
Password for One changed.
Your password has been changed by One.
@dump
Dumping...

All done. The password is changed, and the database saved. This is probably a good time to shut down the MUSH and restart it, as the debugger is still connected to it.

- Nick Gammon

www.gammon.com.au, www.mushclient.com

The dates and times for posts above are shown in Universal Co-ordinated Time (UTC).

To show them in your local time you can join the forum, and then set the 'time correction' field in your profile to the number of hours difference between your location and UTC time.

67,793 views.

This is page 1, subject is 2 pages long: 1 2

It is now over 60 days since the last post. This thread is closed. Refresh page

Go to topic: Search the forum

Information and images on this site are licensed under the Creative Commons Attribution 3.0 Australia License unless stated otherwise.