WordPress.org

Ready to get started?Download WordPress

Forums

cookies wordpresspass_* and wordpressuser_* (3 posts)

  1. sehwoo
    Member
    Posted 6 years ago #

    I was looking at the cookies that wp-login made, and i saw three.

    One was wordpresspass_(bunch of characters) and the other was wordpressuser_(bunch of characters). The (bunch of characters) are the same, but the content is different. wppass_ has more characters, whereas wpuser_ has the word "admin".

    I'm guessing that it's saying that because admin is my username, and i'm guessing that the characters in the content is a hash of my password. (please correct me if i'm incorrect)

    I am wondering though, what is the (bunch of characters) made from? How do I recreate it?

    Also there was another cookie called wordpress_test_cookie. the content is "WP+Cookie+check". Is that important?

    Thanks

  2. CovilleR
    Member
    Posted 6 years ago #

    People've used rainbow tables to try and crack hashes of things like popular forum system passwords and whatnot.

    How Hash Works:

    Hashing takes any amount of data (binary or text) and creates a constant-length hash representing a checksum for the data. For example, the hash might be 16 bytes. Different hashing algorithms produce different size hashes. You obviously cannot re-create the original data from the hash, but you can hash the data again to see if the same hash value is generated. One-way Unix-based passwords work this way. The password is stored as a hash value, and to log onto a system, the password you type is hashed, and the hash value is compared against the hash of the real password. If they match, then you must've typed the correct password.

    'Dunno if that helps..

  3. kay73
    Member
    Posted 6 years ago #

    In this particular case and speaking about WordPress 2.2.3, the (bunchofcharacters) is the MD5 sum of the site url minus any trailing slash.

    Example: Let my site url be
    http://localhost/wordpress/

    Omitting the trailing slash and having this site
    compute the md5 hash value will result in

    bbfa5b726c6b7a9cf3cda9370be3ee91

    which is precisely the (bunchofcharacters) found in the cookie.

    I think the value suitable for reproduction is stored in the database table wp_options. Look for the value "siteurl" within the column option_name.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags