If you don’t know the Sitecore credentials and have
access of Sitecore database, there is one hacker’s way to login into any Sitecore user account. For this you must have
access of CORE database of Sitecore environment.
Sitecore stores all
user profile data in “aspnet_Users” table and all
user’s passwords in “aspnet_Membership” table.
You can use below
query in CORE database to get all these details
SELECT au.UserId, au.UserName, am.Password, am.PasswordSalt FROM
[dbo].[aspnet_Users] au INNER JOIN [dbo].[aspnet_Membership] am ON
au.UserId = am.UserId
When I run this query in my test
environment, I received below result.
Get Sitecore Passwords |
You can fire below
query to set any account password with known password. Here I know admin
password and now setting user “sitecore\editor1” password to admin password.
Update [dbo].[aspnet_Membership]
SET Password='qOvF8m8F2IcWMvfOBjJYHmfLABc=', PasswordSalt='OM5gu45RQuJ76itRvkSPFw==' WHERE
UserId = 'D44D17F4-C4BD-4A41-841A-CDA3587957B5'
After updating the
data I am getting below result
Updated Password |
Bingoooooo now I am
able to login to “sitecore\editor1” with admin password.
NOTE: - You need to update
both Password and PasswordSalt fields. Only change in Password field will not
work.
I hope you like this Sitecore
database lesson. Stay tune for more Sitecore database related
articles.