in reply to How to encode/decode an SSHA256 hash?

This is too obvious/easy to be the correct - but - have you tried to replace the hash in the database with the hash of a KNOWN password ?

        "You're only given one little spark of madness. You mustn't lose it."         - Robin Williams

  • Comment on Re: How to encode/decode an SSHA256 hash?

Replies are listed 'Best First'.
Re^2: How to encode/decode an SSHA256 hash?
by FloydATC (Deacon) on Nov 19, 2014 at 06:00 UTC

    Yes, this is known as a "pass-the-hash" attack and described in a few places as an unsupported way to recover from a lost SSO Master password. As I mentioned, I have tried this and it didn't work. I'm not sure why.

    Part of the reason may be that I don't fully understand the actual relationship between the SSO Master password and the "admin@System-Domain" password. From what I understand, you initiallly set the admin password and it is used as a Master password as well. For all I know, the admin account may later have been disabled or broken somehow. If I could recover the password somehow, I'm hoping I'd be able to use it as Master password to perform the upgrade and reset the admin account.

    This mechanism was unique to vCenter 5.1, it was fixed in version 5.5

    -- FloydATC

    Time flies when you don't know what you're doing

[reply]

In Section Seekers of Perl Wisdom