October 22, 2017

Alfresco tips and tricks – #1 Reset the admin password

I want to collect a series of mini howto and tips to help you make quick configurations and easy troubleshooting in Alfresco. I start by showing how to reset the alfresco admin password. In the Alfresco’s official wiki page you can find a useful documentation about security and authentication implementation, I will refer to it.

Note 1 –  The following solutions are applicable for the embedded admin user according to the AlfrescoNtlm default authentication chain, so it is not considered any additional authentication subsystems like Active-Directory/LDAP instances or anyother external Single Sign-on systems.

Note 2 –  In the default AlfrescoNtlm authentication mechanism the passwords are stored locally in the Alfresco SQL database as UTF16LE-encoded MD4 hashes (i.e. NTLM). Here’s the encoding steps for the string ‘admin’.

reset-alfresco-admin-password-01

SOLUTION 1. You know the credentials of at least one no-admin user (suppose “bob”).

Alfresco 3.2 and later

Alfresco 3.0 and older versions

Restart Alfresco and login as this user. Now you have administrative privileges so update the admin user password then revert configuration.

SOLUTION 2. You do not know any user passwords but you have read/write access to the Alfresco DB schema.

In this example you can see the NTLM string value for ‘12345’ password. Run an update to the string_value column with node_id=4 and qname_id=11:

The new NTLM value is ‘209c6174da490caeb422f3fa5a7ae634’ (‘admin’ plaintext) so you can login to Alfresco using the default admin/admin credentials.

SOLUTION 3. Run a brute force attack on the Alfresco NTLM hash using MDCRACK (for test and studies only)

To complete this article I show a case study based on mdcrack bruteforce of the NTLM hash. This is intended to assist pentesters, system administrators and users in testing their own passwords, or other passwords for which they have been given permission to test, in order to determine the security of such passwords. I hereby disclaim any responsibility for illegal actions taken based on this post.

 

reset-alfresco-admin-password-02

3 Comments

  1. Cesar Capillas

    Nice tip! Relating to the note 2 gere’s my two cents. You can type in a linux console for generate “admin” password:

    $ printf ‘%s’ “admin” | iconv -t utf16le | openssl md4
    (stdin)= 209c6174da490caeb422f3fa5a7ae634

    Reply
    1. Giuseppe Urso

      Thanks Cesar,

      in this article I used the the python hashlib module to generate the md4 admin hash (see the image above). The GNU coreutils printf works well too.
      Thank for tip

      😉
      Giuseppe

Leave a Reply

Your email address will not be published.