Well, kind of. The current server for this website is not mine it belongs to the school of computing. I changed from administrating my own server recently whilst I revamp the ARG server and virtualise the half-dozen or so machines that were sitting under my desk doing various tasks.
Additionally the SoC web server doesn't have a setup for mailing passwords out to users. This is fine so long as you don't misplace your randomly generated wordpress admin password. Otherwise when something untoward (
a euphemism for stupid) happens and you need a replacement password you cannot log in, because you don't know your existing password, but you cannot use the wordpress function that generates new passwords and mails them to you either. Making things even more complicated, I don't have access to the MySQL server that the wordpress database is on so I can't change the admin password through the MySQL admin interface like so:
UPDATE `wp_users` SET `user_pass` = MD5( 'new_password_here' ) WHERE `wp_users`.`user_login` = "admin_username";
Instead I had to be a bit more sneaky. I do have access to the wordpress installation on the web server. So I can make changes to the underlying PHP files. Therefore a change to the wp-includes/pluggable.php file where it checks for the password and displays a page depending upon the result of the check will give me access to the admin dashboard without entering a valid password. From there I can change the existing password to whatever I want it to be. Around line 450 there is the following line:
if ( !wp_check_password($password, $user->user_pass, $user->ID) ) {
Removing the logical negation (!) from the call to wp_check_password then attempting to login causes the dashboard to be displayed regardless of the password that is entered. As soon as I am logged in I need to change the pluggable.php file back to its original state so as not to enable others to gain access in the same way.
Of course this is not really a hack. If you have access to the underlying code and the place that it is running and you can change that code then it is straightforward to gain access and alter the functionality of the site.
