Restoring admin access in Kirjuri

u r hackerman!

I recently got asked how to restore admin access on Kirjuri after the original administrator has left and the password for the admin account isn’t known.

As Kirjuri does not have any internet-connected features, it can’t implement a standard “we’ll email you a password reset link feature. Most Kirjuri users run their own server on Linux. This makes restoring admin access easy by using the command line. Here are the instructions on how to achieve this assuming you have access to the server running Kirjuri:

Step 1: Connect and log in to the Kirjuri server using ssh from a capable terminal emulator. Windows users can use PuTTy for this. A Kirjuri server runs a few internal servers; the web server that serves you web pages, and a database server that handles storing and reading data. We are going to connect directly to the database server and change user accesss levels to regain administrator access to Kirjuri.

Step 2: Find out your Mysql server database name, username and password. These are configured when Kirjuri is installed, and stored in a php file mysql_credentials.php in the conf/ folder. If you don’t know which folder your web server is serving content from, you can find the file with this command: find . / 2>&1 | grep mysql_credentials.php | xargs cat. Make note of your username, password and database name. These are not the same details that you use to log into Kirjuri. These are the Mysql server credentials.

Step 3: Log in to Mysql using the credentials that Kirjuri uses with this command: mysql -u yourusername -p. Replace yourusername with the username you recovered in the previous step. Mysql will prompt you for the password. Supply the password that you found on the previous step.

Step 4: After you’ve succesfully logged into Mysql, you will be presented with the command line for ordering Mysql around. Switch to your kirjuri database by typing use yourdatabasename; The yourdatabasename part is found in step 2. Remember the trailing semicolon when issuing commands to the database.

Step 5: Check your user details by typing SELECT * FROM users;

Step 6: Make a note of the id column of the user your want to elevate to administrator status. Every user has an unique id number. I’m using 3 as an example on the next step.

Step 7: Type UPDATE users SET access="0" WHERE id="3”;. Access level 0 means administrator access. If Mysql doesn’t give any errors, then you’re all set. Check that the user access level is correct by running SELECT * FROM users; again.

Step 8: Congratulations! User 3 is now a Kirjuri administrator. Quit Mysql and exit the command line.

Step 9: Log in with the newly promoted account and go to user management. Change the original administrator password. You can then log in as the administrator and change the user access level back to normal using the web interface.

Step 10: Celebrate with beer and chips. This is you now:

Hackerman!
Source: https://knowyourmeme.com/memes/hackerman

You might be interested in …

[HackerNews] Several Bugs Found in 3 Open-Source Software Used by Several Businesses

All posts, HackerNews

Cybersecurity researchers on Tuesday disclosed nine security vulnerabilities affecting three open-source projects — EspoCRM, Pimcore, and Akaunting — that are widely used by several small to medium businesses and, if successfully exploited, could provide a pathway to more sophisticated attacks. All the security flaws in question, which impact EspoCRM v6.1.6, Pimcore Customer Data Framework Source: Read More (The Hacker […]

Read More

[ZDNet] Pro-Chinese government propaganda campaign spurs on COVID-19 protests in the US

All posts, ZDNet

The campaign is far more extensive than previously thought. Source: Read More (Latest topics for ZDNet in Security)

Read More

[HackerNews] Google Workspace Now Offers Client-side Encryption For Drive and Docs

All posts, HackerNews

Google on Monday announced that it’s rolling out client-side encryption to Google Workspace (formerly G Suite), thereby giving its enterprise customers direct control of encryption keys and the identity service they choose to access those keys. “With client-side encryption, customer data is indecipherable to Google, while users can continue to take advantage of Google’s native […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.