Hack recovery - Super Admin

Know that their are techniques available to you to recover hacked Joomla accounts that you have rightful ownership to.

Add a New Super Administrator User

If changing the password won't work, or you aren't sure which user is a member of the Super Administrator group, you can use this method to create a new user.

  1. Navigate to phpMyAdmin and select the database for the Joomla! site in the left-hand drop-down list box. This will show the database tables on the left side of the screen.
  2. Press the "SQL" button in the toolbar to run an SQL query on the selected database. This will display a field called "Run SQL query/queries on database <your database>".
  3. Delete any text in this field and copy and paste one of the following queries and press the Go button to execute the query and add the new Administrator user to the table.
  4. The following worked today for Joomla 3.2.x, I have also been able to use it on J2.5.x in the past.
INSERT INTO `jos_users`
   (`name`, `username`, `password`, `params`)
VALUES ('Administrator2', 'admin2',
    'd2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199', '');
INSERT INTO `jos_user_usergroup_map` (`user_id`,`group_id`)
VALUES (LAST_INSERT_ID(),'8');

This is public knowledge, please delete this user after you have recreated/recovered your own Super User.

- password = "this is the MD5 and salted hashed password"
------------------------------------------------------
- admin  = 433903e0a9d6a712e00251e44d29bf87:UJ0b9J5fufL3FKfCc0TLsYJBh2PFULvT
- secret = d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199
- OU812  = 5e3128b27a2c1f8eb53689f511c4ca9e:J584KAEv9d8VKwRGhb8ve7GdKoG7isMm

Source: <http://docs.joomla.org/How_do_you_recover_your_admin_password%3F#Add_a_New_Super_Administrator_User>

Disclaimer: Actions described here are not recommended if you are not technically clear on what you are doing, Noxidsoft and it's employees take no responsibility for your actions on any website. The purpose is to allow you to recover a website where you have written/verbal permission to do so or you are the clear owner of such a website; and is for information purposes only.

Share on Myspace

Latest News

Joomla 3 - Add language file support for plugins

Do this...

/**
* Load the language file on instantiation.
*
* @var    boolean
* @since  3.1
*/
protected $autoloadLanguage = true;

Generic domains names now available

Here's a full list of "Generic" domain names you probably never thought were available (register at http://hosting.noxidsoft.com):
.technology
.international
.wiki
.tattoo
.university

Heartbleed security issue - OpenSSL

Do not rush to change all your passwords!

Let me qualify that statement. I have heard and seen many knee jerk reactions from "professionals" that state we should all rush out to change our banking and social media passwords. The first question we should be asking is, what, who, why. The second, do I need to make a change right away, if at all.

What systems are affected?

Simple. All systems that use the OpenSSL security certificate service.

Login Form