I forgot my ghost password just a second after installing it. 🤦

I hadn't even set up my email to use "forgot my password" feature, so I thought I was screwed. But wait, this app must have a db where it stores the hashed password?

After a bit of exploration I found users table in the mysql db. I ran

SELECT email, password FROM USERS;

and saw the hashed password.

Now I had to figure out how this app generates the hashed password. Since it's open source,  I found this password.js from the repository.

Created the following script to return the hashed value for my new password:


new-password.js

require('password')
  .hash(process.argv[2])
  .then(console.log);

I ran node new-password.js "NEWPASSWORD" and got the hashed value of the new password. And then all I had to do was to update the password column with this hashed password.

UPDATE USERS SET PASSWORD = 'hashed-value'

And voila  i found something to write about for my first post smh.