-
-
Notifications
You must be signed in to change notification settings - Fork 544
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Decrypting single passwords #848
Comments
Why not to just set it back to the version you were before upgrading? What is your current version? |
2.1.18 is the version that worked -- and the version we have a dump for (('admin','cpassman_version','2.1.18')). We have tried that version and all versions in between. We have also tried setting TeamPass up on a brand new server. We are able to dump and recover databases into MySQL without error. At this point, we're not really trying to get TeamPass working for consumption again-- we're really just trying to salvage the passwords for equipment that do not have a password recovery process so that we do not have to reset pieces of equipment back to default. I appreciate your help on this. |
If you don't want to put in place TP 2.1.18 on your server, you need to recode a specific page that will be able to read the database and decrypt the passwords using decrypt function in main.functions.php. |
UncleSpuds, I was digging around in TeamPass recently and figured out how to decrypt the passwords in a fairly rudimentary way which could be useful in these types of emergency situations. There's two steps, first get the passwords out of the database into a file, then parse the file and decrypt the passwords. I put together a command that can do the first part, and wrote a script which can do the second part. It could probably be condensed into all PHP, but I'm not that savvy with it. Export data from the database into a file: mysql -u teampass_admin -p teampass -Bse "select teampass_items.id, teampass_items.label, teampass_items.pw, teampass_keys.rand_key FROM teampass_items INNER JOIN teampass_keys ON teampass_items.id=teampass_keys.id;" > db_pws.txt You'll be prompted to enter the password for the teampass_admin account. This command assumes that the database is called "teampass". The script: #!/usr/bin/php
<?php
// Include settings to get the SALT
// Include functions to get decrypt() so to get the PW.
require_once '/var/www/html/teampass/includes/settings.php';
require_once '/var/www/html/teampass/sources/main.functions.php';
// This is a tab delimited file containing four columns: id, label, pw, rand_key
$filename = "db_pws.txt";
// Note: This file can be created with the following command:
// mysql -u teampass_admin -p teampass -Bse \
// "select teampass_items.id, teampass_items.label, teampass_items.pw, teampass_keys.rand_key \
// FROM teampass_items INNER JOIN teampass_keys ON teampass_items.id=teampass_keys.id;"
// Parse the file and put it into an array $records
$contents = file_get_contents($filename);
if ($contents === false) die("Unable to read data file $filename!");
$records = explode("\n", $contents);
// Calculate the number of rows in the file
$records_size = sizeof($records);
// Define some variables used to know how big to make the columns in the table at the end
$pw_maxlen = 0;
$label_maxlen = 0;
// Step through the array and split each row into array $data
for ($i=0; $i<$records_size; $i++) {
$data[$i] = explode("\t", $records[$i]);
// If the row has no data, assume it's the last and break out of the for loop
if ($data[$i][0] == "") break ;
// Add another column to the array which contains the decrypted password, stripped of the prepended rand_key
$data[$i][4] = substr(CleanString(decrypt($data[$i][2])), strlen($data[$i][3]));
// Set the new maximum length for label and pw if it's greater than the current
if (strlen($data[$i][1]) > $label_maxlen ) $label_maxlen = strlen($data[$i][1]);
if (strlen($data[$i][4]) > $pw_maxlen ) $pw_maxlen = strlen($data[$i][4]);
}
for ($i=0; $i<$records_size; $i++) {
// If the row has no data, assume it's the last and break out of the for loop
if ($data[$i][0] == "") break ;
// Print out in a sort of table all of the labels and PWs defined
printf ("%s[%{$label_maxlen}s]%s[%{$pw_maxlen}s]\n", "Label: ", $data[$i][1], " Password: ", $data[$i][4]);
}
?> This worked for version 2.1.2, but probably newer versions are similar. |
Using version 2.1.19, doesn't work for me. Just outputs |
Exact the same to me |
If I recall correctly, I removed the following code from the PHP files that are included in the beginning of the PHP script: if (!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1) {
die('Hacking attempt...');
} This eliminates the "Hacking attempt..." prompt from appearing. I think it's something to do with cookies, but I don't know. The PHP files: The /var/www/html path may be different on your system. I also updated the PHP script which now includes the command to export the data, and adds several columns for more completeness: Folder name (not full path, that's beyond my SQL skillset) It also uses a tab delimited output which works well with CSV import into Calc, or Excel. Here is the script: #!/usr/bin/php
<?php
// Include settings to get the SALT
// Include functions to get decrypt() so to get the PW.
require_once '/var/www/html/teampass/includes/settings.php';
require_once '/var/www/html/teampass/sources/main.functions.php';
// Array columns:
//0 teampass_items.id
//1 teampas_nested_tree.title
//2 teampass_items.label
//3 teampass_items.pw
//4 teampass_keys.rand_key
//5 teampass_items.login
//6 teampass_items.description
//7 teampass_items.url
$exported_data = shell_exec( 'mysql -u teampass_admin -p teampass -Bse "select teampass_items.id, teampass_nested_tree.title, teampass_items.label, teampass_items.pw, teampass_keys.rand_key, teampass_items.login, teampass_items.description, teampass_items.url FROM teampass_items INNER JOIN teampass_keys ON teampass_items.id=teampass_keys.id INNER JOIN teampass_nested_tree ON teampass_items.id_tree = teampass_nested_tree.id;"');
// Put the exported_data into an array
$records = explode("\n", $exported_data);
// Calculate the number of rows in the file
$records_size = sizeof($records);
// Step through the array and split each row into array $data
for ($i=0; $i<$records_size; $i++) {
$data[$i] = explode("\t", $records[$i]);
// If the row has no data, assume it's the last and break out of the for loop
if ($data[$i][0] == "") break ;
// Add another column to the array which contains the decrypted password, stripped of the prepended rand_key
$data[$i][8] = substr(CleanString(decrypt($data[$i][3])), strlen($data[$i][4]));
}
// Print out header column in tab delimited format
printf ("%s\t%s\t%s\t%s\t%s\n", "Folder", "Label", "Login", "Password", "Description", "URL");
for ($i=0; $i<$records_size; $i++) {
// If the row has no data, assume it's the last and break out of the for loop
if ($data[$i][0] == "") break ;
// Print out rows in a tab delimited format
printf ("%s\t%s\t%s\t%s\t%s\t%s\n", $data[$i][1], $data[$i][2],$data[$i][5], $data[$i][8], $data[$i][6], $data[$i][7]);
}
?> This script can be put into a file and redirect the output into a file upon execution at the command line. |
I tried it with very easy setup: I just copied a password from my backup.sql (from a teampass_items.pw field) and took the salt from the teampass-seckey.txt (belonging to the backup) and called |
I don't really understand what is the purpose of this. Function |
My backup seems to be defective. Everytime I restore it, teampass throws JSON Errors and I can't restore the passwords. Most of them I also have as a clear text backup. But some are missing. Few enough to decrypt them by hand, if possible. I have a well working installation and most of the passwords recovered, so restoriong the few by hand would be the easiest way for me, compared to restoring the whole installation and tracking the JSON errors (which I tried now for several hours unsuccessfully). |
Function is called |
Thank You! Works fine now. |
this modified version working for TeamPass version 2.1.27.9 (on Linux): sudo cat /var/teampass/teampass-seckey.txt # get the salt key sudo mysql # retrieve encrypted password from DB php -a # decrypt password using salt key |
Wrote an automation script to decrypt all your passwords in emergency situations : https://twitter.com/pxmme1337/status/1108054372410376192 Enjoy ;) |
Hi, |
Here is my Version that i call regulary from cron (Working with version 2.1.27.33).
|
What we can use to decrypt manually in 3.0? |
Hello, is there any way to decrypt the password in 3.0 |
I have a question we are going to use this password management application, if a catastrophic situation occurs where we only have database data how to decrypt the password stored in the database, please advise. |
We had a problem with an upgrade of TeamPass and we are trying to recover the most important passwords that we can't simply change.
I have access to the database and can pull the encrypted passwords out of the database, and I also have the SALT key.
Is there any way to use these two in order to decrypt a few of these?
I'm not much of a PHP person, so trying to learn the methods mcrypt uses and where / how they are applied isn't going so well. I'm just a humble sysadmin who was left with a broken password manager.
Any help would be appreciated.
The text was updated successfully, but these errors were encountered: