Github Link to php database decrypt tool

bhampton

Yeah…. I borked it. I can't seem to find the link to the test PHP code that will help me decrypt the logins within the database.

Anyone have that link off-hand?

Regards,

The sad IT guy who done messed it all up 😢

johnny

oh noes, what happened @bhampton

Anyway heres the tool you were looking for to decrypt the passwords using the master key

This is in hope that you saved the master key.

itflow-org/itflow-misc/blob/main/ITFlow%20Password%20Decryption%20Example.php

bhampton

Thanks,

I got all my logins decrypted, made a little changes to that example below:
TL;DR = I made it prompt you when you ran the php file:
<?php

/*

* ###############################################################################################################

* ITFlow - Sample encrypted login (username/password) decryption code/tool

* ITFlow is distributed "as is" under the GPL License, WITHOUT WARRANTY OF ANY KIND.

* ###############################################################################################################

*/

// Specify your Master Encryption key here

// e.g. 'hITarkbAZgdW3WXz' - from /settings_backup.php

$site_encryption_master_key = '';

// Prompt the user for encrypted username/password

echo "Enter the encrypted username/password: ";

$full_ciphertext = trim(fgets(STDIN));

// Split ciphertext into IV and Ciphertext

$iv = substr($full_ciphertext, 0, 16);

$ciphertext = $salt = substr($full_ciphertext, 16);

// Decrypt

$decrypted_text = openssl_decrypt($ciphertext, 'aes-128-cbc', $site_encryption_master_key, 0, $iv);

// Show

echo "\n$decrypted_text\n";

johnny

nice job, Im glad you got your logins back

Isaac

Silly question - what password I have to enter here? I tried my (admin) password (with that pw I login as my admin user) but I get a message 'wrong password'

wrongecho

Isaac

The password of the user currently logged in.

Isaac

Ok, working (was my fault - entered the wrong password) 🫣