Get password from a Keystore Stash File

This is an oldie, but a goodie, just encountered a customer who’d lost the password to their WebSEAL keystore. Fortunately, assuming you have the stash file (<keystore name>.sth – in the same directory as the keystore .kdb file). Which you would – if the keystore is still being used actively, then you can easily extract the obfuscated keystore password.

Here is a Perl script that can unstash the password.

—————-unstash.pl begin ————————

use strict;

die "Usage: $0 <stash file>n" if $#ARGV != 0;

my $file=$ARGV[0];
open(F,$file) || die "Can't open $file: $!";

my $stash;
read F,$stash,1024;

my @unstash=map { $_^0xf5 } unpack("C*",$stash);

foreach my $c (@unstash) {
last if $c eq 0;
printf "%c",$c;
}
printf "n";

———————unstash.pl end—————–

Usage:

perl unstash.pl keystore.sth

Perl Source: javagongura.blogspot.sg/2010/11/password-recovery-from-stash-file.html
Have copied locally – since I’ve used this a few times.

The stash file is just an XOR’ed copy of the password – XOR’d with 0xf5.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

WordPress.com.

Up ↑

%d bloggers like this: