How to Extract password from stash file in IBM HTTP Server

Here in this article we will try to see how we can extract the encrypted password from stash file in IBM HTTP Server.

I came across a situation where i was told to import a certificate into the webserver instance but was not having the key database password. After looking through internet i could get this sample perl script which helped me extract the password from the stash file.

#!/usr/bin/perl
#usage perl unstash.pl <Stash file name ex stash.sth>

use strict;

die "Usage: $0 <stash file>n" if $#ARGV != 0;

my $file=$ARGV[0];
open(F,$file) || die "Can't open $file: $!";

my $stash;
read F,$stash,1024;

my @unstash=map { $_^0xf5 } unpack("C*",$stash);

foreach my $c (@unstash) {
   last if $c eq 0;
   printf "%c",$c;
}

This stash file is reading the input file in byte format. Then each byte is xor’ed with 0xF5 (i.e 16*15 + 1*5 = 245). The converted value is the ASCII equivalent.

Click the following Link for original source.

Hope you enjoyed reading this article. Thank you.