How to extract passwords from Core FTP LE

If you are like me and have maintained a copy of Core FTP LE simply because there is no easy way to extract passwords from the application, follow these instructions to set yourself free.

No download or payment required

A lot of the solutions available cost money or require you to install software. This is no longer necessary, and you can thank me in a moment.


Find the encrypted passwords in the Windows Registry

  1. Open the Registry Editor
    1. Windows 10: Press the Windows key, type regedit, and press enter
    2. Older Windows: Go to Start, Run, type regedit, and press enter
  2. Find the numbered site profiles saved in HKEY_CURRENT_USER\SOFTWARE\FTPWare\CoreFTP\Sites. Each site holds the label with which you are familiar in the key called Name.
  3. Copy the encrypted password that is saved in a key called PW.

Decrypt the password using a web page

  1. Go to
  2. Choose these settings
    1. Input type: text
    2. Input text: [the encrypted password you found in the registry]
    3. Plaintext or Hex: Hex
    4. Function: AES
    5. Mode: ECB
    6. Key: hdfzpysvpzimorhk
    7. Plaintext or Hex: Plaintext
  3. Press the decrypt button

You will see output that looks like this:

38	30	38	36	37	37	37	31	37	30	00	00	00	00	00	00
8	0	8	6	7	7	7	1	7	0	.	.	.	.	.	.

The password in this sample output is 8086777170. Wash, rinse, and repeat for all the site profiles you find in the registry. Profiles that have no saved password will have no content in the PW key.

If this saved your life, consider buying me a beer. My Paypal is [email protected].

When I stopped using CoreFTP, I moved on to FileZilla. I needed an FTP client that worked on both macOS and Windows to make life easy.


27 responses to “How to extract passwords from Core FTP LE”

  1. damn it man! You just save my a****!!! thank you 10x!!!!!

  2. No problem, glad I could help!

  3. Oluwaseun

    Thanks a lot man. It works perfectly

  4. Omega

    The other way to find encrypted password: Site Manager -> Export, then find PW for site in the exported configuration file

  5. You the man. Worked like a charm.

  6. A_MA_ZING! Thanks !!!

  7. Thank you – it’s worked ;o)

  8. Perfect , thanks

  9. Patrick

    That worked. How did you determined what key to use? Regarding Step 6 in decryption process.

  10. I found it on another site that doesn’t show up in search engines as well as this page does.

  11. terry weston

    thank you very much :)

    our IT guy left and I didn’t know the password and had to put the same FTP software onto another PC.


  12. Thanks, worked perfectly. Much appreciated!

  13. Blonde Morticia

    Brilliant. Found my blammed CoreFTP password at last.

  14. Steve

    From the linux command line:

    echo -n $PW | xxd -p -r | openssl enc -aes-128-ecb -d -nopad -K $(echo -n “hdfzpysvpzimorhk” | od -A n -t x1 | tr -d ‘ \n’)

  15. aldebaran

    THX A LOT after few monts i decode password to my VM which i forgot and i have thios password encrypted in CoreFTP:D :D :D

  16. Thank You. Thank You. Thank You. Just like you, I got the Core FTP sitting there without knowing the password. It’s now added to my master.

  17. Durga Prasad

    Thank you and Awesome!

  18. Thank you!!! My predecessor at work never documented this information. A huge help.

  19. It simply works!

  20. Sander

    The one password I didn’t try! :) Thanks!

  21. Thanks !!! Worked perfectly !!!

  22. That helped!! Thanks so much!!

  23. This is awesome. Thanks!

  24. si funciona!!

  25. Life saver. Had to get ftp program moved ASAP to start doing daily COVID vaccination record uploads and old admin didn’t leave the password.

  26. Thanks for saving me a lot of time

  27. Thank you for posting these instructions. I was going to reboot the switches and recover the passwords, you just saved me tons of work..