How to extract passwords from Core FTP LE

If you are like me and have maintained a copy of Core FTP LE simply because there is no easy way to extract passwords from the application, follow these instructions to set yourself free.

No download or payment required

A lot of the solutions available cost money or require you to install software. This is no longer necessary, and you can thank me in a moment.

Instructions

Find the encrypted passwords in the Windows Registry

  1. Open the Registry Editor
    1. Windows 10: Press the Windows key, type regedit, and press enter
    2. Older Windows: Go to Start, Run, type regedit, and press enter
  2. Find the numbered site profiles saved in HKEY_CURRENT_USER\SOFTWARE\FTPWare\CoreFTP\Sites. Each site holds the label with which you are familiar in the key called Name.
  3. Copy the encrypted password that is saved in a key called PW.

Decrypt the password using a web page

  1. Go to http://aes.online-domain-tools.com/
  2. Choose these settings
    1. Input type: text
    2. Input text: [the encrypted password you found in the registry]
    3. Plaintext or Hex: Hex
    4. Function: AES
    5. Mode: ECB
    6. Key: hdfzpysvpzimorhk
    7. Plaintext or Hex: Plaintext
  3. Press the decrypt button

You will see output that looks like this:

38	30	38	36	37	37	37	31	37	30	00	00	00	00	00	00
 	 	
8	0	8	6	7	7	7	1	7	0	.	.	.	.	.	.

The password in this sample output is 8086777170. Wash, rinse, and repeat for all the site profiles you find in the registry. Profiles that have no saved password will have no content in the PW key.

If this saved your life, consider buying me a beer. My Paypal is [email protected]

When I stopped using CoreFTP, I moved on to FileZilla. I needed an FTP client that worked on both macOS and Windows to make life easy.

Published
Categorized as How to

25 comments

  1. The other way to find encrypted password: Site Manager -> Export, then find PW for site in the exported configuration file

  2. That worked. How did you determined what key to use? Regarding Step 6 in decryption process.

  3. thank you very much :)

    our IT guy left and I didn’t know the password and had to put the same FTP software onto another PC.

    cheers,
    T

  4. From the linux command line:

    PW=123
    echo -n $PW | xxd -p -r | openssl enc -aes-128-ecb -d -nopad -K $(echo -n “hdfzpysvpzimorhk” | od -A n -t x1 | tr -d ‘ \n’)

  5. THX A LOT after few monts i decode password to my VM which i forgot and i have thios password encrypted in CoreFTP:D :D :D

  6. Thank You. Thank You. Thank You. Just like you, I got the Core FTP sitting there without knowing the password. It’s now added to my master.

  7. Life saver. Had to get ftp program moved ASAP to start doing daily COVID vaccination record uploads and old admin didn’t leave the password.

Leave a comment

Your email address will not be published. Required fields are marked *