SME Shared Folders using encryption cannot be recovered if the password is lost.
However, if you are using the
BitKinex client to connect to them and have the password stored in their config file (
%USERPROFILE%\Application Data\BitKinex\bitkinex.ds), it may be possible to recover it thereform.
The
bitkinex.ds file has the following typical configuration for a SME Shared Folder WebDAV share for password as
password:
// For a Writeable share
### Node definition: share-loc1 ###
NODE: TYPE = HTTP NAME = BitKinex|Http/WebDAV|MyShare|ShareDesc|ShareName
SET DEFAULT_PATH /share-loc1
SET DST_ADDR webdav.mydomain.com:443
SET SECURITY 1
SET USER admin1
SET PASS 13e9dda3c6f2b306962c79461e856311f7645c222fbc3cdc
SET DOCS /share-loc1/
// For a Read Only Share
### Node definition: share-loc1 ###
NODE: TYPE = HTTP NAME = BitKinex|Http/WebDAV|MyShare|ShareDesc|read-only|ShareName
SET DEFAULT_PATH /share-loc1
SET DST_ADDR webdav.mydomain.com:443
SET SECURITY 1
SET USER admin1
SET PASS 13e9dda3c6f2b306962c79461e856311f7645c222fbc3cdc
SET DOCS /share-loc1/
On setting various passwords in BitKinex v3, the following were discovered:
- The 16n hash (SET PASS XXXXXXXXXXX) does not depend on the username and solely depends on the password only.
- Every multiple of 4 of the length of the password ends in f7645c222fbc3cdc
- If the password is a blank, then the SET PASS entry is not available
- Every 4 character combination (less than 4 chars to be one unit as well) has a different 16 character hexadecimal hash.
Example hashes for passwords are given below:
password
admin 13e9dda3c6f2b306962c79461e856311f7645c222fbc3cdc
admin1 13e9dda3c6f2b306962c79461e856311f7645c222fbc3cdc
password1
admin1 13e9dda3c6f2b306962c79461e85631172003a7c134aa71f
Blank Password does not have entry
p 69e58fcb4f23ad9d
pa f25f9d68f0b4c9f4
pas e606adc9c5e8b799
pass 13e9dda3c6f2b306 f7645c222fbc3cdc
passw 13e9dda3c6f2b306 80b6bb68091fc505
passwo 13e9dda3c6f2b306 1f899894b4f31873
passwor 13e9dda3c6f2b306 cc1ba0ccd60f6907
password 13e9dda3c6f2b306 962c79461e856311 f7645c222fbc3cdc
password1 13e9dda3c6f2b306 962c79461e856311 72003a7c134aa71f
password12 13e9dda3c6f2b306 962c79461e856311 aac6900087f67d9e
password123 13e9dda3c6f2b306 962c79461e856311 f635425e41bfad2c
password1234 13e9dda3c6f2b306 962c79461e856311 39e5fcbaa85562f5 f7645c222fbc3cdc
a 796706185a6ffe45
aa 625f590340218ff6
ab 006dc04914bbf970
aaa e1c30e7954b30797
aaaa 670a6bffad88c94a f7645c222fbc3cdc
aaaaa 670a6bffad88c94a 796706185a6ffe45
b 99d8471586644758
bbbb 2fa7608c728a3556 f7645c222fbc3cdc
bbbbb 2fa7608c728a3556 99d8471586644758
abcdabcd 7b41a6f1cea7ab97 7b41a6f1cea7ab97 f7645c222fbc3cdc
password1 13e9dda3c6f2b306 962c79461e856311 72003a7c134aa71f
password2 13e9dda3c6f2b306 962c79461e856311 57666b6b4aeb19b6
md5 "password": 5f4dcc3b5aa765d61d8327deb882cf99 696d29e0940a4957748fe3fc9efd22a3
md5 "password1": 7c6a180b36896a0a8c02787eeafb0e4c 816b09aa255516ec745de7b215e2e158
Decrypting this will enable user generation of bitkinex config files without reference to SME Administrator.
Any way for a certain non-admin class of users to administer SME Shares?
1 Replies
1751 Views