Plesk Question posted in
The official documentation for Plesk Obsidian can be found here.

Decoding Plesk passwords

First time question.

I have a customer panel that shows the Plesk 12.5 password. For now I put that in manually when I generate the password. But customers change their password, forget it and then everything fails. I use the Plesk API to receive the password, but this is encrypted.

$5$CngpmNFXTsfRswHH$nntnTlj0KLkhEidK.XVWgbyv9HcAE8YV/fog0C6aG17

I found out that the key is found in /etc/psa/private/secret_key.

I tried: 

$res_non = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $hash, 'ecb');

$decrypted = $res_non;
$dec_s2 = strlen($decrypted);

$padding = ord($decrypted[$dec_s2-1]);
$decrypted = substr($decrypted, 0, -$padding);

But that doesn’t return my password correctly.

Any help is appreciated, Thanks!

Tags:

3

Answers


  1. 0

    Way to decrypt it, indeed, exists, but it is not public, and, probably, it will never be. Even support doesn’t know the way to decrypt it.
    You can view passwords of mail users via mail_auth_view command. That’s all that can be done.

    Source – I’ve worked in Plesk dev for some time.

    Login or Signup to reply.
  2. 0

    This appears to be a sha256crypt hash, without storing the number of rounds (which means it’s likely hard-coded). If so, this isn’t encrypted. Hashing is not encryption. Hashing is a subtopic of cryptography, but is wholly separate from encryption.

    • Hashing: one-way transformation of an infinite set of possible values to a value in a large but finite set of possible outputs. Keyless.
    • Encryption: reversible transformation of information, secured by a secret key (and/or, in certain algorithms, a public key).

    Please don’t confuse the two.

    Login or Signup to reply.
  3. 0

    How about to reset password via “Forgot your password?” on login screen?

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search