Word – Decrypt FileZilla’s stored password (knowing the master password)

filezillapasswords

Update: I just remembered my password, but I'd like to know it anyway.

Original:

I've stored a site in FileZilla's site manager and I use its password encryption with a master password (which I know) to store the sites password (no ssh keys (yet)). So there is no problem using sFTP with FileZilla itself. I want to know the stored password though, because I need it to log in on my hosting provider's admin application.

I already exported that site configuration into an XML file, the password field has the following format:

<Pass encoding="crypt" pubkey="someBase64">moreBase64</Pass>

As I know my master password and have a bunch of information in this XML (and I didn't set up any ssh keys), shouldn't it be possible to decrypt the stored password?

Available tooling: everything Ubuntu offers

PS: It's only a guess that the stuff in the XML file is base64 encoded

Best Answer

I came across this issue today and was able to decrypt it by the following steps:

  • Open FileZilla
  • Edit > Settings > Interface > Passwords
  • Select "Save passwords" instead of "Save passwords protected by master password" enter your master password.

This will decrypt the passwords to base64.

Export your site and use a online tool to decrypt the base64 password which will give you your unencrypted password.

Related Question